Quantum computing a threat to cyber security, says report
The report estimates that there is a one-in-seven risk that these technologies will undermine some of the most critical public-key cryptography tools within the next 10 years, and a 50% risk that many of these tools will be obsolete by 2031. Public-key cryptography is the foundation for digital commerce at many large organizations, including financial institutions, online retailers, and government agencies.
According to Dr. Michele Mosca who wrote and researched the report, “Quantum physics has surely been one of the most unexpected threats to cybersecurity. As we learn to handle attacks from currently familiar sources, cyber criminals are finding new ways to attack our cyber systems.”
Dr. Michele Mosca is a special advisor on cybersecurity to the GRI, co-founder of the Institute for Quantum Computing at the University of Waterloo and a founding member of the Perimeter Institute for Theoretical Physics.
The threats stem from the power of quantum computing to execute tasks far beyond the reach of conventional computers. Existing computers use long strings of “bits” that encode either a 0 or a 1. By contrast, quantum computing enables the bit to embody the 0 and 1 states at the same time. By manipulating a large collection of quantum bits, known as qubits, a quantum computer can process countless configurations of 0s and 1s simultaneously.
For years, quantum computing was largely a branch of fundamental physics and computer science, but it is gradually being harnessed in technologies with the potential to support ground-breaking and creative applications such as high precision measurements and medical imaging.
“As the ideas continue to move toward working technologies and then to solutions for real problems, there is a global race for industry leadership in quantum technologies,” the GRI report notes. However, it adds, “one unintended consequence is that these technologies will break some of the cryptographic tools currently underpinning cybersecurity.”
One example is digital signatures, a fundamental requirement for online security. These signatures allow a verifier, such as a user’s browser, to confirm that a piece of code comes from a trusted source and has not been tampered with. Another basic security function is establishing the security key that encryption algorithms use to protect confidentiality.
The report cautions that “when the cryptographic foundations on which a cyber system is built are fundamentally broken, the system will crumble with no quick fixes. A fail-safe replacement generally takes years to develop.”
It underlines the urgency of developing “quantum-safe” cryptography to guard against these threats. “It is very important that we are not caught off-guard and forced to fire-fight a threat that takes years of preparation to properly defend ourselves against,” the report adds.
Even so, the report notes, “there are no silver bullet solutions to achieve cybersecurity. No one technology, no one vendor and no one project will ultimately suffice. What is needed is a strong cyber immune system, capable of quickly detecting new unexpected threats and acting quickly to deal with them.”
The full report is available at https://globalriskinstitute.org/publication-type/research-reports.
Related articles:
Encryption technology against quantum computer attacks identified
Cybercrime and ‘Internet of Threats’ to cost businesses over $2T by 2019
Cybersecurity is fertile breeding ground for startups, says report
IoT Security Foundation launches, takes on cybersecurity
Diamond qubits offer step toward quantum computing