Key Cybersecurity Questions on Quantum Computing
Are we now looking at the cybersecurity equivalent of a nuclear weapon?
The laws of physics are different at the atomic level than they are at the galactic, or planetary level. And because of that, quantum mechanics has some “spooky” properties:
- Entanglement: Particles can become related and coordinate their properties across vast spatial distances without regard to the speed of light
- Superposition: Particles can have a value of both one and zero at the same time
- Tunneling: Particles can tunnel walls, or other physical barriers.
These kinds of “quantum mechanics” actions have been provably demonstrated and are now being developed in quantum computing technologies in an attempt to perform complex scientific calculations in seconds that non-quantum computers might require many years to do.
Solving some of these problems, such as weather forecasting and genetic disease analysis, might benefit society. But the technology will also be put to nefarious use, that is, to factor RSA private keys, to reverse password hashes into plaintext by trying every possible value, and thereby destroy the effectiveness of cryptography and shared secrets as we know them.
According to SingularityHub’s Viivek Wahdwa, whose article we gratefully acknowledge for inspiring this post, “Most researchers I have spoken to say that it is a matter of when — not whether — quantum computing will be practical. Some believe that this will be as soon as five years; others say 20 years.”
How soon this happens depends on overcoming many challenges with creating materials to produce entangled particles, developing logic gates for parallel processing of the myriad states enabled through super-positioning “qubits” and so on. There is already a substantial level of investment in an ongoing vendor arms race currently involving giants such as IBMand startup companies, such as D-Wave, which claims to have built an early quantum computer.
If D-Wave has already produced a limited sort of quantum computer, how long until someone produces a more advanced “limited” one that can do some damage? 5 years? Less than five years?
This raises many questions, such as:
- How do we prepare for the possibility that advanced attackers, then organized criminals and finally script kiddies will eventually have the technology to break some forms of conventional encryption and other measures we use to preserve confidentiality or integrity?
- How can we ourselves use quantum computing technology to mitigate risks of cyberattacks?
- How can we ensure that the powerful organizations or vendors who will be the early adopters of this technology, use it (on balance) to benefit society rather than destroy it?
It may not be too soon to start thinking about such things.