GlobalSign Blog

The Quantum Question: What Your Organization Should Know

The Quantum Question: What Your Organization Should Know

Quantum computing may sound like a term relegated to science fiction, but the truth is we’re closer to practical quantum computers than some might think. When it becomes mainstream, it’s going to change how we approach a lot of problems – and how we think of our current computing model.

While all of its uses may not be clearly defined, one thing that quantum computing is definitely going to impact is cybersecurity. Because of how quantum computing works, it could pose a threat to the encryption technologies most people are employing today. Let’s look at what quantum computing is, how it affects security, and who needs to be paying attention to quantum computing trends.

Quantum computing and encryption

Before we get into the specifics, let’s refresh ourselves on the definition of quantum computing. The way most computers work is with something called a “bit” – a term you’ve most likely heard before. Each of these bits is a collection of binary numbers, 1s and 0s. These 1s and 0s in turn represent the state of a transistor, the basic hardware building block of all electronics. To put it simply, 1 or 0 is when an electrical charge is on or off. This form of computer is formally called “classical” computing and relies on this binary system to carry out all processes. 

The most widely used quantum computing model is the quantum circuit, which is based on the quantum bit, or "qubit." These quantum bits use the complex physics of quantum mechanics to have three states for each bit rather than the traditional two (binary). While the physics involved are fairly complicated, the basic idea is that qubits can be on, off, or “both on and off,” thereby adding another possible state for the bit.

Why does any of this matter? Well, because it could majorly impact cryptographic influences on IT security the world over. Yes, it sounds alarming, but don’t go throwing your servers out the window just yet.

Risks of quantum computing

The way that modern encryption works is built around how difficult it is for classical (binary) computers to solve a specific mathematical equation. One example is factoring large numbers, which can easily take hundreds of years for a classical computer to solve.

A quantum computer, on the other hand, is capable of running quantum algorithms on sets of qubits which can be used to solve hard mathematical problems far more effectively than classical computing. In fact, the two common encryption technologies, elliptic-curve cryptography (ECC) and Rivest-Shamir-Adleman (RSA) encryption, can both theoretically be solved through qubits. 

Thankfully, there are some solutions, but applying them can be difficult and expensive. Considering the financial and security impacts Covid-19 has had on businesses around the world, a new cyber threat is not something that any organization needs right now.

There is no current guarantee that mainstream cryptographic systems are at risk, but it is still on the minds of security professionals. Organizations such as the National Institute of Standards and Technology (NIST) have already started evaluating 69 new potential methods for dealing with post-quantum cryptography (PQC). The idea is that we need to start considering cybersecurity before quantum computing becomes more accessible to the consumer...and the hackers.

Should we be worried now?

Though mainstream quantum computing may be years away, there are still some challenges and risks to consider now, that could help to minimize fallout down the road. 

Applying security updates is often easier said than done, especially as users don’t always keep up with security updates on their own devices and machines. This can be a problem, given the increase in the reliance on IoT, cloud computing, etc. and how common they’ve become in homes and businesses. One way to address this problem is by implementing security protocols before products reach their consumers.

A lot of data is being stored in the cloud, from passwords to random sensor readings. This data can be hacked and saved for later when quantum computing is viable. In theory, hackers can gain the encrypted information and sit on it until they have access to quantum computers to make quick work of the encryption. 

The good news is it's possible for data to be easily stored in the cloud in a way to resist quantum attack (using AES to encrypt with a 256-bit key). There is a quantum attack against symmetric schemes like AES called Grover's algorithm, however it is far less effective than Shor's algorithm is against RSA (for background, you can learn more about Peter Shor's breaththrough tquanum algorithm here).

Despite all of this, an important take-away is that even when prioritizing compliance and security, there’s still a significant risk for businesses. Therefore, it’s a good idea to plan ahead and stay crypto-agile so when the quantum revolution happens, organizations aren’t caught off-guard.

The current state of quantum computing

Thankfully, there is some time yet to start implementing security solutions. While there have been major advances in quantum computing in the past decade or so, we’re still very far off from a stable computer. The main problem is that qubits are incredibly volatile, and only last a few 100 milliseconds without incredibly complex (and expensive) cooling and wiring. 

Furthermore, right now the unofficial leader of quantum computers in raw numbers, China’s USTC, only has 66 qubits. Similarly, the official leader, Google, has a 53-qubit computer. That may seem like a lot, but in reality, we might need thousands if not hundreds of thousands of qubits to do anything practical.

That being said, those numbers are only going to rise, and that’s why the mathematics of cryptography is so important in keeping up with the advance of quantum computers. IBM, for example, is hoping to release a 127-qubit quantum processor by the end of 2021, a 433-qubit processor by the end of 2022, and a 1,121-qubit processor by the end of 2023. Meanwhile, Google is aiming for a 1 million-qubit processor by the end of 2029, a staggering number.

Conclusion

We have at least a five to ten years head start on trying to solve the problem of quantum computing when it comes to cybersecurity. This is especially the case since quantum computers as they exist today are far from widely available. 

It’s also important to keep in mind, the future uses of this technology are quite positive. For example, quantum computing could help stave off the next pandemic by allowing us to do better protein folding than we can with classical computers. But either way, the countdown has begun, and it’s important for companies to start thinking about how they are going to secure their current data against future risks.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.

Share this Post