Background Image

Quantum Computing: A Double-Edged Sword for Cyber Security

Charlotte Bass

October is Cyber Security Month and the perfect time to delve into a topic that has been capturing our interest: quantum computing and its potential to disrupt cyber security.

The Quantum Leap in Complexity

Inserting the term ‘quantum’ before any concept instantly increases its perceived complexity. Remember the basic physics you were taught it at school? You would have learned that it’s the study of energy and its behavior—whether through mechanics, heat, or light. Simple enough. But add ‘quantum’ to make it quantum physics, and the topic suddenly feels far more complex and out of reach for the average adult, let alone school pupil.

What is Quantum Computing?

We all know that computing involves using technology to complete goal-oriented tasks. As for quantum computing, in layman’s, it uses quantum mechanics (a branch of physics that studies the behavior of matter and light on the atomic and subatomic level) to solve complex problems faster than traditional computers.

The Threat: A New Era of Cyber Risks

The relationship between quantum computing and cyber security is one of both opportunity and threat. True, it has the potential to revolutionize cryptography but it also threatens to undermine many of today’s encryption methods. For example, current encryption practices rely on computers not being able to factor large numbers or solve discrete logarithms – these codes are simply too complex. Quantum computing, however, can factor large numbers quickly. Therefore, should quantum computers become widely available, sensitive data held by organizations, including banks, financial institutions, and government agencies, could be at risk.

Currently, ‘off-the-shelf’ quantum computing isn’t available, so this threat has remained somewhat theoretical. However, this month, researchers from Shanghai University claimed to have used a quantum system to attack a Substitution-Permutation Network (SPN) structured algorithm, key to encryption standards like AES. They cracked a 22-bit key — and while this is much shorter than those used in practice, the achievement marks the first time a quantum computer has posed a credible threat to full-scale SPN algorithms.

If nothing else, this event underscores the urgency for organizations to reconsider their current data protection methods. As we’ve seen with AI, when a technology truly ‘takes off’, you don’t want to be left lagging.

The Opportunity: Strengthening Cyber Defences

Despite the success of the Chinese research team, it is likely that we have a few years before quantum computing represents an omnipresent threat. Nevertheless, malicious parties could still steal encrypted data today with the intent to decrypt it later, so IT teams shouldn’t rest on their laurels. Organizations holding long-term sensitive data must pay close attention to the threat and move soon to update infrastructures that rely on current encryption protocols.

Transitioning to quantum-resistant cryptography is a major challenge; it requires updates to all systems and infrastructures and that isn’t something that can be completed in a week, or even a month. It may feel too soon to make such sizeable investments (both in time and money), but the long-term benefits will far outweigh the risks of carrying vulnerable data once quantum computing has matured. There are teams dedicated to supporting businesses through this period; SandboxAQ offers numerous solutions to businesses undertaking this shift, including tools like the open-source framework, Sandwich, which is designed to improve cryptographic agility.

The Future of Cyber Security

The threat is clear, but so is the opportunity. Yes, quantum computing provides a window to break apart codes, but it also enables cybersecurity professionals to raise their existing encryption standards.

Post-quantum cryptography (PQC) is a term that’s quickly gaining traction in the world of cybersecurity, and for good reason. It refers to the development of cryptographic algorithms designed to withstand attacks from quantum computers. Techniques like lattice-based cryptography are already helping governments and high-security organizations safeguard sensitive data against future quantum threats. It’s no surprise then, that some major players are investing heavily in PQC with the expectation that it will become the go-to standard for encryption. In Germany, for instance, the Federal Office for Information Security (BSI) is collaborating with the American National Institute of Standards and Technology (NIST) to establish PQC standards and drive the adoption of quantum-resistant algorithms. Most recently (in August 2024) NIST introduced three algorithm standards (ML-KEM, ML-DSA, SLH-DSA). In the corporate sphere, companies such as Microsoft and Post-Quantum are also contributing; Post-Quantum’s Hybrid PQ VPN is currently being trialled by NATO.

It’s not all PCQ

Taking a small sidestep away from standards, quantum computing can also be used to develop stronger encryption techniques that prevent eavesdropping on communications. Quantum Key Distribution (QKD) takes a different approach to PCQ. It uses quantum mechanics to create and share unbreakable security codes. If a hostile actor intercepts a quantum key, relevant parties will be alerted. Meanwhile, beyond encryption, quantum computing is expected to advance machine learning and AI, enhancing software’s ability to detect cybersecurity threats. Its vast processing power can accelerate the detection of malware, DDoS attacks, and other cyber threats in real time. By strengthening cryptographic systems, it will empower cybersecurity experts to pre-emptively identify vulnerabilities in algorithms.

Embracing the Quantum Future

In summary, while quantum computing represents a significant threat to cyber security, it is also offering groundbreaking opportunities for data security and threat mitigation through stronger, quantum-resistant cryptographic solutions. Governments and industry leaders are already working on post-quantum cryptography to secure our digital world, and while this transition may be challenging, it is critical to the security of these organizations. As quantum computing evolves, it will be those groups that have proactively adapted that will be best positioned to defend against future threats and leverage the power of quantum technology for stronger, more resilient cyber security.

As for the impact these changes have for communications leaders at cyber security companies, their focus must be on education. Internal and external stakeholders need to be made aware of potential risks alongside any steps the business is taking to mitigate them. This would include developing a clear communication strategy, crisis communication plans, and regular updates on the progress in adopting or developing quantum-resistant technologies.

By promoting innovations, and fostering a culture of security with the stakeholders – particularly customers, organizations will be better placed to retain trust as we enter the quantum era.