Evaluating the Threat from Quantum Computing
The core principle of most computer encryption is not that a code cannot be broken but that the time required to guess the key to unlock the code is going to be unfeasibly long. The threat posed by Quantum Computers is that they could solve problems so quickly that they will decrypt data protected by current algorithms with relative ease. In 2019 the Google Quantum Computer, Sycamore, solved a problem in 200 seconds that IBM’s Summit computer might be expected to solve in 10,000 years.
Although large scale use of Quantum Computing is yet to be widely deployed the principle has been shown to work. One fear is that hackers could be capturing and storing encrypted data with the hope of being able to read it through Quantum Computing in the near future.
Traditional computing uses the principles of transistor technology to store and manipulate binary data as 0s and 1s. Quantum Computing works with qubits (quantum bits) which can be used to represent 0 and 1 at the same time. Processing power increases exponentially as more qubits are added. The ability of qubits to model multiple possibilities at the same time makes them particularly useful for testing multiple possible solutions to a problem and discovering for example the key required to unlock encrypted data.
Quantum Computers have already been built; the data security question is how long before they will become in relatively widespread use? The hacker does not need to own a Quantum Computer ‘merely’ be able to remotely access one and have the mathematical and programming knowledge to crack our codes. It is probable that once these principles have learnt they will pass through the hacker community and evolve into toolkits or ‘solutions as a service’ that require considerably less expertise.
SpinQ already market Quantum Computers including the 2 qubit Gemini. 2 qubits is not a lot to work with and the package is marketed for education and research into the principles of operating Quantum Computers. Since 2022 Quantum Computing has been available through Microsoft’s Azure platform as Azure Quantum. As an example of the Quantum services available through Azure the Quantinuum H1-1 from Honeywell has a rating of 20 qubits.
There is no current (January 2023) risk to encryption from Quantum Computing but there is a race to develop new, more complex, security algorithms before existing systems are overcome. The US government backed NIST is investigating alternatives and has passed 15 candidate systems for further research and as possible candidates for future encryption standards. As the maths behind these solutions is significantly more complex than current solutions they might slow down processing on ‘traditional’ computing systems making suitably secure encryption and decryption more difficult.
There are imminent steps that anyone handling secure data should be taking to ensure that they are prepared for future developments in Quantum Computing.
- Make an inventory of the cryptographic technologies you already use.
- Investigate and pilot cryptographic technologies that are marketed as ‘Quantum-Safe’.
- Use different public key algorithms for each of encryption, key exchange and signatures.
- Test existing applications with very long key sizes, ciphers and signatures.