Quantum computing: The future of cybersecurity?

Quantum computing promises a leap in processing power that will bring huge advances to cybersecurity. But exactly how it will secure data and strengthen trust will only become clearer over time.

By Jo Best

The advent of quantum computing threatens to overturn much of what we take for granted about IT security today. Modern computing was founded on the concept of bits that were either 0 or 1.

In quantum computing, quantum bits (known as qubits for short) exist in ‘up’ or ’down’ states, or both simultaneously. This inherent flexibility – or peculiarity – of quantum computing means more than one probability can be assessed at a time, bringing the possibility of a step change to cybersecurity. However, whether it will ultimately make security as we know it stronger or weaker is open for debate.

While the science of quantum computing is complex, the advantage of the new architectures it will enable is simple: a quantum leap in processing power that will mean the computing tasks that are the equivalent of super-tough Sudoku puzzles today will become tomorrow’s five-minute crosswords.

Cracking encryption is one example of the kind of problems that traditional systems find tricky, but will be a breeze for quantum equivalents.

One of the most commonly-cited fears around the use of quantum computing is that it will render public key infrastructure (PKI) useless. The step up in processing that quantum computing will bring means that the 128-bit algorithms underpinning PKI could be cracked by quantum systems with relative ease. If PKI is undermined, it threatens to compromise even the most basic online tasks, from internet banking to email.

Realistically, using quantum systems to crack PKI algorithms is thought to be some way off due to a number of technical challenges that have yet to be solved. But just how far off is a critical question.

Some have predicted it will take decades for practical commercial quantum computers to be built and rolled out – which should be enough time for the security industry to create a more secure alternative to today’s PKI systems.

There are already projects to investigate those possible alternatives, with the aim of ensuring that public key algorithms can continue to secure data even after the first commercial quantum computers become available.

There are a number of approaches under consideration, including lattice-based and multivariate cryptography. Given how PKI supports so much secure information transfer over the internet today, it’s unlikely that quantum-resistant infrastructure won’t be developed before quantum systems start being deployed – but a huge amount of work still needs to be done to turn even one of the many concepts for quantum-resistant cryptography into a reality.

Quantum computing could also cause a radical departure for security by enabling quantum key distribution (QKD), a secure method for implementing cryptographic protocols. While qubits can exist as ‘up’, ‘down’, or both while in transit; the moment anyone tries to tell which of those states they’re in, the qubits collapse, and the attempted interception becomes immediately obvious.

QKD uses this principle – a sender and receiver using the states of qubits to determine if data transmitted over the internet has been intercepted – and could in future apply it to communications. It’s been said that QKD could signal the arrival of totally secure messaging, meaning attempts to gain access to communications by hackers and government agencies alike would be thwarted.

Companies seeking to stop criminals or those carrying out industrial espionage from snooping on their messages will doubtless be pleased to see QKD arrive, while the law enforcement agencies attempting to intercept communications between terrorists will be concerned.

It’s been proposed that this feature of qubits could also be used to create ‘quantum cheques’, which could potentially be a tamper-proof way to send money. While the proof-of-concept system that has been proposed for quantum cheques is on the clunky side, it serves to demonstrate that while the threats quantum computing poses to security have been well-known for some time, the creative ways it can be used to secure data and strengthen trust are still to be worked out.