Quantum Computing and Cybersecurity

By Louise E. Turner

When quantum computing is discussed, the topic of cyber security often follows close behind. Quantum decryption algorithms pose dangerous threats to cyber security as we know it today, but conversely, quantum cryptography also provides incredible opportunities for secure communications. 

The Quantum Threat 

Because quantum computers operate based on a new probabilistic framework, they can complete tasks thought never to be possible in a human lifetime. Unfortunately, some of these tasks include breaking widely used encryption algorithms thought challenging to break. One such example is Rivest-Shamir-Adleman (RSA) encryption, a well trusted standard in cryptography. RSA is used as a central part of all communications as well as in initiating over 90% of internet connections (Forbes). In simple terms, RSA encryption is based on prime factorization, which becomes exponentially harder to perform as the numbers to be factorized grow larger. With today’s fastest supercomputer, it would take almost 300 trillion years to break current RSA encryption (Digicert). This timeline can be reduced to a matter of days if a powerful enough quantum computer emerged.  

Although a quantum computer powerful enough to break RSA and similar encryption systems does not exist yet, the threat still looms as our timeline for encryption migration shortens. 

NIST Standards for Post Quantum Encryption – Not the end of the Story 

In 2016, The National Institute of Standards and Technology (NIST) launched their post-quantum cryptography project which aims to standardize one or more quantum-resistant cryptography algorithms (CSRC). After years of testing, NIST has narrowed down the 69 candidates for standardization to just 4. These 4 algorithms are projected to become standardized in the summer of 2024 and are as follows: CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+. Although a big step in the right direction, these standardizations do not mark the end of the threat to cyber security since quantum or classical decryption algorithms could potentially be developed in the future that could break these protocols. 

Furthermore, it is widely predicted that we may have quantum computers powerful enough to break RSA in 10-20 years. Initially that seems like a long time, but when considering that it can take 10-20 years to fully implement new cryptographic standards, the migration period becomes a race. The NIST post-quantum encryption standards prove that we are getting closer to becoming quantum safe, but organizations will have to start upgrading sooner rather than later to ensure that their information is secure.  

Cyber Security Opportunities – Quantum Key Distribution 

The incredible potential power of quantum computing poses many threats to cyber security as we know it today, but it also presents some incredible opportunities.  

Quantum Key Distribution (QKD) is a secure communication method executed by quantum computers either over satellite or specialized fiber optic cable. QKD uses transmitted single photons read randomly to create truly random encryption keys. Not only does this randomness ensure security, but due to the nature of quantum mechanics these transmitted photons cannot be eavesdropped upon. Because quantum systems get disrupted once observed, if a third party intercepted a QKD transmission, that transmission would break or otherwise present obvious signs of tampering.  

QKD is intended to be used for critical data such as government and military communications and will likely not become widespread in the near future due to its specialized nature. In Canada, the Quantum Encryption and Science Satellite (QEYSSat), a satellite designed to test QKD in Canada, has its launch planned for 2025. This satellite, along with the multiple satellites launched and tested by Russia and China, shows just how interested governments are in testing and implementing QKD for secure communications.  

Quantum computing and cyber security are two highly interlinked topics. While quantum computing poses threats to current encryption, it also presents next generation opportunities in the form of Quantum Key Distribution. As these fields continue to grow and evolve, more threats and opportunities may arise. The future of data and communications security is a fascinating one that is sure to move in amazing directions.