Arthur C. Clarke, the famous English science fiction writer, had once noted that any sufficiently advanced technology is indistinguishable from magic. Back in the 1960s, he was probably thinking about space exploration, which was the hottest and most impressive topic of that decade. Since then, however, spacecraft have unfortunately lost a large portion of their glamour, becoming instead reliable workhorses for the industry. A few other revolutionary technologies have met the same fate during the later decades as well – the Internet, mobile communications, electric vehicles, etc. The buzzword du jour, Artificial Intelligence, will become another part of our daily routines pretty soon as well.
Quantum computing, however, is still viewed by the public as something truly magical and simultaneously completely unrealistic. Perhaps, this can be explained by the lack of a “killer app” that would demonstrate immediate usefulness of the technology to average people, like ChatGPT did for generative AI. Or simply because quantum mechanics is something that requires substantial effort to wrap your head around. Sure, most of us still vaguely remember from school that subatomic particles can exhibit properties of both particles and waves, and some might even have heard about quantum entanglement and superposition, but how exactly does it make extremely fast computing possible?
Well, it does not. Quantum computers are not supposed to replace classical ones, which are based on binary logic implemented with semiconductor-based logical gates. They won’t make existing algorithms any faster. They do, however, allow us to design entirely new algorithms that can solve mathematical problems that were previously impossible. Such developments started to emerge back in the 1980s, but remained largely an academic exercise until Peter Shor devised a quantum algorithm for breaking popular encryption methods. Finally, quantum computing caught the interest of businesses. And intelligence agencies, of course.
Sure, there are many other potential applications for this technology – modeling natural processes in physics and chemistry, creating new fuels and batteries, designing more efficient drugs, and so on. Quantum computers are also great for modeling quantum processes, helping us understand the origins of the universe. Businesses are ready to invest, and vendors are busy developing hardware to run all those workloads.
Unfortunately, even a single quantum bit (qubit) – a basic element of a quantum computer – is an extremely sophisticated and fragile device that depends on things like liquid helium to operate. The largest currently existing prototypes contain up to 1000 of such elements, and yet, it is projected that future “proper” quantum computers might need millions of them. Quantum computers are also prone to noise caused by insufficient isolation from the environment – noise that reduces the reliability of hardware and introduces errors into calculations. To put it simply, quantum computing nowadays can be compared to the early days of aviation – experts just cannot agree how many more years it will take until we see practical, working, error-proof computers. But it definitely won’t happen tomorrow. Or will it?
A more interesting question, however, is how all this is related to cybersecurity. We already know that quantum computing can potentially make existing cryptography obsolete overnight. This would have massive implications on the entire digital economy of the world – everything from secure network connections to public cloud services to distributed ledgers and cryptocurrencies depends on the inability of a malicious actor to break this encryption. Modern cryptography relies to a large degree on the fact that classic computers cannot solve the underlying mathematical challenges. Yet, it has been established that a sufficiently powerful quantum computer can do it easily using Shor’s algorithm. The only open question is when such a computer will become available to malicious actors.
Even though many experts are still quite skeptical about the probability of this happening anytime soon, it is worth noting that the “better safe than sorry” camp is also quite substantial. The entire field of post-quantum cryptography emerged years ago to develop new encryption methods that are resistant against quantum attacks. The National Institute of Standards and Technology (NIST) is leading a standardization program for quantum-resistant encryption methods since 2016 and the publication of new standards is planned for 2024.
However, you don’t have to wait until working quantum computers emerge to start implementing the new standards. In fact, by that time it will definitely be too late. For any business that relies on encryption to safeguard its processes and products (and nowadays, it’s basically any organization, regardless of its size or industry), the notion of cryptographic agility has become a critical part of business continuity.
Cryptographic algorithms become outdated all the time. DES, MD5, SHA1 – they are no longer considered strong enough even against classical brute force attacks and should be replaced everywhere. Sometimes, weaknesses are discovered in specific implementations – remember the Heartbleed incident? Being able to respond to these challenges quickly and to replace cryptographic primitives across your entire organization without massive impact to your business – that’s what crypto-agility is about. Quantum resistance is just another good argument for selling this idea to the board.
One should also not forget about other applications of quantum mechanics to cybersecurity as well. After all, the field of quantum cryptography proper is also quite fascinating. One particular technology relies on the properties of quantum entanglement to implement secure communications between parties that are impossible to eavesdrop on. This can be used to produce a shared secret key that is resistant against any man-in-the-middle attack. Surprisingly, practical implementations of this technology are already available, with record-breaking speeds and distances over 1000 km.
Incidentally, quantum technologies will be a part of the agenda at our upcoming cyberevolution conference that will take place this November in Frankfurt, Germany. If you are interested in expanding your quantum computing horizons, come and meet the experts there!