When the Wright brothers invented the first airplane, no one envisioned the development of pistons or turboprop engines. When those engines were eventually created, few could have imagined that this technology would one day be used in warfare, leading to devastating events like the nuclear attacks on Japan during World War II.
Similarly, quantum computing is hailed today as a groundbreaking innovation capable of solving complex problems that classical computers cannot tackle. However, the full extent of the risks associated with this revolutionary technology remains largely unknown.
In the previous article, Quantum Computing 101, we explored how quantum computers differ fundamentally from today’s classical computers. We concluded with the suspenseful question of the unknown threats they might pose.
Now, let’s delve into how quantum computing is poised to disrupt the world of cybersecurity—a domain built on the strengths of today’s technology. This transformation could redefine the foundations of digital security as we know it.
Cybersecurity: The Guardian of Digital Assets
Cybersecurity is a specialized field focused on ensuring confidentiality, integrity, and availability of data and information.
It requires organizations to proactively prepare for, respond to, and recover from potential risks that adversaries could exploit within their technology environments.
Cryptography is the backbone of cybersecurity and plays a critical role in upholding two key pillars: confidentiality and integrity. Various encryption algorithms are employed to preserve confidentiality, such as the Advanced Encryption Standard (AES) and Rivest Shamir Adleman (RSA).
Encryption is like putting your information in a secret box and locking it with a special key. Only a person with the right key can open the box and read the information. For example, when you send a message online, it gets encrypted so that even if someone intercepts it, they can’t understand it without the key. It’s a way to keep your data private and secure.
Similarly, hashing algorithms are designed to safeguard the integrity of information. Hashing is like creating a unique “digital fingerprint” for a piece of information. Imagine you have a special stamp that turns any word, number or file into a unique pattern. Even if the original thing changes a little, the fingerprint will look completely different. It’s a quick way to identify or verify something without revealing the original information.
Beyond these, cryptographic techniques also achieve other objectives, such as ensuring non-repudiation through digital signatures—but that’s a discussion for another day.
The Fundamentals of Modern Cryptography
Encryption is a powerful technique used to protect data and information, ensuring that only the rightful owner or those granted access can view it. Think of encryption as a lock for your digital assets. Symmetric encryption is like a lock with a single key referred to as a “private key.” This key can both lock and unlock the data, meaning anyone with access to the private key can use it.
On the other hand, asymmetric encryption works differently. Imagine a special mailbox with two keys: a public key to lock the mailbox and a private key to unlock it. Anyone with the public key can drop a letter (i.e., encrypt data), but only the owner with the private key can retrieve and read it (i.e., decrypt data).
Both symmetric and asymmetric encryption algorithms are widely used depending on the context and are highly effective at preserving data confidentiality.
Quantum Computing: A Leap That Changes the Rules
In the 1980s, scientist David Deutsch proposed a groundbreaking concept of a universal quantum computer, demonstrating how quantum mechanics can be used for computation. Later, quantum gates and circuits were formulated laying the groundwork for quantum computation.
In 1992, one of the first algorithms (notably Bernstein Vazirani Algorithms and Deutsch Josza Algorithm) was formulated to show the advantage of quantum computers over classical computers, until 1994, when a mathematician and computer scientist Peter Shor proposed an algorithm to efficiently factor large integers.
Asymmetric cryptography particularly like RSA relies on the difficulty of factoring as a security basis. That’s when it was known that when the time comes, asymmetric cryptography will be cracked.
In 1996, computer scientist Lov Grover formulated an algorithm to search unsorted databases more efficiently than classical algorithms. Symmetric key algorithms (e.g., AES, DES) rely on the secrecy of the key used for encryption and decryption. The security of these algorithms is typically based on the difficulty of brute-forcing (a mechanism to make continuous attempts) the key, which requires examining 2k possibilities for a key of length k.
With Grover’s algorithm, the time required to brute force a symmetric key of length k is reduced from O(2k) to O(2{k/2}). For instance:
- A 128-bit key, which provides a classical brute force security level of 2128, would only require O(264) operations with Grover’s algorithm. This is still computationally intensive but significantly less so than the classical counterpart.
- A 256-bit key (considered very secure today) would only require O(2128), making it vulnerable to future quantum computing capabilities.
Grovers Algorithm Cracking Symmetric Cryptography
Imagine a massive safe with a combination lock used to protect valuables. This safe uses a long, complex combination (like a symmetric encryption key) that would take someone years to guess through trial and error.
Normally, if a burglar tried every possible combination, it would take them millions of attempts to unlock the safe. But now, imagine a “magic lockpick” (Grover’s algorithm) that allows the burglar to try combinations much faster, effectively reducing the time needed to open the safe to only thousands of attempts.
With this magic lockpick, the burglar can open the safe much sooner, making the safe less secure. Similarly, Grover’s algorithm would allow a quantum computer to break symmetric encryption keys (like AES) in a fraction of the time it would take using traditional brute force methods.
Shor’s Algorithm Cracking Asymmetric Cryptography
Imagine you have a treasure chest locked with a combination padlock. The lock was designed by combining two giant secret numbers (representing the private key in asymmetric encryption). Normally, figuring out these two numbers would take even the best detective thousands of years because they’d have to try every possible combination.
But Shor’s algorithm gives our detective a magic shortcut. Instead of thousands of years, the detective can instantly figure out the two numbers, opening the lock in minutes.
In cybersecurity terms, this is how Shor’s algorithm could quickly break asymmetric encryption systems like RSA, which rely on the difficulty of finding those two large numbers.
Are We at Risk Today?
You might now be asking, “Am I compromised?” The unsettling answer is, “We don’t know yet.”
We live in an era of covert warfare, and cyberwarfare is no exception. While there is no public evidence of quantum computers with the capacity to break modern cryptographic algorithms, the possibility remains. Hackers today are harvesting encrypted data, stockpiling it in anticipation of a future where powerful quantum computers could decrypt it effortlessly.
Should you be worried? Practically speaking, not yet, unless you’re dealing with mission-critical information that could significantly impact the future.
Preparing for the Post-Quantum Era?
However, the threat isn’t being ignored. Recently, NIST (National Institute of Standards and Technology) released a finalized set of Post Quantum Cryptography (PQC) algorithms designed to resist quantum attacks. These algorithms aim to replace existing encryption standards, ensuring the digital infrastructure remains secure in the quantum era.
The NIST-selected algorithms, such as Kyber, Dilithium, and Falcon, work on entirely different principles from traditional cryptographic methods. These algorithms leverage complex mathematical structures like lattices to create encryption schemes that are resistant to quantum decryption.
Theoretically, they provide a robust defense against quantum threats, but transitioning to these new standards will take time. The sooner organizations begin this transition, the safer they will be.
What Lies Ahead?
You may wonder, “If quantum computing threatens cryptography, what about other aspects?” The answer is that the extent of the quantum threat is currently unknown.
Just as no one foresaw the first airplanes becoming warfare tools, we can only speculate about the potential misuse of quantum computers. Could a cobbler use quantum technology in ways we can’t yet think of? Perhaps. Could new and unforeseen threats emerge? Certainly.
What we do know is that the post-quantum era is near, bringing surprises and discoveries. As we prepare for the quantum future, we must remain vigilant and proactive, adapting our systems and strategies to navigate this uncharted terrain.
References:
- https://www.qutube.nl/quantum-algorithms/shors-algorithm
- https://learning.quantum.ibm.com/course/fundamentals-of-quantum-algorithms/grovers-algorithm
- https://www.nytimes.com/2023/10/22/us/politics/quantum-computing-encryption.html
- https://www.weforum.org/stories/2024/08/us-tools-encryption-breaking-quantum-computing-nist/
- https://csrc.nist.gov/Projects/post-quantum-cryptography
Appendix:
Symmetric Algorithms | Asymmetric |
They use 1 Key; Encryption and decryption takes place with the same key | The 2 keys; Encryption takes place with one key and decryption with another |
One of the popular known systems: AES | RSA |
Key Size: 128-256 bits | 1024-2048 |
Read the Part One of this series Here
Ali Qureshi is a cybersecurity professional committed to advancing strategic initiatives at the national and organizational levels. With a master’s degree in information security and holding some of the world’s most recognized certifications, Ali blends technical expertise with a passion for ongoing learning. Beyond his professional commitments, he enjoys target shooting with pistols and shotguns, playing skeet shooting, exploring music, and watching animes, reflecting his vibrant and well-rounded personality.