Depending on what you read, quantum computing is either a panacea for cybersecurity’s most pressing issues or a threat to fundamental security measures currently in place which needs to be approached with extreme caution. BDJ spoke to a number of leaders in the field to find out more.
Quantum computing was for a long time little more than a theoretical possibility. Physicists believed it to be possible but, until relatively recently, it hadn’t been prototyped.
To explain the technology in the briefest of terms, it adds a layer of complexity to current methods that will theoretically allow for exponentially faster computing. Today’s computers store ‘bits’ of information as either a ‘1’ or a ‘0’. Quantum computing, using properties such as entanglement and superposition, can simultaneously store a 1 and a 0 in each ‘qubit’.
For the technology to work accurately, the qubits need to be able to maintain their quantum mechanical state, which means protecting the chip from environmental influence and other interferences like radio waves or vibrations. One method is to keep the chip at temperatures approaching absolute zero, or to dampen the noise made by the machines. Even with these measures in place, though, quantum data is so delicate, it can be prone to error.
Cryptography Has Time to Catch Up
Assuming the technology does come to fruition, what will quantum computers actually mean for cyber security?
Common adoption may be some 20 years away, but the US’s National Institute of Standards and Technology says that “we must begin now to prepare our information security systems to be able to resist quantum computing.” Today’s cyber-security systems rely on uncrackable encryption – measures that will be fairly easily circumvented by the power of quantum computing.
“Today’s cyber-security systems rely on uncrackable encryption – measures that will be fairly easily circumvented by the power of quantum computing”
BDJ spoke to Mikko Möttönen, QCD Group Leader at Aalto University and professor of quantum computing. We asked him about the effect that he sees quantum computing having on cybersecurity.
“I think that, in the long run, quantum technology will completely change the field of cybersecurity,” says Möttönen. “As with any new technology, it may cause a threat in the wrong hands, but the bottom line is that it paves a natural development path for more secure and robust systems.”
For this reason, the development of quantum computing may need to be controlled until cryptography can catch up or new security measures can be established. The maths problems used in modern cryptography are only practically impossible to crack – not theoretically or technically impossible. Network security completely collapses if cryptography is made redundant, and protecting it needs to be a fundamental part of quantum’s development.
The Threat Is Anything But Immediate
BDJ also spoke with Yianni Gamvros, Head of Business Development at quantum-computing software company QC Ware Corp. The organization builds enterprise applications for quantum computers, and Gamvros is aware there are concerns over security, but believes that cryptography will be able to keep up practically.
There are quantum-computing products “that can theoretically break the current technology standards we use,” he says. “But, really, that’s just a theoretical result – I mean, we’re not anywhere near the fidelity needed in the hardware to actually execute those algorithms. We have the algorithm figured out, but we don’t have the hardware yet on which the algorithm can run. Also, the fidelity needed on the individual quantum bits, qubits, is nowhere near what is needed.
“There are quantum-computing products ‘that can theoretically break the current technology standards we use’... but we don’t have the hardware yet on which the algorithm can run”
“For these applications on cryptography, people say it’s going to be years, sometimes even decades, before we get to the fidelity that is going to make these algorithms possible. So, the fact we’re already aware of that, and the fact people are already working on the next set of cryptography standards, will prevent it. So, I don’t think there is any risk. It’s basically just being aware of how the technology is evolving, what is possible and what is not, and just keeping your eyes open so you’re able to respond in time.”
Just How Much Regulation Should There Be?
For Gamvros, it’s too early to start talking regulation to limit the usage of quantum computers so that cryptography can catch up. “There’s always the possibility of a breakthrough,” he says. “It’s just that it would have to be multiple breakthroughs – one coming right after the other in quick succession, and taking us 20 years into what we think will be the future, so it’s very hard to imagine.
“Is it possible? I guess there is a very small probability that yes, that might happen. But it’s so small that I don’t think it practically makes sense to talk about it, or practically to do things like apply regulation and get into policy discussion and all that. The payout is not worth it. We would be basically doing all this to cover an event that has a very, very small probability of happening.”
So, quantum computing coming to maturity does not necessarily mean that security breaches will be inevitable. There is still the possibility of attacks, though. One concern is ‘download now, decrypt later’ attacks, in which sensitive data can be gathered and analyzed offline when quantum computing develops.
“One concern is ‘download now, decrypt later’ attacks, in which sensitive data can be gathered and analyzed offline when quantum computing develops”
Another is the fact that many companies need to store sensitive data for long periods of time to meet certain compliance mandates. This can mean a period of up to 10 years – plenty of time for its cryptographic algorithms to become redundant in the advent of quantum computing.
These attacks may well happen, but it’s difficult to see what attackers could gain from gaining access to files that were stored up to a decade ago, or information that was only accurate at the time of download, years in the past.
Quantum Computing for Detection and Prevention
“Quantum computing only makes the probability [of attack] higher,” Bikash Koley, CTO for Juniper Networks, told Forbes. “That means it’s equally important for network-security professionals to deploy the right technology to very quickly detect breaches.
“The good news is that big-data analytics, machine learning and artificial intelligence can really help. Quantum computers will be helpful in substantially reducing the time it takes for such detection.”
“Quantum computing will definitely be applied anywhere where we’re using machine learning, cloud computing, data analysis”
Speaking to Wired, Kevin Curran, Professor of Cyber Security at Northern Ireland’s Ulster University, shares the view that quantum computing can ultimately aid detection. "Quantum computing will definitely be applied anywhere where we’re using machine learning, cloud computing, data analysis,” he says. “In security that [means] intrusion detection, looking for patterns in the data, and more sophisticated forms of parallel computing.”
We probably won’t see mainstream quantum computers until some way in the next decade. This should, in theory, give companies time to update their security systems. The practical state of quantum computers as it stands should be nothing for major corporations to be losing any sleep over, but they should have one eye on its development so that they can ensure their cryptography is up to scratch when it’s called upon.
What the new quantum-resistant security measures will look like, though, is anyone’s guess.
The second law of thermodynamics states that the entropy of a system cannot decrease over time. It is the law that means that a perpetual-motion device cannot exist, and it is an unhelpful one in the development of quantum computing. Around 1870, physicist James Clerk Maxwell created a thought experiment called ‘Maxwell’s demon’, which presented that the law could hypothetically be violated.
In the experiment, a demon is in control of a small door between two chambers of gas. Using the door, the demon allows warm atoms (those moving more quickly) to travel into one chamber while cold atoms (moving more slowly) are allowed to pass into the other. This hypothetical sorting requires no energy input and reduces the entropy of a system, while increasing the temperature difference between the two.
No demon exists, but researchers have developed lasers to trap and cool atoms in a three-dimensional lattice with 125 positions arranged as a 5x5x5 cube. It doesn’t quite violate the second law of thermodynamics – entropy cannot be removed – but it potentially lowers entropy by a factor of 2.4. This brand-new research could hold the key to one of quantum’s trickiest challenges.
Illustrations by Kseniya Forbender
To contact the editor responsible for this story:
Margarita Khartanovich at [email protected]