Quantum security: The end of security as we know it?

This article originally appeared in June's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.

As Google and IBM race to become the first to create a fully functional quantum computer that can be applied to practical problems, voices warning the advancement of this technology could have very real unintended consequences are growing increasingly loud among cyber security professionals.

Virtually every aspect of our lives nowadays relies on strong encryption, from financial services to shopping sites, email and often elements of our work life such as HR or expenses systems. The security systems they use must be – and largely are – reliable and trusted.

To break the RSA public key cryptographic systems, for example, would take millions of years with the standard computers available today. A quantum computer able to run thousands of quantum bits (qubits) would be able to do it in a far more reasonable time, but with the leading developers claiming a maximum of 100 qubits with their implementations, we are far from building a quantum computer to challenge current security protocols. What of the future, though?

In its report, the RAND Corporation concludes steps must be taken today to meet the challenges of a post-quantum cryptographic security environment. "If an adequate implementation of new security measures has not taken place by the time capable quantum computers are developed, it may become impossible to ensure secure authentication and communication privacy without major, disruptive changes," said Michael Vermeer, lead author of the report and a physical scientist at RAND.

The security systems that businesses and individuals rely upon every day use two forms of encryption: symmetric and asymmetric. How you securely communicate with your bank or use your mobile phone without anyone eavesdropping on your calls will use a combination of these security systems.

Current security systems used to protect sensitive data typically use a combination of Advanced encryption standard (AES) developed back in 2001, RSA (Rivest–Shamir–Adleman) and Elliptic-curve cryptography (ECC). As financial services tend to use asymmetric cryptography such as RSA and ECC, these systems are vulnerable to attack by quantum computers. AES is less susceptible as the systems are symmetric, but could still be broken.

Speaking to IT Pro, Dustin Moody of the NIST Post-Quantum Cryptography (PQC) team, explains: “A working, large-scale quantum computer would have some impacts on the crypto we currently use. First, such a computer would be able to run Shor's algorithm, which would break all currently deployed public-key cryptography. Second, a quantum computer would be able to run Grover's algorithm, which would have the effect of us having to use longer keys/hash functions for the algorithms we use for symmetric-key cryptography.

Moody continues: “We use both public-key and symmetric-key cryptographic techniques to provide the security we expect today. If we made no changes in advance of this, then yes, security would be severely threatened. Note that we will need completely new quantum-resistant public-key crypto algorithms, while for the symmetric-key algorithms, we only need to use larger parameter sets. NIST has a post-quantum cryptography standardisation project ongoing to address these issues before a large-scale quantum computer comes into existence.”

Breaking the internet?

Estimates vary wildly regarding the timeframe for a practical working quantum computer. The timelines are even longer when quantum encryption systems are considered. The security community, in general, is advising we should be undertaking research into how a post-quantum encryption security environment could look like – as NIST is currently doing.

“The cryptographic community is beginning to focus more on post-quantum cryptography, but more time and testing is needed to improve the efficiency and build confidence in post-quantum cryptography, as well improve its overall usability,” says Kevin Curran, IEEE senior member and professor of cyber-security at Ulster University. “We may very well find that we do not actually need post-quantum cryptography, but this is too risky – if we do not conduct the research now, then we may lose years of critical research in this area later on.”

Understanding the massive challenges still ahead to design and build a quantum computer that can perform useful work is critical to place the concerns regarding quantum computers and encryption into a realistic context.

Brian Hopkins, VP and principal analyst serving CIOs and technology leaders at IBM, explains: “The market doesn’t understand how frighteningly immature quantum computers are. We are all intrigued or concerned about some future powerful quantum computer with huge theoretical potential. But we have so far to go. For example, each qubit in an IBM quantum computer takes something like four physical cables to control. Each cable cost’s thousands of dollars. That’s to control 20 qubit machines. How will we scale this to millions of qubits in a cost-effective way? Millions of cables running into deep freezers on a quantum computer the size of a building? The truth is, nobody knows.”

Hopkins concludes: “Even the best firms say they won't get to quantum advantage in small scale ‘NISQ’ (noisy intermediate-scale quantum technology) use cases for five-to-ten years. That's a lot of time for things to change. And all the while, classical computers are still getting more powerful and we are developing other types of computing – neuromorphic chips, optical chips, memristor chips and so on – that can do things like machine learning much better than quantum computers can.”

New security keys

Research from DigiCert revealed over 70% of respondents are aware of PQC, showing IT departments are already thinking about the possibility of future security breaches.

Doing business in a 'quantum-safe' environment will take shape as quantum computers themselves evolve. We already have security protocols that should be safe from attack from hackers equipped with a quantum computer. OASIS KMIP and IEEE std 1363.1 are leading the way to a future where reliable security systems continue as we use them today.

Distributed Ledger Technology (DLT) and the blockchain, meanwhile, have been heralded as the next evolution of data security. Moving away from centralised data stores that can be compromised to a distributed system is held by many as the solution to current data security challenges. Thankfully, they also seem to be resistant to the problem posed to security by practical quantum computers. In its 2018 report on the matter, Forrester states: “Quantum computing isn’t going to blow apart DLT-based systems today — or even in the foreseeable future.”

This doesn’t mean businesses can be complacent, though. The systems being built today may well have to contend with an environment where practical quantum computing is real. It’s critical, therefore, to think about how data security is being handled with technologies like DLT to understand how they could be impacted in a post-quantum landscape.

As NIST’s Dustin Moody notes: “Technologies like blockchains and the like use different cryptographic components. You have to examine the quantum threat for each component. In the simplest case, a blockchain requires computing hash functions and needs to use (public-key) digital signatures. The digital signatures will need to use quantum-resistant or quantum-safe algorithms to be protected from a quantum computer. The hash functions will need to use longer outputs, which is not too hard to do (ie you could use SHA-512 instead of SHA-256).”

For now, the security platforms in use are more than adequate and it could be decades before we have to worry about the security protocols being rendered useless. Nevertheless, the future may require radical rethinking of how we approach every security system currently in use