Quantum Computing and the future of IT Security

Aaron Searles

East Carolina University

Abstract

Quantum Computing is an emerging field in computer science with the predicted abilities to be far greater than the classical computers we use today. “Quantum computers leverage quantum mechanical phenomena to manipulate information. To do this, they rely on quantum bits, or qubits.” This allows for exponentially greater computational power when compared to even the most powerful classical computers. With this new technology in development many have concerns over IT security as quantum computers are predicted to break common public-key cryptography schemes. This would be a devastating blow to IT security as encryption would no longer have the same amount of protection it does today. In this paper you will find an exploration into this concern as well as possible solutions as well as other possible uses for quantum computers as they relate to IT security.

Quantum Computing and the future of IT Security

While quantum computers are still in their infancy, they eventually will be able to solve problems far too complex for classical computers to solve. The main concern over this is the ability to solve algorithms behind encryption keys. These encryption keys are used to protect our own personal data as well as all data being stored in computers in general. The security infrastructure that we use to protect all types of data would be redder useless in a short amount of time.

Shor’s Algorithm

Encryption today is largely based on complex” mathematical formulas that would take today’s computers an impractically large amount of time to decode.” To illustrate this, it is easy to take two numbers and multiply them together in order to create a product. However, it is much harder for a computer to start with a large number and factor it into its two prime numbers. Quantum computers with enough qubits can “easily factor large numbers and break the code.” The algorithm that was developed to do this very thing is known as Shor’s algorithm, developed by Peter Shor.

If quantum computers develop to a sufficient level to run this algorithm, then the encryption methods we use today such as the ones behind RSA will be broken. This means that the way we use encryption over the internet today would become ineffective and data could be stollen a lot easier. Data authenticity and integrity would no longer be a guarantee as it is transmitted. While this reality is far into the future, now is the time to think about possible defenses against this kind of threat.

Nationally Sanction Cyber Attacks

The first institutions that are likely to use quantum computing for cyber-attacks most likely will be government agencies. Due to the nature of quantum computer and the large cost of developing and using them, only wealthy governments will have the resources in order to use such computers. What this means for cyber security in nationally sanctioned cyber-attacks on other foreign governments. As computers and network technology grows, governments around the world have used them to attack other countries. This takes the form of information hacks as well as things like power grids and water treatment facilities and even election related matters. According to the Center for Strategic & International Studies (CSIS), hundreds of cyber-attacks have been orchestrated by government agencies around the world since 2006.

Once quantum computers become powerful enough, they may be use by powerful governments to break other foreign government’s encryption methods. It is clear that national sanctioned cyber-attacks is prevalent in today’s societies, and governments are constantly looking for tools in order to make hacking easier. In 2018, Congress signed the “National Quantum Initiative Act” which aims to streamline quantum computing development in the US. Individual threat actors will not have access to quantum computers anytime soon making this encryption breaking concern for only the most powerful entities such as national governments.

Quantum-Safe Cryptography.

One possible solution to the concern over the quantum computer’s potential to break encryption methods is the development of Quantum-Safe Cryptography. Also known as “post-quantum or quantum-resistant, refers to cryptographic algorithms that are known to be resilient to quantum computer-enabled attacks.” Since current popular public-key algorithms such as RSA and ECC depend on “the difficulty of factoring large prime numbers,” they can be broken by Shor’s Algorithm thus making them vulnerable. While quantum-safe cryptography is not fully developed they are already making significant progress and are preparing draft standards as soon as 2022. “NIST will likely standardize multiple algorithms for digital signatures to replace the signatures specified in FIPS 186-4 (such as RSA, DSA and ECDSA), as well as multiple key-encapsulation mechanisms (KEMs) algorithms to replace the key-establishment algorithms specified in NIST SP 800-56 A/B (such as DH, ECDH, MQV, and RSA OAEP.)”

Ultimately what this means is the concern over quantum computers breaking security is well under control. It will be a long time before a quantum computer is powerful enough to break the current encryption methods we use as of now. The most powerful quantum computer as of today is IBM’s quantum computer with under a hundred qubits. The early estimations for how powerful a quantum computer may be to break the RSA encryption method is several million qubits. We have ample amounts of time and security protocols to deal with this kind of problem.

Man-In-The-Middle Attack Defense

A Man-In-The-Middle Attack is when an attacker secretly positions themselves to intercept transmissions between two parties over a private connection to steal and/or alter data. This kind of attack is one of the reasons IT security is needed in the first place. When data over a network is compromised it does harm to whom ever that data belongs too. Corporations may be losing trade secrets or future plans for projects as well as any other thing that data might entail. These kind of attacks among others are the reasons for IT security in the first place and any defense against them is greatly valued.

Using a hypothetical Quantum Internet where quantum computers can directly communicate to each other man-in-the-middle attacks may become ineffective all together. They way this works is due to the nature of quantum particles themselves. When a quantum particle is being used in a quantum computer, they become qubits. Since photons themselves are quantum particles they can be used to transmit data. Using existing fiber optic cabling, quantum transmissions are already here and being used by classical computers in the form of regular bits. The changes for a quantum computer, however, as using a third-party computer in a man-in-the-middle attack to observe the qubit in transit will alter the qubit thus making it instantly detectable.

The physics behind this technology in the form of qubits is complicated and knowledge of it isn’t needed on order to use such a machine. Just know that when you use a machine to observe a quantum particle you directly interact with it thus changing it. This makes the qubit lose its quantum state and unusable. What this means when talking about a “Quantum Internet” is that we will be able to know instantly if the data in transit was intercepted. Today a network hack can happen without the knowledge of the network administrators. Several days, weeks, and months can pass without knowledge of a network breach. With this technology we can know instantly if a third-party has attempted to collect data. Thus, attacks that rely on data in transit simply will become ineffective when using a quantum internet.

Conclusion

The concern over quantum computing and IT security is founded but not without its defenses. While early uses of quantum computers may be used by nation-states to conduct espionage, individual threat actors will have a hard time finding access to a quantum computer. With the development of quantum-safe cryptography comes the solution to quantum computers potential to break popular encryption algorithms we use today. In short IT security will survive the added tool of quantum computing. As this technology develops it becomes clearer that IT security has to potential to increase IT security such as the nature of qubits and their inherent defense against man-in-the-middle attacks.

References

IBM Cloud Docs. (n.d.). IBM. https://cloud.ibm.com/docs/key-protect?topic=key-protect-quantum-safe-cryptography-tls-introduction

Post-Quantum Cryptography | CSRC. (n.d.). Csrc.Nist. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography

Corporation, I. (n.d.). What is Quantum-safe Cryptography? ISARA Corporation. https://www.isara.com/resources/what-is-quantum-safe.html

Significant Cyber Incidents. (n.d.). Center for Strategic and International Studies. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents

Dahmen-Lhuissier, S. (n.d.). ETSI - Quantum - Safe Cryptography, Computing Cryptography. ETSI. https://www.etsi.org/technologies/quantum-safe-cryptography

Authors, T. G. (2016b, December 5). Is Quantum Networking The End of Man-in-the-Middle Attacks? The State of Security. https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/quantum-networking-end-man-middle-attacks/

QuantumXC. (2020, February 6). The Quantum Computing Impact on Cybersecurity. https://quantumxc.com/quantum-computing-impact-on-cybersecurity/

H.R.6227 - 115th Congress (2017–2018): National Quantum Initiative Act. (n.d.). Congress.Gov | Library of Congress. https://www.congress.gov/bill/115th-congress/house-bill/6227

Sharma, N. (2021, April 16). Emerging Trends of Quantum ComputingThe Emerging Trends of Quantum Computing Towards Data Security and Key Management. Archives of Computational Methods in Engineering.* https://link.springer.com/article/10.1007/s11831-021-09578-7?error=cookies_not_supported&code=76552208-2f4e-44ef-ac6c-03bc40811c7a

Badertscher, C. (2020, December 7). Security Limitations of Classical-Client Delegated Quantum Computing. SpringerLink.* https://link.springer.com/chapter/10.1007/978-3-030-64834-3_23?error=cookies_not_supported&code=e77366dd-1178-4571-b0dc-4c1b83d9baf6