The Double-Edged Quantum Sword

Quantum-cybersecurity-story

Quantum computing has immeasurable potential for innovative technical applications. But is it a cybersecurity threat?

Endorsed by Google, IBM, PQSecure Technologies, Maybell Quantum, and Quantium, a quantum cybersecurity preparedness act was recently introduced to be ahead of cyber risks due to emerging technology. The act aims to prevent threat actors from stealing data in the coming quantum computing era.

“The future of quantum computing brings significant opportunities and risks. I’m optimistic about the power of quantum computing as part of the new technological frontier, but we must take pre-emptive steps to ensure bad actors aren’t able to use this technology in more sinister ways. Our government must learn from past mistakes and take action now to protect its citizens from future cyber security threats,” said US Representative Nancy Mace.

Quantum computing is still in its initial stage, and commercially available applications will take a few years. Although it has immeasurable potential for innovative technical applications, the possibility of cyber risk can increase exponentially.

Quantum risk in cryptography

Cracking an eight-character password that uses numbers, lowercase and uppercase letters could take up to 92 years with a traditional CPU. The quantum era will change things significantly.

Quantum computers can easily crack the methods that conventional computers use, which puts organisations using such encryption tools at cyber risk. Additionally, quantum systems can produce reliable random numbers that can neither be decrypted using traditional computers nor quantum systems.

Modern cryptography assumes that traditional computers can operate on large numbers but cannot do complex arithmetic without years of processing. It meant that public-number key cryptography is easy to carry out but cannot be backtracked quickly. However, quantum computers can hack into encryption algorithms making communication insecure and increasing the possibility of cybercrime.

In the 1990s, an MIT professor proposed a theory that quantum computers would be able to break down large numbers in seconds. Called Shor’s algorithm, it possesses great power over public-key cryptography. Quantum computers with computing power will become a reality in a few years.

Communication using quantum key distribution (QKD), a quantum-based protocol that can provide secure communications, can be secured using satellite links and optical fibre, requiring quantum-based infrastructure, which will increase costs. Thus, most countries are directing their quantum initiatives towards building quantum-resistant cryptography, except China, which heavily invests in QKD using fibre and satellite links. Last year, the Indian Space Research Organisation (ISRO) made a breakthrough in quantum communication by creating an entanglement-based satellite communication system.

Two encryption techniques secure most communication. First is symmetric encryption, where both the sender and receiver use the same encryption and decryption keys. It performs well against quantum-based cybercrime. Second is asymmetric encryption, aka the public-key encryption, where a public key is used for encoding the message and a private key for decoding it. While these keys are difficult to hack for a classic computer, these encryption mechanisms will become obsolete in quantum reality.

Infosys partnered with quantum cybersecurity firm Quintessence Labs to develop a hybrid solution that first generates proper random keys with a quantum random number generator and then puts those keys into classical cryptographic algorithms and encryption systems. This approach makes it possible to generate reliable random and unpredictable numbers in several commercial applications. It allows organisations that work with a massive volume of sensitive data to be more secure.

“While quantum computing has a great potential to revolutionise the cybersecurity space, particularly using quantum-proof data in decryption, it is important to understand the cyber risks that it can bring. Security professionals must stay up to date to be quantum-resistant, especially CISOs, CSOs, and other security officers,” said Haider Pasha, Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA).

The quantum challenge

The current threat detection tools and solutions are not powerful enough to identify cyberattacks on quantum computers. The existing public-key encryption infrastructure took decades to develop, be standardised, and adopted, and making another such transition for quantum resistance will be a massive challenge.

Experts believe the government, industry, and the academic communities will have to work together in the quantum age to develop quantum-resistant cryptography, and it’s not going to be easy.

Quantum investments of more than 800 million were reported in 2021 alone. Infosys is one such company that has been heavily investing in quantum computing. It has been experimenting with two-hybrid approaches to commercialise its innovations and create a bridge to the quantum computing era.

Meanwhile, a 2021 (ISC)2 study revealed that the cybersecurity workforce has to increase by 65 per cent to meet the industry demands. While Germany saw the cybersecurity industry grow by 165 per cent in 2021, the rest of the world is still reeling from the shortage.

While still in initial days, businesses are already developing quantum technology in hybrid solutions. With time and innovations, end-to-end systems will get more deeply connected, increasing the secure cyber ecosystems requirements. Companies will also have to create roadmaps to protect the critical cyber infrastructure.

“It is important to educate your employees to ensure they understand quantum technology and the threats it brings; ultimately showcasing the value of investing in a better technical infrastructure. It is worth investing in machine learning (ML) as Quantum ML has the potential to enable exponentially faster, more time- and energy-efficient machine learning algorithms that can identify and defeat novel cyberattacks,” added Pasha.

If you liked reading this, you might like our other stories

Companies To Watch
Go Figure: Turkey In Numbers