Quantum Threats to Cybersecurity

Current Threats

Harvest Now, Decrypt Later Attacks – Capture critical encrypted data and keys, then store it until a quantum computer is programmed to decrypt files.

Cryptographically Relevant Quantum Computer (CRQC) – Created and used to break the old encryption. Targets are data that will still be relevant and/or valuable five or 10 years from now (e.g., names of spies in a foreign government, names and social security numbers, crypto block chains, etc.).

Future Threats

Once CRQCs are available, decryption can take place in real time.

How Encryption Works Today

Today, most data is protected using public key infrastructure (PKI) encryption. The encryption key is quickly generated by multiplying two very large prime numbers, the data is encrypted using this key and the data and key are included in the same file. While an encryption key is quickly calculated, classic high-performance computers would take hundreds or thousands of years to factor (decrypt) the key information. Quantum computers would be able to perform these options in milli or microseconds.

Why Is Quantum Computing So Powerful

Get ready to get weird… The power of quantum computing lies in a few basic characteristics:

• Superpositioning – Unlike a classic bit which has two states – 0 or 1 – a single qubit can be in an infinite number of states (simultaneously 0 and 1, an infinite number of state vectors pointing in any direction (Bloch’s sphere) including real and imaginary numbers, until it completes its programming, is observed and collapses into a classic bit (i.e., 0 or 1). Superpositioning also allows the connection of multiple qubits which increases the number of states it can represent exponentially.
• Entanglement – The ability of two (or more) sets of qubits to operate in parallel and continue to be aware of the other set

Solutions

NIST (and others) suggest separating the key from the data. Further, instead of a simple, single pass key production operation, data encryption key production should use lattice or multiple operations of different algorithms in different orders to build an effective encryption key. Pre-shared keys are distributed off-line.

RFCs

Both primer documents below refer to RFC standards and are published by the Internet Engineering Task Force (IETF). This process begins with a request for comment (RFC) published to the IETF community; the engineers weigh in, present, discuss, argue and document until consensus is achieved and a standard emerges. This standard is then accepted by the community.

References

• NIST primer
• Palo Alto primer
• Internet Engineering Task Force RFCs
• Quora

Interested in learning and teaching about quantum Information Science and Engineering (QISE) in your school? Check out these resources:

• The QuSTEAM Initiative
• Sandia National Laboratory Quantum Camp

If you’re interested in Quantum computing in Missouri, we’d love to hear your thoughts and brainstorm.

Chip Byers
MOREnet Chief Technical Strategist
chip@more.net
(573) 884-7655