Solutions ReviewsContributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Zibby Kwecka of Quorum Cyber examines the current and future states of quantum computing, and the inevitable threat of a quantum attack.
The threat of quantum computing is very real, today. As of July 2022, 25 percent of Bitcoin and 66 percent of Ether are vulnerable to quantum attacks (Deloitte, 2023). These can be secured with action, however, even if a small number of these currencies are stolen, the market disruption may significantly devalue assets.Quantum computers have the potential to solve certain complex mathematical problems significantly faster than classical computers. One of the most notable implications is their ability to break encryption algorithms that rely on the difficulty of factoring large numbers or solving logarithm problems. There are theoretical methods to crack our current encryption methods that would be possible on a conventional computer, however widely inefficient. Quantum will allow the cracking of keys thousands of times more efficiently, making it possible to break todays encryption in just a few cycles. Thankfully, for now, scale remains a problem for quantum computing.
Once quantum computers become a tool thats commercially available and matured, its expected attackers will take advantage of this to break current encryption methods, creating a significant risk to the security of our sensitive data. Using this technology as a platform for an attack is a concern for organizations, not just on the cryptography front.The threat of quantum computing becoming part of an actors offensive toolbox is likely. Taking advantage of decryption techniques, forging certificates, or its potential ability of rapid machine learning, could vastly speed up network recon and eavesdropping, and forging identities.
Just because quantum computing isnt here yet doesnt mean we shouldnt be aware of the risk. Data may already have been stolen, or harvested, for later yield. While it may not be currently feasible to decrypt your data yet, once it becomes a viable and affordable measure through quantum computing, harvested data and communication traffic could be decrypted. This may be assisted by projects from Microsoft and IBM aiming to offer cloud-based multi-quantum computing facilities on a consumption model.
The National Institute of Standards and Technology (NIST) has been calling for the development of encryption methods that would remain resistant to the advantages of quantum computing, with the first four quantum-resistant cryptographic algorithms announced back in 2022 (NIST, 2022). There is a future of using quantum computers to vastly improve our digital security, but theres a risk of being in a very dangerous limbo between the threats posed and the future of greater security. Currently, there are several limitations preventing development at scale, which may take years to overcome.
The most likely quantum attack would involve breaking cryptographic systems of communication methods we use today. This isnt just a future problem; however, its happening already. The widely known Harvest Now, Decrypt Later operations store stolen information that will later be decrypted using advanced technology. This might be years away, but depending on the sensitive information, it could still enable extortion against organizations or individuals. Its a compelling argument to encourage businesses to purge old data thats no longer required.
Future cyber-attacks will involve hybrid approaches that combine classical and quantum computing techniques. Quantum computers are great at operating in parallel states, and thus, it would be natural to apply them to fuzzing systems and finding vulnerabilities. The added fuzzing ability of quantum computers could drastically speed up attacks aiming to penetrate a system. Fuzzing tests programs by using numerous randomized inputs, and could be a perfect use for quantum machines.
Current RSA encryption relies on 2048-bit numbers. In 2019, quantum computers were only able to factor a 6-bit number. In 2022, that number only increased to 48-bits under a highly specialized environment (Swayne, 2022). There is the expectation within the next 10 years we could be at a point where current encryption methods are at risk. The current development is exponential (Deloitte, 2023).A recent mandate from the US Congress declares a 2035 deadline for quantum-resistant cryptography to be implemented (Executive Office of The President, 2022), but it could be sooner.
The exponential development of artificial intelligence (AI) underway may, at some stage, support scientists in solving some of the challenges currently faced. For a quantum computer to undertake a task the problem statement must be translated into a format a quantum computer can actually work with first. This is a laborious task, and hence apart from the high cost of entry to the quantum computing attacks because of the hardware costs, there is an even higher ongoing cost associated with translating targeted problem statements into something that can be tested. This is why cryptographic use cases are currently prevalent when quantum is discussed. They are repetitive, as we only use a handful of cryptographic algorithms to secure the digital world. However, AI will one day enable us to rapidly create translations of human-readable problem statements, and software to be tested, into the code that can be processed by a quantum computer, and this is when the full capabilities of this technology will be reached.
There are several actions that should be considered:
To start using quantum machines to solve real-world problems, we feasibly need a machine capable of at least 1 million stable qubits (Microsoft, 2023). Currently, the qubits in existence suffer at scale for several reasons, one of which is quantum decoherence making each qubit only available for a short period of time. As far as research goes, weve only just reached over 100 qubits (Ball, 2021). Until these challenges are overcome the use of quantum computing is limited.
The rest is here:
The Threat of Quantum Computing - Solutions Review
Recommendation and review posted by G. Smith
