The quantum future
One of the next big leaps in IT is the
on-going and imminent development of quantum computers. I was very fascinated
when I first heard about them and their potential a couple of years ago, which
is why I want to share some of the fundamentals because of their implications
on the cybersecurity field. This article aims to spread awareness without
digging way too deep into the technical details, because frankly it is a
complicated topic.
First, we need to talk a bit about the
basics of encryption, what it is and how it works.
When sensitive data is sent, it often
includes encryption. This essentially means that it is sent in an unreadable
format, instead of a plaintext format, and only the right key can unlock the
secret information. The encryption can be done with a method such as asymmetric
encryption. One example is cryptography based on RSA (“Rivest-Shamir-Adleman”).
Asymmetric encryption uses two keys, one
public and one that is kept private.
If you want to send data to someone, you send it using the recipient’s public
key. They can then decrypt the data using their private key without having to
share it with anyone.
As an extra step, the sender can sign what
they send using their private key, which allows the receiver to confirm it
using the public key of the sender.
The idea is that even if someone intercepts
and stores the data being sent, they can’t read it, because they don’t have the
right key. Sounds good right? In some cases, the encryption can be brute
forced, revealing the secrets without having had the key. This can be done with
a regular computer, but not always within a reasonable amount of time. This is
where the quantum computers come in.
So, what on earth is a quantum computer? They
are energy efficient computers that solves really complex computational
problems with the help of quantum mechanics. When we look at classical
computers, which are the ordinary computers we are used to, they store information
in bits, whereas the quantum computer stores the information in qubits. A bit
is zero or one, while the qubit can be zero, one or a specific combination of
both. When the qubit is in multiple states at once, it is referred to as being
in superposition.
While there actually are quantum computers in
use today there are still difficult problems that researchers are working on, still
making them something of a thing of the future. There are organizations that
already claim to have reached so called quantum supremacy, which is when a
quantum computer can solve a problem that no classical computer can solve within
a practical time frame.
When practical quantum computers will be more readily available it will also mean that plenty of sensitive data will be vulnerable. Fortunately, this scenario is still in the future and there are many years left to take precautions.
Asymmetric encryption is vulnerable to
something called Shor's algorithm and even the longer encryption keys seem to
be in danger of being defeated. Even if this might happen in many years there
is still data stored today. Whether the data is stolen or not, it runs the risk
of being decrypted. Data harvested today can be cracked later on as the quantum
technology keeps maturing. This is one reason why new cryptographic algorithms are
part of the solution.
As an example, NIST ("National
Institute of Standards and Technology") that has worked with other
encryption standards released three resilient post-quantum encryption standards
in 2024.
The three standards that were selected
after a lengthy investigation were:
* ML-DSA (Module-Lattice-Based Digital
Signature Algorithm)
* SLH-DSA (Stateless Hash-Based Digital
Signature Algorithm)
* ML-KEM (Module-Lattice-Based
Key-Encapsulation Mechanism)
There are multiple participants in the
quantum race and perhaps we can see similarities with the AI revolution. Some
companies will fall behind and others will excel with this new exciting
technology.
Access to quantum tools will lead us to a
world with new rules. New security challenges will arise which will put new
demands on software and hardware. Threat actors will have new ways of working
and the role of the defender will also change along with it.
I, for one, follow the development with
great interest and hope you found the article interesting.
Sources
Below are links that helped me put the
article together so that you may research the topic further.
Information about asymmetric encryption:
https://www.geeksforgeeks.org/computer-networks/what-is-asymmetric-encryption/
An interview with D-Wave CEO regarding
quantum computing:
https://www.youtube.com/watch?v=EOfuh_Wdshw
An introduction to post-quantum cryptography
by NIST: https://www.youtube.com/watch?v=uE_Y1C4QPU8
Why regular encryption is not quantum safe
by IBM: https://www.youtube.com/watch?v=ecvCfTPRBrI
The three finalized post-quantum encryption
standards by NIST:
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards