The dangers and promise of security in the quantum era

null

Gone are the days where quantum computing exists merely in the dusty drawers and imaginations of eccentric scientists. Today, enormous amounts of corporate and government funding are dedicated to researching and developing functional quantum computing systems.

Once developed, quantum computing (QC) will mark a cornerstone in technological evolution. Namely, its existence will make certain computational problems tractable, despite being currently intractable through conventional computing systems.

Today, the world relies heavily on intractable encryption to protect everything from digital signatures, private emails and banking information to other forms of personally identifiable information like electronic health records. But technologists and researchers alike argue that the security sector should pivot some of its focus to quantum computers, which present a massive, long-term security predicament. Before elaborating on how, let’s take a step back and ask – what is quantum computing technology and why should we care about its implications for security?

Without compromising scientific correctness, it’s difficult to offer an explanation of quantum computing that is both simple and intuitive. Quantum computers are not just smaller, faster, or better versions of conventional computers. They are actually created through fundamentally different working principles.

The following shallow analogy is commonly used to explain how quantum computing works and why it promises such huge speed-ups in computations. Although the comparison is not an exact parallel, I’m reusing it here for simplicity. In conventional computers, bits can store either a binary value of ‘1’ or ‘0’, whereas qubits (the quantum analogous of bits) may exist in a superposition of states (‘0’ and ‘1’ at the same time). During a quantum computing calculation, typically following a quantum algorithm, qubits may exist in any of the exponential number of superpositions of these ‘1’ or ‘0’ states. This ability of quantum computing to account for any number of superpositions at any point in time is what generates, with a pinch of vagueness, those enormous computational speed-ups.

However, the million-dollar question remains: why should the security community care about QC? There are many misconceptions around the concept, at least for the non-experts. Quantum computing is a remarkable technology and will certainly change the way we think about problems and the way we calculate. But for the time being, only a handful of problems can be solved using algorithms that harness the power of quantum computation. Unfortunately, some of those problems constitute the basis of current public-key cryptography; hence, everything we take for granted today as secure will be in jeopardy, if a large enough quantum computer is the purveyor of a cyberattack in a few years’ time. Or as the National Institute of Standards and Technology (NIST) states, “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.”

Key challenges

The key challenge in building a quantum computer lies within the number of qubits that can be put together before the laws of classical physics interfere. Although building a universal quantum computer is the holy grail of quantum computing, it would likely require a number of qubits well beyond our current reach. However, ongoing research initiatives have already produced extraordinary quantum machines. Although none have been able to crack encryption yet, they certainly raise awareness around crypto-research. Since the common assumptions on cryptography do not apply to quantum technologies, it will be important to investigate potential alternatives.

For example, the deprecation strategy of current cryptography is a huge concern. If a quantum computer were to be released within a few years’ time, managing and discontinuing weak, obsolete and problematic cryptographic primitives would be a challenging task. Moreover, vulnerabilities and backdoors are still being published for mature schemes. As a result, it is safe to assume that the new corresponding algorithms will also be prone to these weaknesses. Since these flaws would call for immediate corrections, alternative algorithms need to be ready for deployment at that time.

Understanding these issues, a small yet dedicated community of cryptologists, mathematicians, and engineers have spent the past few years producing a remarkable pool of crypto-algorithms, which are considered to be safe under quantum cryptanalysis. They are the so-called “quantum-safe” or “post-quantum” crypto-algorithms, which are secure against both quantum and classical computers, while enabling interoperability with existing communications protocols and networks.

We face a lot of obstacles in realising a large enough quantum computer, but it doesn’t mean we have the luxury of time to develop and test quantum-safe algorithms. Assuming quantum computing is fundamentally scalable according to the laws of physics, some predict that a powerful embodiment of such a machine could be developed within the next five to thirty years. When thinking of all the vulnerabilities and crypto-failures happening today for algorithms that have been in use for decades, then the realisation may come as to why we should care now about security in the quantum world.

It appears research is on a very good track – some of those algorithms have seen the light of standards and are even part of popular browser suites. Additionally, the NIST recently revealed 26 promising algorithms, as a latest step in developing effective defences for sensitive electronic information from quantum computers.

We still have much to understand about the mechanics, challenges, security implications and future of quantum computing. It is now a game of engineering, pre-emptive standardisation, clever mathematics, and a careful development approach to pave a safe way through the quantum computing era.

Dr. Dimitrios Schoinianakis, Senior Security Researcher, Nokia Bell Labs
Image source: Shutterstock/lolloj