Addressing quantum cyber-threats should already be a high priority for cybersecurity professionals, according to Duncan Jones, head of cybersecurity at Quantinuum, speaking during the ISC(²) Secure Webinar ‘The Threat and Promise of Quantum Cybersecurity.’
Jones began by emphasizing the significant differences between quantum and classical computing, both in operations and possibilities. One of the most significant of these is that while classical computers only have binary choices, 0 or 1, quantum computers are made up of ‘qubits,’ which “can have values that are combinations of 0 and 1.” This mixture is known as a ‘superposition.’
This enables calculations to be made in parallel. In addition, qubits can be connected, which provides the opportunity to model aspects of nature in their entirety. This aspect offers enormous potential in fields like drug discovery, where testing could be simulated rather than requiring lengthy and expensive trials.
Jones added that many companies operating in this space are developing different types of computers. “It’s unlikely that one technology will emerge as the best answer in every situation. I think in the years ahead, we’ll have different types of quantum computers for different purposes,” he stated.
However, quantum also poses significant dangers in cyberspace. In particular, in the next 10-15 years, it is expected to be able to break existing cryptography algorithms such as RSA, Elliptic curve cryptography and Diffie–Hellman key exchange. For example, quantum algorithms like Shor’s algorithm (1994) will ultimately solve the complexities of such systems.
This threat is not imminent, and Jones said we are currently in the noisy intermediate-scale quantum (NISQ) era, in which the leading quantum processors do not contain enough qubits to mount such attacks. However, this will inevitably change in time, and the asymmetric realm “will be completely broken by Shor’s algorithm.”
This will impact numerous everyday systems, including public key infrastructure (PKI), HTTP/TLS, network security, payments, Internet of Things (IoT) and blockchain.
Jones emphasized that quantum does not just represent a future cyber-threat but nevertheless is very relevant today. This is the concept of ‘hack now, decrypt later.’ In this scenario, a hacker will listen in to and record an encrypted exchange today, which they can decrypt retrospectively on a quantum computer in the future. Therefore, “perfect forward secrecy doesn’t help you here because the attacker can see all the messages that were exchanged, and a quantum computer will be able to break the mathematics protecting that exchange.” This issue is particularly pertinent to data that will still be relevant in 10-15 years, such as health information. “Quantum attacks may well have already started,” noted Jones.
No tags.
