One of the lesser-known, but potentially major IT developments recently has been the rise of quantum computing. Many commentators are looking at it as a potential aid to cybersecurity, while at the same time it poses new threats.
Before delving too deeply into quantum computing and cybersecurity, consider a definition of quantum computing.
To get a wee bit technical, a definition of Quantum computing has been put forward in Wikipedia as “the exploitation of collective properties of quantum states, such as superposition and entanglement, to perform computation”.
A definition not reliant on an understanding of quantum mechanics is as follows.
Traditional or classical computing is based on the binary system. The basic unit, a bit, can be either 1 or zero at all times and the entire computing world is based on that proposition.
Quantum computing says that a quantum bit, a qubit, can be either one, zero, or both at any time, and its value is not known until it is measured.
A useful comparison is flipping a coin. Spin it, and there is a 50% chance of it coming down either heads or tails. However, once it has landed and it’s been observed, it’s 100% certain which it is. Similarly, a qubit can be considered as being both one and zero at the same time until you measure it.
One commentator claims that a single register of 256 qubits can hold as many values as there are atoms in the Universe.
In computing application terms, it is difficult to give a succinct and understandable explanation of how quantum computing works.
A useful analogy is that of a maze. You come to a crossroads inviting you to go left or right, hopefully towards the exit. In conventional computing, you can choose one or the other. With Quantum computing, you can choose both.
Again, in the maze analogy, conventional computing tests each possible exit route one after the other. Quantum computing can simultaneously try all possible paths to leave the maze. This means that in conventional computing you perform actions sequentially. In a quantum environment, you can perform many computations in parallel.
In a practical sense, that means quantum computers can analyse and process data much quicker.
The ability of quantum computing to act in parallel means that it is suitable for some specific types of task, but not necessarily all. Specific areas include optimisation calculations and molecular simulation in material management and drug development. Basically applications involving probability, and the analysis of large amounts of data.
One area of concern is that of code-cracking. Quantum computing makes previously algorithms thought to be unbreakable insecure.
However, quantum computing is just out of infancy and is used in mainly research and education environments. Simply put, the results of quantum calculations are unreliable because they are too “noisy” at a quantum level. The timescale for commercial availability depends on whom you talk to and the application area but is generally thought to be a few years away.
Quantum Computing and Cyber Security
Its common cause that cybersecurity is an absolute imperative in all IT installations. According to the FBI, there has been a substantial increase in malware attacks and general Web-based frauds over the last 12 months or so as companies open up new e-commerce sites without necessarily having complete security in place.
The current move to digitally controlled devices like cars, aeroplanes and automated manufacturing systems makes security a vital part of their fundamental design. Compromising systems security can be a life-threatening activity.
The ability of quantum computing to solve complex problems much more quickly than conventional computing is bringing new threats and security measures, and a new IT focus area, quantum cybersecurity.
On the positive side, Quantum computing might help to identify attacks such as a DDoS attack much more quickly, but on the downside, the real danger lies in Quantum computing’s ability to break encryption very quickly in comparison with traditional methods.
As an example, the NSA is taking quantum cybersecurity very seriously indeed. Currently, the touchstone is the 128bit AES encryption standard. Experts calculate that it would take about 10.8 quintillion years to break AES using conventional equipment, but only around six months using quantum computing. Unconfirmed rumours indicate that the NSA has already done it. That in itself is a cybersecurity threat.
Although research and development are still in their infancy several routes are being explored to improve cybersecurity. One such is the use of lattice-based cryptography. Lattice-based algorithms are replacing the current linear cryptographic algorithms. Google has already started testing this technology. IBM claim to be far advanced in the use of Fully Homomorphic Encryption.
The question was, is Quantum Computing a cybersecurity threat? The answer is yes, but it is also part of the solution.