Scientific developments can be greatly aided by quantum computers due to their new, speedy way of performing computation. If made available, they might however be able to breach current encryption and compromise (personal) data protection.
What is quantum computing?
Quantum mechanics provides an alternative method to how computers process information today. A quantum computer employs quantum bits, or qubits, that can simultaneously function as 0s and 1s. Traditional computers use bits (0 or 1) as their basic building blocks.
Bloch’s sphere is best able to illustrate the possible spectrum of values a qubit may adopt. Qubits allow the storage of a point on the surface of a sphere, as opposed to 2D bits that store discrete values. Due to their greater power, quantum computers can utilize these more powerful qubits and carry out calculations for all possible superpositions at the same time, not only for a determined value like “0” or “1”. Due to the efficiencies gained from quantum computing, binary computing has an efficiency disadvantage. Using quantum computer hardware would be necessary for some tasks to be made feasible if they were available.
As a result, quantum computers are faster than classical computers for selected problems, so they may be able to compute tasks not possible with classical computers today.
What are the data protection issues?
There are several reasons why quantum computing could have significant implications for data security and confidentiality. For example, it may allow cryptography to be broken. Computing using quantum information means breaking many of today’s classical cryptographic algorithms, which in turn harms IT security severely. Cybersecurity will be seriously impacted. Almost all of today’s systems that demand security, privacy, or trust would be compromised.
The impact of public-key cryptography
It encrypts data by using algorithms based on cryptographic protocols called public-key cryptography. A public key and a private key are required. It is a public-key cryptographic algorithm that is widely used when you are transferring sensitive data over the Internet that is known as Rivest-Shamir-Adleman (RSA). Encryption using the RSA algorithm protects both confidentiality and authenticity by using both public and private keys.
Despite the possibility that quantum computers would be able to carry out decryption without the prior knowledge of the private key, adversaries with sufficiently powerful quantum computers could make public-key cryptography insecure. Among the things affected could be digital signatures or essential TLS protocols like HTTPS (TLS), which supports secure browsing, online banking, and online shopping.
Symmetric cryptography and its impact
AES and other symmetric cryptography systems can also suffer from negative consequences due to quantum computations. Cryptographic techniques such as RSA and AES (e.g., HTTPS) are often used in conjunction with asymmetric cryptography (e.g., RSA). To exchange private keys securely and symmetrically, symmetric cryptography needs practical ways. The private key exchange must be secure to guarantee data security. However, today’s key exchange methods are based on issues that quantum computing may create. A secure key exchange is imperative to ensure the confidentiality of data.
Decrypting a file retrospectively
A threat to IT security is also posed by the technological progress in binary computing hardware, meaning today’s widespread classic computers. If key lengths were short enough at the time, the retrospective decryption of data from the past becomes feasible with increasing computing power and decreasing costs. To keep data secure, security experts regularly advise increasing the length of keys. There have been reports that certain governments’ secret services were collecting data systematically for retrospective decryption. Although quantum computers follow different laws, they do allow retrospective decryption much earlier than conventional computers.
Quantum computers in practice
Quantum computers with thousands or millions of qubits and low error rates would be able to execute quantum algorithms with practical effects. Technology cannot accomplish this by any means within the foreseeable future.
According to Google, its 54-qubit quantum computer (Oliver 2019) has demonstrated quantum supremacy. Quantum computers claimed they could do computations in fractions of a second that would take powerful non-quantum computers thousands of years. Even though the solved task has no practical significance, it served as a proof of concept. More similar results will likely be announced in the next decade, but their practical significance is unlikely in the nearterm.
Currently, existing quantum computers cannot execute useful algorithms of practical relevance because they have too few qubits and too much error rate. Within the next ten years, it will be extremely unlikely but difficult to predict if large and practical quantum computers will be developed. These unpredictabilities are ultimate what lead to today’s risks in IT security.
Cryptography in the post-quantum era
Cryptography known as post-quantum cryptography or quantum-safe cryptography has been shown to remain secure even if quantum computers are used. In this case, the building blocks used are very different mathematical operations that quantum computers cannot solve more efficiently than other computers.
While post-quantum cryptography may bring increased security and speed to data encryption, decryption, and signature verification, it may also require more computing power to process significantly larger amounts of data. Additionally, exchanging larger keys and certificates may require more computing power as well. No standard is yet in place for post-quantum cryptography.
Effective cryptanalysis must be able to demonstrate both quantum computing and binary computing using sufficient and convincing evidence. According to NIST, a draft of a post-quantum cryptography standard will be published in 2022 or 2024 with the first algorithm. Upon standardization, algorithms will need to be integrated with standard internet protocols like HTTPS.
By 2020, prototypes of (non-standardized) postquantum cryptography will be available for testing in the form of source code, software libraries (e.g. for OpenSSL), and cloud services (e.g. from Amazon Web Services and Cloudflare). According to some estimates, a full transition could take as long as 15-20 years in practice.
The length of time that organizations need to assure absolute confidentiality of data and protection against the possibility of retrospective decryption should be considered by organizations. We do not believe that quantum computers will pose an immediate threat in the foreseeable future based on what we know today. To build a quantum computer capable of running known algorithms, will take decades. It may be necessary to transition to post-quantum cryptography at an early stage if data that needs to be protected for a long time is at risk.
Several organizations may find it useful to prepare risk assessments, as well as migration plans and contingency plans. Regardless of the technology used today, such plans should always prioritize data security. During the transition to post-quantum systems, organizations should consider existing risks as well as the usual security and confidentiality considerations (which include data security, such as reliability and availability) (for example, re-encryption with post-quantum cryptography, if necessary). A German federal office for information security has issued the first set of recommendations for a transition to post-quantum cryptography.
How to keep your data secure in a quantum world?
New quantum computing technologies are causing some businesses concern regarding data security. There is no doubt that hackers are doing their best to learn this amazing new field in the same way that governments are. To remain secure against the threat of quantum cryptography, IBM suggests the following 4 steps.
- Employ a quantum cybersecurity team early and take advantage of quantum technologies.
- Quantum cybersecurity measures should be taken in areas of high risk to your organization.
- Update yourself on the latest developments in quantum technology.
- As soon as quantum encryption and other quantum-safe solutions become available, implement them.
Superpositioning and entanglement are two properties of quantum mechanics that lend themselves to quantum data security. Message receivers can share identical ciphering keys via quantum entanglement. The symmetry of the entangled photons pairs would be broken if someone attempted to intercept the data as it is transiting. In this way, it will be immediately evident that a cyber-attack has been attempted, and further security measures will be taken to guard the data before any damage can be done.
Cyberattacks can still be mitigated with public-key encryption technology. Most cyberattacks are caused by Internet users who simply do not protect their data. Public places make them vulnerable to attacks, and their private data is often intercepted. Cybersecurity and quantum computing will change everything.
For now, your algorithms can still be upgraded with quantum-safe encryption techniques. Quantum-savvy hackers can then be protected to the maximum extent possible.