Since the beginning of computing, information security has played a vital role. In the early 1960’s, passwords and multiple layers of security protection have been introduced to prevent physical access to computers. In the 1970’s and early 1980’s, computers of governments and organizations were linked to the telephone network. Hackers would break in to the telephone networks to steal information from their computers. In 1989, the world wide web became publicly available, almost completely unsecured. Firewalls and antivirus software were developed to make the internet a safer place. In the 2000’s this trend continued resulting in governments further regulating cyber crime. In this decade, data encryption and better information security policies have increased overall data security. As described, the current state of information security has been build up for half a century. Quantum Computing – due to its unthinkable amount of computing power – might make all these security measurements obsolete and completely make us rethink the way we secure our digital and information assets.
So what is Quantum Computing?
Our current computers all run on bits, a binary information storage having 2 states – 0 and 1. Quantum computers use quantum mechanics to exploit information, depending on so called qubits. These qubits can be both 0 and 1 at the same time, using the quantum state or super position. Given that qubits could be 1 and 0 at the same time, a combination of two qubits contains 4 bits of information and a combination of 3 qubits contains 8 bits of information and so on. In this way, adding a qubit will increase computing power exponentially in bits. Practically this shows us that by creating powerful quantum computers, computing power will be increase to an unthinkable level.
However, quantum supremacy has not been reached yet due to technical limitations of the currently developed quantum computers. Big tech sees the opportunity om quantum and invests worth mentioning investments. For example, IBM has launched IBM Q Experience, an online cloud platform to test their developed quantum computers, in 2016. Microsoft has invested in partnerships with major research institutes all over the world, including a vast partnership with TU Delft researchers.
For further information about quantum mechanics and quantum computing I refer to this YouTube video.
How does it affect information security?
This (possibly) immense amount of computing power will affect IT in many ways. Think of the possibilities that Artificial Intelligence combined with the computer power of a quantum computer could have. Will the intelligence of an AI surpass the intelligence of humans? At the same time, the rise in computing power will have its effects on cyber and information security. In this blog, I will further elaborate on the effects on encryption and identity management and passwords.
Encryption
Encryption secures our data every day, including your WhatsApp messages, your iCloud Photo Library and banking details. For now, these companies can guarantee that you details are safe. Although, when quantum computers arise, it has been estimated that it would take quantum power of 4,000 qubits to break today’s ”strong” encryption keys (Adams, 2019). These encryptions will be broken down by brute force, also known as “guessing” the private key of an encryption by almost indefinite calculations. Strong, reliable quantum computers that can break these encryptions will probably not be there yet in the coming years. Nevertheless, weak encryption can expect to be easily broken in the near future (Denning, 2018).
In the future you could break into almost every encrypted information system by using brute force. This sound quite frightening doesn’t it? Luckily, this will probably not be the case. Researchers of the US’s National Institute of Standards and Technology are currently considering a vast number of encryptions that are quantum-resistant. A list of these (plausible strong enough) encryptions are published in the beginning of 2019. Another possibility is quantum key-distribution, which is fairly expensive given the fact that sender and receiver should have a quantum computer.
Identity management and passwords
In fact, passwords and identity management are some form of encryption. Using brute force passwords can easily be hacked within hours, maybe even minutes. So how can passwords possibly be secured? An option could be multiple factor authentication using third parties. Although this will not be completely secure either, since quantum computers could track down these authentications by brute force too. Anyways, using our current way of passwords will not be secure anymore when quantum computers will arise. So please enjoy in the coming years how easy it still is to sign in to your e-mail, Facebook account or computer.
Even though these initiatives, it will take years – maybe decades – for our current global state of IT to adjust to the post-quantum security measures. A global IT-security crisis will break out when this technology comes in hands of criminals. So who is going to tackle this problem? Government and businesses are not very actively seeking for solutions to this disastrous problem.
Quantum computers are not there yet. But when – or maybe if – they are available, we should be prepared. From a security perspective this will mean that all information assets should be safe from people that would want to use quantum computers for criminal purposes. This will probably be done by using post-quantum encryption. Personally I think that quantum computing will completely change our current state of information technology. I feel shuddered thinking about a quantum computer getting in the wrong hands. At the same time, imagine what such computational power could do for our society. What is your opinion about quantum computing? Is it a gift, or a potential threat to our information systems and even society? Let me know what you think in the comments.
References:
https://www.weforum.org/agenda/2019/07/why-quantum-computing-could-make-todays-cybersecurity-obsolete/
https://csrc.nist.gov/news/2019/pqc-standardization-process-2nd-round-candidates
https://moneymaven.io/mishtalk/economics/quantum-computers-will-make-even-strong-passwords-worthless-9TyMxlg6gEiUhY99nJio2A/
http://theconversation.com/is-quantum-computing-a-cybersecurity-threat-107411
https://www.ibm.com/quantum-computing/
https://www.microsoft.com/en-us/research/research-area/quantum/
https://quantum-journal.org/papers/q-2018-08-06-79/pdf/?
https://blog.mesltd.ca/a-history-of-information-security-from-past-to-present
Boixo, Sergio; Isakov, Sergei V.; Smelyanskiy, Vadim N.; Babbush, Ryan; Ding, Nan; Jiang, Zhang; Bremner, Michael J.; Martinis, John M.; Neven, Hartmut (2018). “Characterizing Quantum Supremacy in Near-Term Devices”. Nature Physics. 14 (6): 595–600
I would like to pursue the matter of security you were writing about. Personally, I think that quantum computing could potentially provide many advantages, when it comes to tasks like encryption and optimization. It would only take seconds to solve problems that are now impossible to solve. On the other hand, it is imperative to come up with ideas to keep information safe, as current encryptions could be easily broken. When tackling this problem in the right way, it could contribute to new solutions for information systems.
However, such a machine is probably more than a decade away, but the big tech companies are all working hard to produce the first ever quantum computer.
Hi Onno,
Thanks for the insightful post! I personally believe that most harm will be done the moment that the first personally accessable quantum computers will be on the market. This will be the transition period between normal PCs and quantum PCs. With hackers having access to these quantum computers, they have the opportunity to abuse their power and hack normal PCs with more ease than ever before. I am interested in how you think about the transition between normal and quantum computers! I think government regulations may also play a role in this transition, what do you think?
Overall, I agree with you that quantum computer also has many upsides and can have a huge impact on our society. I also think this report on quantum computing is very interesting, maybe also worth the read for the people on this blog: https://www.accenture.com/us-en/insight-quantum-computing?src=ECAMP