Table Of Contents
Cybersecurity seems more myth than reality in the aftermath of the Equifax breach and the many subsequent ones. Hackers seem destined to crack even the most difficult cryptographic codes, yet society is left with few options, if any. When organizations with some of the best minds in cybersecurity get hacked, it leaves the rest of us feeling deflated and hopeless. Cyberattacks and breaches are occurring more frequently as the world continues to become more digital than ever before. Quantum computing is the future. It demands a solution to our cybersecurity woes as it represents a greater threat than anything that exists today. Not only do quantum computers take advantage of the “spooky” nature of entanglement and the many quantum states of superposition, but additionally, they require far less energy to perform a bit of operation. It is not a question of whether or not hackers will utilize quantum technology to break our most sophisticated codes with ease, but more a matter of how we must understand this technology to defend ourselves against this inevitable, impending cyberattack.
Quantum Computing Defined
Quantum computers take advantage of the laws of quantum mechanics; one outcome is the ability to break complex mathematics-based codes with relative ease compared to classical computers. Understanding quantum computing and how it differs from classical computing is less complicated than it may appear.
Classical computers store information in a form called a bit. Bits can have one of two physical states: 0 or 1. Quantum computers take advantage of mysterious physical laws that govern subatomic particle interaction (see addendum for more information).
Quantum computers store information in qubits (quantum bits) which, like a classical computer, can exist in a 0 or 1 but also in a special state of superposition that is both a 0 and a 1 simultaneously (a simplified explanation). In a way, there are an infinite number of superposition quantum states, as there exist an infinite number of possible combinations of 0s and 1s.
Quantum states of superposition allow N qubits to store 2N-1 Complex numbers, compared to just 2N for classical bits. This is essentially twice as much information compared to a bit with the utilization of superdense coding. Superdense coding allows one qubit to send two classical bits of information. Moreover, qubits store information at a significantly lower energy cost due to the spooky interaction of quantum entanglement. Entanglement allows qubits to correlate in unique ways that classical bits cannot accomplish.
So, what does this mean in terms of numbers we can understand? Google’s D-wave quantum computer was 100 million times faster than a classical computer (five years ago).
Cryptography in Computing
Sensitive information exchanged over networks: the internet, intranets, or extranets is often encrypted and decrypted, utilizing symmetrical or asymmetrical cryptography. Symmetrical cryptography (shared cryptography) allows two people to share the private key that encrypts and decrypts the data. This type of encryption is used ubiquitously for email and banking passwords.
Public (asymmetrical cryptography) uses a Public key available to everyone to encrypt the data, which is different from the one used to decrypt (private key) the data and is unique for each end user.
Cybersecurity and Quantum Computing
Globally, more than 30,000 websites are hacked daily. Ransomware attacks occur every 11 seconds, down from an attack occurring every 40 seconds five years ago. Today, more than 300,000 pieces of malware are created daily, and breaches now cost multiple trillions of dollars to fix each year.
Codes used in data encryption typically derive from complex mathematics, making it seemingly impossible to crack, guess or otherwise break. The math involved is so complex that even the most sophisticated and intelligent classical computers cannot currently crack these codes. However, in a sense, this is a task perfectly suited for quantum computers.
Symmetric cryptography is exceedingly vulnerable to quantum computing. Dr. Michele Mosca, Deputy Director of the Institute for Quantum Computing at the University of Waterloo
posits that in less than a decade, there is a one-in-seven chance that a symmetric public-key crypto will be broken.
By 2031, he predicts that symmetric-key cryptos will stand a one-in-two chance of being broken. Even so, doubling the length of the algorithm solves this vulnerability – for now. Asymmetric crypto-keys are less vulnerable to quantum cyber threats but also contain inherent weaknesses. Classical computers may be able to thwart quantum cyber threats utilizing lattice-based, code-based, hashing, and multivariate encryption techniques.
Lattice-based cryptography utilizes a multi-dimensional grid such that the public key is an arbitrary location and the private key is a lattice-based point. Multivariate security stems from quadratic systems and polynomial equations to secure data encryption, whereas code-based cryptography is based on the difficulty in decoding a general linear code. Hashing, a technique created by the NSA, involves turning data into a number string.
Most encryption on the internet and other networks are of the symmetric crypto variety, making them particularly vulnerable to quantum computing. Though Quantum computers are a decade or more out from being commercialized to the public, time is of the essence, and cyber threats are lurking at every conceivable corner. Equifax chose not to encrypt all its data and decided not to act with urgency when it discovered a vulnerability.
The consequence of their inaction was an unmitigated disaster, with far-reaching ramifications. We must take urgent action to survive the current landscape and enter a post-quantum world.
Organizations globally must take immediate action to protect sensitive data from cybercrime. All data currently not encrypted should undergo initial encryption without delay, and simultaneously, the encrypted data requires new crypto keys that are twice its previous length (at least).
Such measures will directly impact performance, slowing I/O and the CPU for non-encrypted data undergoing initial encryption. Aside from that initial performance hit, the rest of the encryption efforts can run in the background while normal operations are underway. From a customer perspective, such implementation will be seemingly undetectable as customers are interfacing with products. Though this will be time-consuming and require capital investment, both pale compared to a realized catastrophe to the likes of Target, Yahoo, Equifax, and whoever is next (possibly your organization). As your organization undertakes recommended initial data encryption and crypto-key doubling initiatives, it is prudent to conduct ongoing research on which encryption techniques are best suited to tackle novel threats and vulnerabilities as they emerge.
Food for thought – in addition to the grave and imminent threat of quantum computing versus especially symmetric cryptography, the fact that processors continue to get smaller and smaller means that in the not-too-distant future, they will become the size of an atom. At this point, the components that make up the processor will fall under the rules of quantum mechanics.
Quantum Mechanics: Basic Concepts
Matter is comprised of Molecules (multiple atoms) or a single Atom à (which is comprised of) Subatomic Particles, like: protons, electrons, neutrons, quarks, gluons, leptons etc. Quantum Mechanics governs the physical interactions between subatomic particles.
Heisenberg’s Uncertainty Principle – In essence, this principle states that precisely measuring complementary variables at the same time, is not possible. The more precisely one is measured, the less precisely the other can be measured, when both are measured simultaneously.
- For example – if you measure the speed of an atom, you cannot precisely measure its mass at the same time.
Schrodinger’s Cat – Think of a box that has a cat inside of it. You know that there is a cat inside of it, but you don’t know if the cat is dead or alive. You also do not know if the cat is in a state that is both dead and alive. It all depends when you look.
- Before you look, the cat is in its hybrid state – both dead and alive = a state of superposition (think qubits)
- When you look, the cat is either dead or alive = a classical state (think bits)
Wave-Particle Duality – subatomic particles like electrons exhibit properties of both waves and particles. – recently this has been found to be a part of Heisenberg’s Uncertainty Principle.
Quantum Entanglement – All particles, such as photons, electrons, or qubits that have interacted with each other in a group pair, retain a type of connection. This connection can become entangled with one another in pairs, in the correlation process (predicted interaction regardless of distance).
**Huge implications for Quantum Computing**
- “Cybersecurity in the Quantum World,” ISACA Journal, volume 5, 2015. Dr. Michele Mosca. https://www.isaca.org/Journal/archives/2015/Volume-5/Pages/cybersecurity-in-the-quantum-world.aspx
- “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer”. SIAM Journal of Computing 26, pp. 1484-1509 (1997). P. Shor. https://arxiv.org/abs/quant-ph/9508027
- “Inside the weird world of quantum computers”. Wired. Abigail, Beal. March 23, 2017. http://www.wired.co.uk/article/quantum-computing-explained
- Lecture 3: Superdense coding, quantum circuits, and partial measurements January 24, 2006. Dr. John Watrous, University of Calgary. https://cs.uwaterloo.ca/~watrous/CPSC519/LectureNotes/03.pdf
- Foundations of Computer Security Lecture 44: Symmetric vs. Asymmetric Encryption. Dr. Bill Young. U. Texas-Austin. https://www.cs.utexas.edu/users/byoung/cs361/lecture44.pdf
- “Quantum Computers Versus Hackers, Round One. Fight!”. Wired. Lily Hay Newman. https://www.wired.com/2017/01/quantum-computers-versus-hackers-round-one-fight