Quantum Computing & Cybersecurity: A Threat Game Changer
Author: Anders Olof Möller
Over the past decade, substantial investments in quantum computing have resulted in significant progress and increased awareness of its effect on cybersecurity. Quantum computing is expected to be a transformative technology, capable of solving complex problems beyond the reach of classical computers, creating what is known as the quantum advantage.
This technological breakthrough could provide many opportunities, and there are expectations of finding applications in areas such as finance, pharma, health, optimization and artificial intelligence. However, there is a particular application of quantum computers that is crucial for cybersecurity – the potential of breaking the currently used public key cryptosystems. In this article, we will dive into the challenges of quantum computing and examine its profound impact on cybersecurity.
Quantum Computing & Cybersecurity: Why Are Future Efficient Quantum Computers a Problem Now?
One of the most discussed implications of quantum computing is the potential to break modern public key cryptography, which is already posing a significant cybersecurity threat. Simply put, cryptography is a fundamental pillar of cybersecurity, and quantum computing is set to reshape the very
foundations of cryptography
.
The quantum threat to cryptography stems from two known quantum algorithms, Grover’s algorithm and Shor’s algorithm:
Grover’s algorithm
It implies a quadratic speed-up for unstructured searches. Simplifying, it means that the security level for symmetric, secret key cryptography, such as the Advanced Encryption Standard (AES), is reduced to half the key length. For most cases of symmetric cryptography, a sufficient security against the quantum threat can simply be obtained by doubling the key length, for example by using the already standardized and widely used version of AES with key length 256 bits.
Shor’s algorithm
Even though quantum computers are still under development, organizations must start considering quantum adversaries today. This is especially important in two cases:
- Long-term data confidentiality, and software update signatures are implemented in long-lived applications, where the update mechanism can’t be updated.
- For confidentiality, the quantum adversary introduces the “record now, decrypt later” attack scenario. In this approach, a quantum adversary can record encrypted data today, to later decrypt in the future when an efficient quantum computer becomes available. To address this risk, organizations can apply Mosca’s Law for Confidentiality.
As shown in the figure, the timeline for transitioning to quantum-safe cryptographic systems can be estimated by using the following equation:
Time to start migration = Z - Y - X
X = the time that data needs to remain confidential
Y = the time required to migrate to a secure quantum-safe system
Z = the estimated time for the quantum threat materialized
If the sum of X and Y exceeds Z, it means that by the time quantum computers reach the required level of capability, sensitive data could already be exposed. For example, if a quantum adversary is estimated to be in the year 2035, the confidentiality time is 5 years, migration time is 3 years then, the time to start migration is in 2027.
When Will Quantum Computers Break Public Key Cryptography?
How many qubits are needed to break current cryptography? This question was addressed in 2019 by researchers Martin Ekerå and Craig Gidney. Based on the usage of quantum error correcting codes for logical qubits (now practically verified by Google’s quantum chip Willow) and the state-of-the-art improved versions of Shor’s algorithm, they estimated that in the order of 20 million qubits would be needed to factor a 2048-bit RSA integer in 8 hours. This corresponds to breaking a typical use case for RSA.
Currently, quantum computers operate with hundreds of qubits, far below the estimated threshold. Nonetheless, steady progress continues with industry leaders like Google and IBM adhering closely to their development roadmaps.
While predicting technological milestones is uncertain, many experts believe that quantum computers capable of breaking modern crypto could emerge between 2030 and 2045. For this reason, organizations must begin considering these future risks now to ensure today’s secured data remains protected in a post-quantum era.
At DEKRA, we provide evaluation according to
FIPS 140-3
certification,
ISO/IEC 19790 certification
and NIST standards on cryptographic modules, helping organizations to ensure their products meet the highest level of security and compliance. We are committed to navigate our customers through the complex landscape of cybersecurity requirements, achieving certification with confidence.
References:
[1] IBM, “What is Quantum Computing?t,” [Online]. Available: https://www.ibm.com/think/topics/quantum-computing.
[2] Quanta Magazine “Thirty Years Later, a Speed Boost for Quantum Factoring,” [Online]. Available: https://www.quantamagazine.org/thirty-years-later-a-speed-boost-for-quantum-factoring-20231017/.
[3] Google, “Meet Willow, our state-of-the-art Quantum Chip,” [Online]. Available: https://blog.google/technology/research/google-willow-quantum-chip/
[4] Google, "Explore Google Quantum AI", [Online]. Available: https://quantumai.google/
[5] Arxiv, “How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits”, Craig Gidney, Martin Ekerå, Available: https://eprint.iacr.org/2015/1075.pdf
[6] eprint, “Cybersecurity in an era with quantum computers: will we be ready?”, Michele Mosca, Available: https://eprint.iacr.org/2015/1075.pdf