Evaluating the Threat from Quantum Computing

The core principle of most computer encryption is not that a code cannot be broken but that the time required to guess the key to unlock the code is going to be unfeasibly long.  The threat posed by Quantum Computers is that they could solve problems so quickly that they will decrypt data protected by current algorithms with relative ease.   In 2019 the Google Quantum Computer, Sycamore, solved a problem in 200 seconds that IBM’s Summit computer might be expected to solve in 10,000 years.

Although large scale use of Quantum Computing is yet to be widely deployed the principle has been shown to work.  One fear is that hackers could be capturing and storing encrypted data with the hope of being able to read it through Quantum Computing in the near future.

Traditional computing uses the principles of transistor technology to store and manipulate binary data as 0s and 1s.  Quantum Computing works with qubits (quantum bits) which can be used to represent 0 and 1 at the same time.  Processing power increases exponentially as more qubits are added.  The ability of qubits to model multiple possibilities at the same time makes them particularly useful for testing multiple possible solutions to a problem and discovering for example the key required to unlock encrypted data.

Quantum Computers have already been built; the data security question is how long before they will become in relatively widespread use?  The hacker does not need to own a Quantum Computer ‘merely’ be able to remotely access one and have the mathematical and programming knowledge to crack our codes.  It is probable that once these principles have learnt they will pass through the hacker community and evolve into toolkits or ‘solutions as a service’ that require considerably less expertise.

SpinQ already market Quantum Computers including the 2 qubit Gemini.  2 qubits is not a lot to work with and the package is marketed for education and research into the principles of operating Quantum Computers.   Since 2022 Quantum Computing has been available through Microsoft’s Azure platform as Azure Quantum.  As an example of the Quantum services available through Azure the Quantinuum H1-1 from Honeywell has a rating of 20 qubits.

There is no current (January 2023) risk to encryption from Quantum Computing but there is a race to develop new, more complex, security algorithms before existing systems are overcome. The US government backed NIST is investigating alternatives and has passed 15 candidate systems for further research and as possible candidates for future encryption standards.  As the maths behind these solutions is significantly more complex than current solutions they might slow down processing on ‘traditional’ computing systems making suitably secure encryption and decryption more difficult.

There are imminent steps that anyone handling secure data should be taking to ensure that they are prepared for future developments in Quantum Computing.

  • Make an inventory of the cryptographic technologies you already use.
  • Investigate and pilot cryptographic technologies that are marketed as ‘Quantum-Safe’.
  • Use different public key algorithms for each of encryption, key exchange and signatures.
  • Test existing applications with very long key sizes, ciphers and signatures.

More from Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

28/10/2024

Zero-Day Attacks

In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023.  They concluded there had been an increase in the number and speed …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories