Quantum Computing: Why the technology poses a security threat – IFSEC Global

While the term quantum computing may sound futuristic, many experts argue the technology is not far away from being utilised on a global scale. Amongst myriad potential benefits, Julian Hall explores how it is set to dramatically impact upon the security sector.

The next generation of super computers will be faster, more efficient, revolutionary and potentially, dangerous.

With the ability to make calculations in minutes that would take todays most advanced computers thousands of years, quantum computers will be in a league of their own. Among the benefits they are anticipated to bring are improvements for solar panels, electric car batteries, financial and weather forecasts and even finding a cure for Alzheimers.

But its the application of quantum computers to encryption and security that is grabbing the headlines. Their ability to break down the vast majority of currently used cryptography, and therefore penetrate government, military and financial networks, is both impressive and scary at the same time.

In a nutshell, quantum computing is a victory over uncertainty. Computers work on the basis of a binary understanding where bits either represent a 0 or a 1 outcome essentially a heads or tails scenario where the outcome is measured when the coin lands. Quantum computing allows the for the outcome to be measured while the coin is still spinning in the air meaning the value is both heads and tails simultaneously.

The quibit, or quantum bit, allows for multiple values to be stored at once. To put this in some kind of context, there are, as Luther Martin from security solutions company Micro Focus observes, between 1078to 1082 atoms in the visible universe, so a single register of just 265 qubits can simultaneously hold about as many values as there are atoms in the universe.

The huge capacity of a quantum computer means a massive encryption capability. Luther references an algorithm running on a quantum computer that reduces the security of a 3.072 bit RSA key down to only about 26 bits in other words easily cracked will a mobile phone. CEO and co-founder of banking technology supplier Neocova and Professor at Washington University, Sultan Meghji, likens the potential of quantum computing on encryption to how the Allies broke Enigma in World War Two.

Just how big a deal this is cannot be overstated.

One of the fundamental building blocks for making digital technologies secure is cryptography, notes Michele Mosca, co-founder and Deputy Director of the Institute for Quantum Computing at the University of Waterloo, Canada.

Cryptographic algorithms allow us to obtain trustworthy results while using systems that are not entirely trustworthy. For example, trusted endpoints can communicate through an untrusted telecommunications system and guarantee the confidentiality of their messages using encryption algorithms and guarantee the origin and integrity of the messages using digital signature algorithms.

Quantum computers would break all of this.

Mosca identifies four specific risks from the fallout of this big data bang:

Its pretty apocalyptic stuff and it sounds a bit like the hype over Y2K, but with actual peril.

Sultan Meghji thinks the Y2K analogy fits, but hes less concerned about general use computers (e.g. laptops, cloud sharing machines) that are many years away from broad spectrum utility and availability than with existing specific use devices such as Chinas Quantum Science Satellite, known as Mozi, launched in 2016 and, this year, paired with the worlds first portable ground station for sending and receiving secure quantum communications.

It is that second category that poses the largest, most immediate potential threat to security. Devices like these could nullify all encryption currently used today, ranging from encryption that protects a consumers credit cards on the internet to that which guards a president of a countrys communications with his or her military leadership.

With the recent UK government decision to ban Huawei from assembling its 5G network, following the US decision, Chinas role in the global security ecosystem has again been in the spotlight. China is, however, seemingly unabashed in its ongoing aim to be the dominant global power and its use of tech to get there. While it eschews the idea that state and commerce are one and the same, for many observers Chinas hoovering up of old data to be decrypted later, its ownership of data-rich companies such as TikTok (now the subject of US investor efforts to buy it from its Chinese owner) and its investment and boardroom presence in western tech start-ups all point to a consolidation and advancement of its world standing.

Sultan Meghji asks: What happens if, in November this year, the Chinese bring on stream an industrialised-scale offensive quantum encryption hacking programme that can break every single piece of encryption out there and we just dont know about it for years until the defensive systems come online? We are in the beginning of this grey window that will last for some number of years where there will be a disconnect between the offensive capability and the defensive capability of everyone else.

The quantum-assisted chaos scenario that concerns Meghji the most is a covert attack on a bank and altering debt payments. Financial services is the most full of risk right now and, after national military infrastructure, the biggest target.

Theres a general consensus among cyber experts and industry experts that battling quantum decryption doesnt have to be rocket science even if it will be time consuming.

In theory, its simple, says Michele Mosca. Replace the public-key algorithms we depend on with alternatives that are designed to resist quantum attacks. In practice, this is a massive and multi-faceted undertaking that takes 10-20 years to do properly. Much remains to be done, and more stakeholders will need to join the effort.

As Mosca says, many of the steps toward migrating systems to quantum-safe cryptography, (both post-quantum cryptography and quantum cryptography) are already underway, and Luther Martin, writing in TechBeacon, thinks that many businesses will already be adopting them.

Attacks that can run on quantum computers simply divide the number of bits of security that an AES [Advanced Encryption Standard] key provides by two, says Martin. A 256-bit AES key will provide 128 bits of security, etc. So if you are already using AES-256, you are already using an encryption algorithm that will provide an adequate level of security against quantum computers.

Meanwhile, Honeywell (who claim to have built the most powerful quantum computer yet, though, unlike Google, have not claimed quantum supremacy i.e. the ability to make calculations that no over classical computer can) believe that the solution is within the problem. The beauty of quantum computing, says Tony Uttley, President of Honeywell Quantum Solutions is that quantum computers have the potential to be a tool that works in both directions. This means that there are opportunities for quantum computers to provide quantum randomness to become a part of the encryption process itself.

Michele Moscas steps for CTOs, CSOs or any other relevant postholders:

While Sultan Meghji also believes that shoring up many systems against the quantum threat can be simple enough, recalling the rollout of Transport Layer Security protocols 1.0 and 1.1 as being fairly straightforward, he also knows that despite the simplicity and inexpensive there will be laggardsthere are still organisations out there using TLS 1.0 which you or I could hack with our smartphone.

Investment is crucial for Meghji. If I was responsible for research budgets for either of our two nations I would 10 times whatever the number is of investment in cyber and 10 times whatever the investment is in quantum computing and thats on the low end.

Download this report, produced in conjunction with Texecom, to discover how increasing processing power, accelerating broadband speeds, cloud-managed solutions and the internet of things and transforming the intruder alarm market, and whether firms are adopting these innovative new technologies.

Quantum Computing: Why the technology poses a security threatWhile the term quantum computing sounds futuristic, many experts argue the technology is not far away. Amongst myriad potential benefits, Julian Hall explores how it is set to dramatically impact upon the security sector.

Julian Hall

Would you wait two minutes to retrieve three-month old surveillance footage if it slashed costs by 50%?

Watch: Quantum on IFSEC TV

Multi-tier surveillance storage for scalable growth: Quantum Q&A

View post:
Quantum Computing: Why the technology poses a security threat - IFSEC Global