Quantum Computers: The Looming Threat to Current Digital Security

Share this post:

• Share on Facebook
• Share on Twitter
• Share on Linkedin

September 20, 2024

By:Dr.ir. Vijay S. Rao, Research Leader, LTIMindtree

In an age where safeguarding digital security and privacy is crucial, a new and formidable challenge is emerging on the horizon: the threat posed by quantum computers. Quantum computers promise to revolutionize computing with their unprecedented processing capabilities and have the potential to solve complex problems and drive innovation across various fields. On the other hand, some of the complex problems they solve pose a significant threat to the cryptographic systems that underpin our current digital security infrastructure. This blog explores the potential impact of quantum computers on digital security and what can be done to mitigate these risks.

The quantum computing revolution

Quantum computers utilize quantum mechanics concepts to perform calculations at unimaginable speeds compared to classical computers. While classical bits are limited to representing either 0 or 1, quantum bits (qubits) can exist in a superposition of both states simultaneously. Additionally, quantum entanglement allows qubits to be correlated in ways that enhance computational power exponentially.

Quantum computers are advancing rapidly due to the significant strides made by IBM, Google, and Intel. In 2019, Google claimed 'quantum supremacy' by executing a computation in just a few minutes, which would take thousands of years for classical computers[i]. Recently, IBM demonstrated the preservation of 12 logical qubits using 288 physical qubits for nearly 1 million syndrome cycles, thus showcasing the stability and reliability of computations[ii].

The quantum threat to encryption

One of the most significant threats posed by quantum computers is their ability to break widely used encryption methods. Modern digital security relies heavily on asymmetric-key cryptographic algorithms such as Rivest-Shamir-Adleman (RSA) and elliptic curve cryptography (ECC) for securing protocols and symmetric-key algorithms such as advanced encryption standard (AES) for data encryption.

RSA and ECC are at risk

RSA and ECC, the most common public-key cryptosystems, are foundational to securing today's internet communications ranging from online banking to private communications. They are employed in protocols such as HTTPS, VPNs, secure email, etc. Their level of security is primarily based on the computational complexity of factoring large integers and solving the discrete logarithm problem, respectively. Classical computers would take impractical amounts of time to solve these problems, thereby ensuring the security of encrypted data.

However, quantum computers, using Shor's algorithm[iii], can solve these problems exponentially faster. Shor's algorithm can factor large integers and compute discrete logarithms in polynomial time, rendering RSA and ECC encryption vulnerable. This means that a cryptographically relevant could break RSA and ECC encryption.

AES is not immune to quantum threats

AES is another cornerstone of modern encryption, used extensively for encrypting data. While AES is more resilient to quantum attacks compared to RSA and ECC, it is not entirely immune. Grover's algorithm[iv], a quantum search algorithm, can reduce the effective strength of AES by half. For instance, a 256-bit AES key would effectively offer 128 bits of security against a quantum attack, which is still formidable but significantly less secure than originally intended.

Algorithm	Classical strength	Quantum threat
RSA	Secure with large keys (2048-bit)	Vulnerable to Shor's algorithm
ECC	Secure with shorter keys (256-bit)	Vulnerable to Shor's algorithm
Diffie-Hellman	Secure with large primes (2048-bit)	Vulnerable to Shor's algorithm
AES	Secure with 128-bit key	Grover's algorithm reduces effective key length
SHA-2, SHA-3	Secure with 256-bit key	Grover's algorithm reduces effective key length

The 'harvest now, decrypt later' attack

One of the most urgent and alarming threats posed by quantum computers is the "harvest now, decrypt later" attack, which is already happening today. Adversaries are actively intercepting and storing encrypted data, intending to decrypt it once quantum computers become powerful enough. This poses an immediate and severe risk, especially for data that must remain confidential for extended periods, such as government communications, intellectual property, personal information, etc. The threat is not just theoretical; it's a clear and present danger that demands immediate attention.

The domino effect: widespread implications

There are far-reaching implications of quantum computers breaking current . This would set off a potential domino effect of cascading failures across various sectors. A successful quantum attack on these encryption systems could lead to severe privacy and data integrity breaches. If a major sector's encryption is compromised, it could lead to a chain reaction affecting other sectors, resulting in widespread chaos. For example, a breach in the financial sector could undermine trust in online banking and digital transactions, leading to economic instability.

Government and defense: national security at risk

Government and defense sectors store highly classified data. In case such data is compromised, it could pose a major threat to national security. The ability of adversaries to decrypt confidential government communications could lead to espionage, sabotage, and severe geopolitical consequences, putting many nations at risk.

The financial sector is a prime target

The financial sector, with its extensive amounts of sensitive data and transactions, is a prime target for quantum-enabled attacks. The compromise of encryption methods could lead to unauthorized access to financial records, transactions, and personal information, causing severe financial and reputational damage.

Privacy: a universal concern

Enterprises across various verticals, including healthcare, finance, and retail, that store personally identifiable information (PII) and protected health information (PHI) are particularly vulnerable. Quantum computers could decrypt sensitive data, leading to privacy and security breaches.

This domino effect underscores the urgent need to prepare for and mitigate the quantum threat to protect global digital security.

The quantum countdown

While fully operational, large-scale quantum computers are not yet a reality, the rapid advancements in quantum research suggest that it is only a matter of (short) time before they become a tangible threat. The tech community is already racing to develop quantum resistant cryptographic algorithms and solutions to safeguard our digital future. Urgent action is required to upgrade our security measures and protect against the looming quantum threat.

Preparing for the quantum era

The looming threat of quantum computers necessitates proactive measures to safeguard digital security. Here are some recommended technologies

Post-quantum cryptography (PQC)

PQC involves developing cryptographic algorithms that are resistant to quantum attacks. These algorithms provide security against both classical and quantum computers. The National Institute of Standards and Technology (NIST) has recently finalized a set of PQC algorithms, which is a part of the process initiated in 2016.

Quantum key distribution (QKD)

QKD leverages the principles of quantum mechanics to create secure communication channels. Unlike classical cryptography, QKD can detect eavesdropping attempts, making it an attractive option for securing data against quantum threats. QKD is already being deployed in specialized applications requiring the highest security levels.

Hybrid approaches

A practical approach to transitioning to quantum-safe security is to use hybrid systems that combine classical and quantum-resistant algorithms. This ensures that even if one system is compromised, the other can provide a fallback layer of security.

Conclusion

As we stand on the brink of a quantum revolution, recognizing the potential threats and preparing for a quantum-secure world is crucial. Awareness and proactive measures will be essential to ensure that quantum computing enhances our technological landscape without compromising digital security. The transition to quantum resistant security is imperative, requiring collaboration between researchers, industry, and governments. By adopting post-quantum cryptography (PQC), which is already being developed and implemented, and quantum key distribution (QKD), which is still developing, along with hybrid approaches, we can safeguard our digital assets and prepare for the quantum computing revolution.

References

[i] Arute, Frank, et al. "Quantum supremacy using a programmable superconducting processor." Nature 574.7779 (2019): 505-510.

[ii] Bravyi, Sergey, et al. "High-threshold and low-overhead fault-tolerant quantum memory." Nature 627.8005 (2024): 778-782

[iii] Shor, Peter W. "Algorithms for quantum computation: discrete logarithms and factoring." Proceedings 35th annual symposium on foundations of computer science. Ieee, 1994.

[iv] Grover, Lov K. "A fast quantum mechanical algorithm for database search." Proceedings of the twenty-eighth annual ACM symposium on Theory of computing. 1996.

Latest Blogs

Share this post:

• Share on Facebook
• Share on Twitter
• Share on Linkedin