Cyber security and quantum computing

In a recent poll on our LinkedIn page, we asked people what they believe the biggest security challenges in the coming years would be. The results are in: the majority of voters consider quantum computing to be the biggest upcoming challenge for securing our online world.

• Quantum computing: 56%
• AI and LLM attacks: 25%
• IoT security: 19%
• Advanced authentication: 0%

 

What is quantum computing?

In short, quantum computing is a revolutionary technology that replaces the traditional bits in a computer’s processor with qubits. Where a single bit has two states (0 and 1), a qubit (or quantum bit) can be in a state of 0, 1, or any quantum superposition of these states.

Traditional bits are deterministic. They have a clear, defined state, as opposed to the probabilistic nature of qubits – which also leads to larger error rates. Compensated of course by the exponential increase in processing power and speed.

Quantum bits can also be entangled with other qubits. No matter the distance between them, when qubits are entangled, the state of one qubit is directly related to the state of another. This was dubbed “spooky action at a distance” by Albert Einstein himself. And spooky it is, not only on a conceptual level, but also on a very practical level for cybersecurity.

 

What is the current state of quantum computing?

One of the first questions we can ask ourselves is: When will quantum computing be commercially available and deployed for mainstream usage? In its current state, quantum computing is mainly still in a research phase. But geared towards developing more stable qubits, increasing qubit count, and reducing error rates. There are already a few companies like IBM and Google who offer quantum computing solutions in the cloud. They allow researchers and businesses to experiment with quantum algorithms.

In the near term, quantum computing is likely to be used for specialized applications in fields like cryptography, materials science, and complex system modeling. Rather than with general-purpose computing. It will likely be a matter of decades before you open up your quantum laptop on your desk at home to start working at lightning speeds.

 

Offense versus defense

So how about security and quantum computing? There are both risks and opportunities in this story. In the first place, quantum computers could be used by malicious hackers to gain access to traditional systems. This because the enormous speed of quantum computers and the ability to accelerate brute-force attacks. Breaking encryption will be the largest risk by far, undermining algorithms like RSA, a cornerstone of modern secure internet communications. Traditional authentication systems will have to be revised radically. Another risk might be eavesdropping in quantum networks, given qubit entanglement.

From a cybersecurity perspective, there are also some upsides. At least two principles can be used to counter the hazards to current encryption methods: QKD and PQC. Say what now? QKD stands for Quantum Key Distribution. Essentially a key is distributed over a quantum network, and thanks to the entangled state of the qubits, any attempt at eavesdropping can reveal the presence of an intruder, given the curious property of qubits that their state can only be determined after being observed or measured (think of poor Schrödinger’s cat).

PQC is Post-Quantum Cryptography, referring to cryptographic algorithms believed to be secure against an attack by a quantum computer. NIST and other organizations are already in the process of standardizing PQC algorithms to replace or augment current vulnerable algorithms.

 

Conclusion

Even though quantum computers are not yet omnipresent in daily life, it is clear they are on the rise, given the fact that some cloud computing companies already offer quantum computing solutions. Luckily, from a security perspective, there are already some initiatives starting to use the very same powerful and fast infrastructure to prevent and mitigate any new threats emerging in the quantum realm. Likely this will also have an impact on how penetration testing – and for that matter also functional testing and performance testing – will evolve. But for now, we can rest easy while we’re still working on our soon-to-be obsolete and comparatively slow devices.