The Impact of Quantum Computing on Cybersecurity: Challenges and Opportunities
In the previous article, we discussed what problmes resolve quantum computing. In this article we put on the “black hat” (reference to the conference and hacker stuff) to delve into the changes, promises and threats posed by quantum computing in the field of cybersecurity.
Quantum communication -> enhanced privacy
Information is a vital part of any society, and the control one has over it determines, to a large extent, one’s ability to think and act freely. In order to protect information from both prying eyes and adversaries, we employ encryption methods, the oldest dating back to 1900 BC.
However, these methods only contemplated one type of communication, written. With the advent of electricity, and later radio, communications required a new method of protection, since messages were transmitted in the open and were easily interceptable. The science of cryptography was born to protect this new communication paradigm. As computing power increased, encryption methods became more and more complex, from symmetric to asymmetric cryptography. However, as we have already mentioned, quantum computing is a revolution in computing power, so current communication systems would be exposed and insecure again. In fact, there is an espionage methodology, known as “Store-now Decrypt-Later” (SNDL), based on the promise of the quantum revolution, which consists of storing as much information as possible, even if encrypted, with the intention of making it readable once the true potential of quantum computers is reached. What options exist in the face of this new threat?
- Fighting quantics with more quantics
Quantum computing has many applications, one of which is the transmission of information. This new mode of communication is much more robust than current methods of digital transmission, due to the principle of superposition of qubits. Recall that this property of qubits makes it possible to represent multiple combinations of 0’s and 1’s simultaneously. However, when reading a qubit, its state “collapses”, taking a binary value (0 or 1). That said, suppose that when sending information by digital method, someone intercepts or listens to the message. If he does not make any modification to the message, it is very difficult to detect it. However, using qubits to transmit the same information, given their physical properties, once a qubit is read its state collapses, and returning it to its previous state is not possible. In the event that the message received differs too much (it is yet to be determined how much is “too much”) from the one sent, it would mean that there has been an interception.
However, at present, this method of communication is very expensive due to the fragility of qubits. It is therefore proposed to use it in conjunction with current digital transmission methods (cable or waves). The encryption keys would be transmitted over a quantum channel and, once the sender and receiver determine that their key has been securely transmitted (no one has intercepted it), they would use that key to send the encrypted data over conventional communication channels (cable or wavelengths). In the event of a malicious actor intercepting the key, as mentioned above, the sender and receiver would easily find out and re-negotiate the keys again.
Different methods of quantum key transmission (QKD) are being studied. A very promising one is via satellite. China launched its own, Micius, in 2016, and the EU has its own, Eagle-1, planned for launch in 2024. Although China claims that its satellite is already operational, it requires a suitable ground base to take readings, and the accuracy of these readings has not been confirmed.
As a future application, the development of a quantum internet, i.e. a network of networks based entirely on quantum principles and not on traditional physical principles, is contemplated. Not to replace the current Internet, but to enhance it, especially for cases where security is of vital importance. Although this application is theoretically possible, it requires an infrastructure still under development: quantum repeaters. Qubits, given their instability, cannot travel long distances. Repeaters are needed to amplify and retransmit the signal. Ideally, these repeaters would use quantum processors, so that the signals do not need to be read to be retransmitted, thus avoiding “collapsing” their state. More in detail, taking advantage of the property of “quantum entanglement”, it has been demonstrated that qubits can be teleported (note, only their state, not the matter, we are not in star trek). This would allow to send information by making jumps, which would facilitate the creation of this quantum internet. The scope of these jumps is still limited and prone to error, so there is still some time for its deployment to be extended. - Post-quantum cryptography
This option, rather than an alternative, is a requirement. Even if we manage to develop affordable and scalable quantum communication technology, during the time of transition and adoption of this new technology there will be a lot of “legacy” systems exposed. A well-known Spanish proverb says “better safe than sorry”, and nothing could be further from the truth, post-quantum cryptography does just that, designing mathematical algorithms that, even using current technology, are resistant to attacks from quantum computers. Although it is on the lips of many, a standard has not yet been reached even though NIST hoped to have one by the year 2024. These algorithms are essential to ensure a secure transition from traditional to quantum computing.
Another area within post-quantum cryptography that deserves special attention is Secure Multi-Part Computation (SMPC). This type of computation allows joint computations between different entities without these entities having to reveal the data between them .
This type of computation is, by design, resistant to quantum attacks, since the shared secrets are split and encrypted in such a way that, even if the encryption is broken, they are meaningless on their own.
Analysis, monitoring
With quantum computing the data processing capacity increases dramatically. Today, this capacity is already very powerful, and with the help of AI, faster and more accurate analysis and results can be achieved. However, quantum computing is a step further. Given the potential of qubits to represent multiple states simultaneously, thousands of possible attack scenarios and their impact could be simulated. This would be a great advantage for organizations that want to protect themselves from sophisticated threats, such as APTs, whose methods and tactics are constantly evolving.
“Better attack prevention. Better risk and impact analysis”
Military applications
Speaking of cybersecurity, the role played by the military and governments cannot be ignored. What today are civilian technologies were originally only for military use. For that reason, quantum computing can be expected to have broad applications for its purposes. There is much uncertainty about the level of development of such technologies and, although they are feasible at a theoretical level and some countries claim to have made advances, the results are not reaching the civilian world.
These advances are:
- Quantum navigation:
Using quantum sensors to measure slight changes in the earth’s magnetic field could detect movement and even position without the need for an external satellite system. This would be a revolution for navigation and positioning, since it is a much more robust system and resistant to jamming attacks. - “Ghost imaging”:
A visual recognition technique developed by the U.S. military that exploits the quantum properties of light to recognize distant objects, even through adverse atmospheric conditions, by launching faint beams of light. Its stealth and effectiveness would be very useful in covert operations. - Quantum illumination
Based on the same principle as “ghost imaging”, this technique focuses on the creation of “quantum radar systems” with the ability to detect distant objects camouflaged in noisy environments, such as aircraft or submarines. This technology would be a “game-changer” in covert operations, making its deployment and development very difficult.
Quantum supremacy
The concept of quantum supremacy moves into the shadows. The first country to master quantum computing will have a huge advantage over all other nations. For that reason, many countries are investing billions in research and development. However, this poses an intrinsic problem: competitiveness. Collaboration agreements between countries are weak and in many cases they do not share data with each other, and even hinder each other. There is a lot of work to be done, especially at the legislative level, so that this technology does not become a weapon within the reach of a few. The power of quantum computing and its contributions can improve technology and society, however, without public and open collaboration, progress is limited and blurred, turning this field into a dark fantasy.
Quantum computing is here, still in development, but it is already in use. Although we are still far from a commercial and reliable use, some of its applications are close to be achieved, and its development is already unstoppable.
So far this post about quantum (cyber)security.
At GiCP, within the framework of the QUBIP project, we follow closely the development and applications of quantum computing. Stay with us to stay up to date.