Author: Jaya Sharma Patel
In the world of technology, quantum computing is one of the biggest leaps forward in recent history, due to its potential to revolutionise the way we solve complex computational problems.
There have been many discussions around the potential of using quantum computers to advance engineering, financial modelling and further develop artificial intelligence.
Among these advancements is the use of quantum computers to reshape the world of cybersecurity.
The unique way that a quantum computer works results in superior performance and processing speed compared to a classical computer operating system. This raises questions concerning the future of cybersecurity, and how our sensitive data and important classified information will be protected in the future.
Principles of Quantum Computing
Quantum computers are much faster than their classical counterparts. In cybersecurity, this means they can break certain types of encryption considered secure against current technology. This raises important concerns about data security and protecting sensitive information, particularly in the field of cybersecurity.
Quantum computing stands out due to its unique design, differing from classical computers that use binary bits representing only zero or one. Instead, it uses qubits, which can exist in superposition (as both zero and one simultaneously.)
These special features enable quantum computing to run programs and algorithms much faster than classical computers.
In quantum computing, entanglement occurs when two particles (or in this case, qubits) interact in such a way, that when there is change to one qubit, we are able to predict the state of the other (eg. if a qubit moves upwards, it can be assumed that the other is spinning downwards.)
Quantum entanglement can occur regardless how far away the qubits are from each other.
Research has revealed that using this link between qubits, it is possible to transfer information from one qubit to another while both of the qubits do not move (quantum teleportation).
Quantum Computing and Encryption
The purpose of data encryption is to keep important information private. Essentially, data encryption aims to hide information by making it appear as meaningless material with no purpose, rather than in its true form.
This form of encryption is commonly used to encrypt text messages, for example, WhatsApp uses end-to-end encryption (which encrypts data from the start to the end of its journey) to safeguard people’s private conversations.
Usually, data encryption is used in one of three ways:
- When data is being sent (in transit): This keeps information safe while moving from one place to another.
- When data is stored (at rest): This secures information when saved somewhere, like on a computer or server.
- Across the entire lifecycle (end-to-end): This protects information all the way from when it is created to when it’s no longer needed
Symmetric and asymmetric keys
Symmetrical encryption: In symmetrical encryption techniques, a unique confidential key is used to encrypt plain text (readable data) and decrypt ciphertext (encrypted data). This key remains only known to the sender and the receiver, ensuring that only authorised parties can utilise it. This category of encryption is often referred to as private key cryptography.
Asymmetrical encryption: In asymmetric encryption, a pair of keys are used: a public key and a private key. These keys serve the encryption and decryption operations separately.
The public key, as its name implies, can be openly accessed or exchanged among authorised users. The corresponding private key is necessary for accessing data that has been encrypted using the public key. The method used to guess one key from the other involves factorising large, complex prime numbers. For classical computers, the processing power needed is so large that it would take an extremely long time to complete this task. For quantum computers, it’s much easier.
Weaknesses of current encryption methods
The management of keys stands out as a significant drawback when it comes to using data encryption within an organisation. The storage of any decryption-related keys requires careful thought, however, the security of this storage location tends to be underestimated.
Cybercriminals concentrate efforts on exposing where key data resides, presenting a large threat to the overall security of enterprises and networks. The importance of key management is especially highlighted in the context of backup and recovery. In the event of a cyber attack, the process of retrieving and safeguarding these keys has the potential to considerably affect a business’ normal operations.
Brute force attacks
Brute force attacks use trial and error by a cybercriminal guessing values for encryption keys autonomously. Brute force attacks can be used to gain access to networks, encryptions, websites, and are mostly used to guess passwords to install malware on devices or gain access to sensitive information, like bank details.
Harvest Now, Decrypt Later
The ‘harvest now, decrypt later’ attacks by cybercriminals refer to the mass harvesting of encrypted data that will then be decrypted once the quantum technology needed is available. This poses a huge threat to the protection of sensitive data and information.
These attacks are how cyber criminals are exploiting quantum computing right now, even though the technology is not yet ready on a mass scale. They highlight the need for informed and proactive decisions by companies that safeguard a large quantity of data.
Quantum decryption and Cyber security
At the moment, quantum computers are only able to hack asymmetrical encryption. This is due to the fact that the public key is available for wider access, and therefore it is able to decipher the private key using the factorisation of the prime numbers included in the public key.
However it’s not currently able to access data encrypted with symmetrical encryption, as both keys are kept by the encrypter.
Therefore, to protect data most efficiently at the present moment, it is actually more advisable to use symmetrical encryption in comparison to asymmetrical encryption.
Quantum computers also have their own method of encryption, commonly referred to as Quantum Key Distribution (QKD). This method of encryption using quantum physics means that data can be transferred securely without any worries of interception. QKD involves using light photons (tiny particles of electromagnetic radiation) to form a string of random characters (the key), similar to classical encryption.
It is possible to detect whether a key has been exposed if the photon pattern at the end of the transfer is different than that at the start.
However, this method of quantum cryptography needs a quantum computer to operate, so is not widely used or accessible to many people right now.
Industries most at risk from Quantum Computing.
The threat of quantum computing on cybersecurity is something that all businesses should be preparing for, and is already being exploited through ‘harvest now, decrypt later attacks’. Quantum computers have the potential to break password encryption in a matter of minutes. This leaves every type of business vulnerable with the amount of data they need to safeguard, from emails and schedules to payment information and client details.
As well as cybersecurity, another industry that is overshadowed by the threat of quantum computing is the financial sector. Due to the nature of money management, there is a lot of sensitive information on databases that could easily be targeted by cyber criminals, especially using the ‘harvest now, decrypt later’ strategy. This is why larger public and private sector banks in particular need to be especially well informed about the threats of quantum computing, and take proactive steps to secure that data as soon as possible.
Within the realm of finance, cryptocurrency is also threatened by quantum computing. Although experts have predicted that it will take quantum computers at least 10 years to crack the current encryption on Blockchain (and also give professionals more time to secure the encryption), earlier Blockchain addresses not protected by more modern forms of public key storage are at risk from being hacked. It is estimated that there are currently around 4 million addresses that could possibly be under threat.
The potential use of quantum computing related technologies in the sphere of national security is also a question that is being frequently discussed. If quantum computing is used maliciously by state actors, then it could pose a considerable threat to national security. The possibility that some countries will have access to this technology and some will not could lead to an asymmetric advantage, altering the current geopolitical status. Governments need to be aware of this threat and take constructive steps to mitigate any threat posed.
The emergence of quantum computing presents a new challenge to cybersecurity. Its powerful capabilities and ability to break current encryption methods demand immediate attention and action, and it is important for individuals, organisations and governments to stay well informed of the threats. Investing in new quantum-resistant technologies and beginning to form rules and strategies is crucial to ensure the authority of cyber security in this new stage of technological development which could have huge negative and positive impacts on our world.
At OmniCyber Security, we strive to keep pace with the ever-changing world of cybersecurity, and are committed to empowering individuals, organisations, and governments with the knowledge and solutions needed to secure their digital future. Contact us today to explore our range of cybersecurity services.