Quantum computing is still more commonly associated with science fiction than reality. Nevertheless, it’s already become a hot topic in cybersecurity – both as an aid and a threat. As more research focuses on the possibilities of quantum cybersecurity, its utility in the field becomes more tangible. Today, we’ll examine the role that quantum computing will likely play in cybersecurity and AI development and the risks it will pose.
Contents:
Defining quantum cybersecurity
Before we delve into quantum computing in cybersecurity, let’s start by defining the field of quantum computing itself. Despite emerging in the 20th century and undergoing various technological developments since then, quantum computing remains largely a theoretical topic. It’s an imagining of a future where quantum devices create faster machine learning algorithms and develop more intelligent AI systems.
Quantum computers are naturally compared to regular computers – the word “compute” in the name refers to the computers’ ability to parse binary values. Essentially, classic computers, as well as smartphones and tablets, take all input as bits – binary values of 1 and 0 – and translate them into output that can be seen on a screen, such as this blog post, for instance.
Quantum computers approach the input and output with more complexity. Instead of the binary system, quantum computing uses quantum bits. Those qubits, as they are also called, introduce a superposition state of both 0 and 1 simultaneously. While regular computers are limited to calculating each 1 and 0 individually, qubits include values of 00, 01, 10, and 11.
Simply put, quantum computers can parse more values at a significantly higher rate. One of the most practical applications of qubits is processing cryptography schemes that are used for encryption. This application was developed by Professor Peter Schor at MIT in 1994 and is aptly named Schor’s algorithm.
Quantum computing is considered to go beyond the borders of fundamental physics of today and into the particle level of quantum physics. Due to the sophistication and limited practicality of quantum computers, it’s unlikely they will fully replace classic computers. Instead, they’ll be used as tools to parse problems that our current technology does not have the means to solve.
In terms of cybersecurity, quantum computing is expected to be a key player in detecting cyberattacks in the early stages before any significant damage is done. It will probably also be used to develop more robust cryptography standards to provide stronger protections for digital data. More use cases may appear as the technology develops, but researchers can already draw prospects for cybersecurity.
Quantum key distribution and quantum cryptography
One of the biggest prospects seen in quantum cybersecurity is its potential to create fully protected communications channels. Quantum mechanics is being used to develop quantum key distribution and quantum cryptography.
Quantum cryptography (QC) is an umbrella term for encrypted communications that use quantum physics to keep complete privacy between all communication channels and detect any attempts of eavesdropping. Quantum security systems are highly dependent on the concept of quantum cryptography, as it should theoretically solve issues of data replication and obfuscate attempts to read encrypted data.
Quantum key distribution (QKD) is considered a form of quantum cryptography and refers to a mechanism for encrypting and decrypting messages.. It uses a cryptographic protocol to generate a secret key that’s shared and known among a single pair of sender and recipient. Quantum key distribution cannot be used to authenticate the source of the transmission, it’s responsible only for the key creation. The process is hardware-dependent and requires fiber connections to be successfully performed.
Despite the high potential of quantum encryption algorithms, this technology remains too expensive and inaccessible for mainstream implementation in the near future.
From Y2K to Y2Q: bracing for the quantum leap
In the late 1990s, as the internet slowly stretched its reach, scientists started cautiously bracing for the impact that the year 2000 could’ve brought. How would a computer distinguish between a date in 1900 and one in 2000, abbreviated to its last two digits? This problem, titled Y2K, was seen as the ultimate doomsday scenario for the still-fresh global network. The reality was far less dramatic. Errors related to the new millennium were few and far between, and the anticipated financial damages did not materialize.
The quantum era might not be quite on the horizon yet, but quantum researchers are already considering how breakthroughs in quantum computing might impact the internet. Just as January 1, 2000, was supposed to be the day that broke the internet, the day when quantum computing has its breakthrough, aptly named Q-Day, will end cybersecurity as we know it.
The main victim of Q-Day will be the current data encryption algorithms. The arrival of quantum cryptography and its practical implementation will mean that our usual methods will become obsolete, breachable by quantum systems in mere seconds. This would pose a threat to all networks connected to the internet, from individual users to businesses and governments. Y2Q researchers’ focus is in preparing shields once this day comes to minimize the damages.
The exact Q-Day is impossible to predict—it may be years or decades away. This is both an advantage and a setback. Scientists, for now, have time to work out Y2Q scenarios, but they can’t be sure how or when the clock will stop ticking.
Quantum cybersecurity benefits
Most discussions about how quantum security will benefit users are still theoretical, although some use cases are already applicable with the right computational power. Current research shows potential for quantum computing security and cryptography to become the norm, shaping new types of cyber threats and defenses alike.
Perhaps the biggest prospect of quantum computing is its potential scalability. As quantum computers get more widely spread and handle increasing amounts of data, they will be able to offer more computational power. Organizations will then be able to apply quantum mechanics to optimize data management and encoding for business and internal security.
Quantum calculations are essential to developing more advanced cryptographic algorithms known as post-quantum cryptography (PQC). Currently, algorithms are pseudo-random number generators (PRNGs). They cannot generate truly random encryption numbers because the code they’re built on can never be purely random and always follows a pattern.
Thanks to their computational power and use of quantum physics, quantum algorithms are expected to act as truly random number generators (TRNGs). By offering pure randomization, quantum computers will provide the highest possible standard of data security. They will be virtually impenetrable because guessing the random number correctly is patternless.
Instead of using symmetric (AES) or asymmetric (RSA) cryptography, PQC will use new algorithmic models to protect data from pre- and post-quantum threats alike. They will also be able to predict events targeting databases and internal systems before they occur and detect any anomalies that signal breaches.
Quantum-protected communication channels and global networks will also be a possibility in the future. They will use unbreakable encryption keys on all ends of the channels to prevent external parties from interfering. The earliest tests for wireless quantum networks were completed in the early 2000s. Current networks support quantum key communication distribution as long as the transmission does not exceed 100 kilometers of optical fiber. However, it’s anticipated that the quantum internet will join the global network in the upcoming couple of decades. This will allow businesses and individuals to enhance digital safety through a more reliable and resistant network than the current wireless infrastructure.
The risks of quantum computing in cybersecurity
The prospects of employing quantum computing in cybersecurity are broad. However, we cannot ignore the other side of the coin – that the technology can be just as effectively used for nefarious purposes. The UK’s National Cyber Security Centre (NCSC) has already published a whitepaper detailing the potential threats of quantum computing development and how to mitigate them.
Quantum computers can cause trouble when dealing with algorithms. Essentially, algorithms act as instructions for solving various complex mathematical formulas. Classic computers using bits have very limited computational power in comparison to quantum computing. The latter adds qubits to the equation, able to solve these difficult numerical problems much more quickly, as long as there is enough power available.
One of cybercriminals' biggest challenges currently is acquiring encrypted data that they can’t unscramble. Such information is useless as long as it remains incomprehensible, as it’s protected by symmetric or asymmetric encryption algorithms.
The expectation is that the computational power of quantum cryptography would be enough to crack AES and RSA encryption without regular computers detecting it, as the data had already been stolen. If executed, such a decryption event would have the potential to incite one of the biggest mass data breaches in history.
However, as daunting as it may seem, such an incident is still very low-risk. That’s down to the computational power required to execute data deciphering. It would take tens of millions of qubits to break through advanced encryption – a power level that no quantum computer can currently handle.
Quantum decryption is one of the focal research topics in this field. Figuring out how rapidly the technology is developing can make it easier to work on defenses against its potential negative effects. In response to the threats, quantum computing scientists and engineers work on creating quantum-resistant encryption algorithms and the earliest versions of PQCs.
As quantum computers with enough power to cause significant threats to our online presence inch closer to reality, so do algorithmic solutions that will provide even stronger protection to data than the current mainstream cryptography.
Tech companies' strategies against quantum computing risks
While the timeline of quantum computing developments remains murky, the threat landscape is already taking shape, allowing businesses to start considering their defense strategies.
Following the news in the cybersecurity world and seeing how the most recent technologies can be implemented could be a game-changer for many organizations. Companies upgrade the encryption algorithms they use for data protection and ensure the software and hardware are up-to-date and not obsolete. Although such developments aren’t frequent, each breakthrough is significant. For instance, Apple has taken steps ahead of the curve as it implemented the PQ3 post-quantum cryptographic protocol in its messaging service.
NIST is already working on post-quantum cryptography standardization, setting a framework for data protection against classical and quantum threats. This will allow businesses to prepare their quantum computing security strategies for the new era of cyber threats.
How will quantum computing affect artificial intelligence applications?
The topic of quantum computing is intrinsically tied to artificial intelligence. Currently, quantum computing is primarily used for researching and developing machine learning (ML) models, particularly quantum natural language processing (QNLP). Machine learning is used to teach computers to parse large quantities of information, create predictions, and make decisions – the fundamentals of artificial intelligence development.
Artificial intelligence and quantum technology are still in their relative infancy, and the future outlook for both is unpredictable. However, breakthroughs in quantum computing are generally assumed to have direct consequences on AI algorithms and their applications by speeding up machine learning processes.
AI running on quantum computers may also help develop new security strategies. The aforementioned post-quantum cryptography will be a game-changer, introducing different, more randomized, and reliable encryption algorithms. Using quantum AI, security teams will be able to predict complex system attacks and set up defenses promptly.
Current versions of AI are very resource-intensive, requiring massive amounts of power to operate. Trying to run artificial intelligence algorithms on quantum computers with the current technology is still unsustainable. However, as this technology develops, quantum computers will be able to substitute part of AI’s power requirements, making processes both faster and more energy-efficient.
The ideas for AI applications in quantum computing cybersecurity are still highly speculative and can verge into the sci-fi realm. Researchers can only expect that quantum computers will lead to unforeseen breakthroughs in AI development.
Bottom line
Quantum computing has the potential to alter our perception of cybersecurity as we know it today. Given its potential to be used both as a destructive force and as a protective tool, quantum computing in cybersecurity is undeniably a topic that experts cannot overlook. The future beyond quantum physics is hard to imagine. But one thing is certain – the cybersecurity of our data will be as important as ever.
NordPass strives to stay ahead of the curve and is ready to embrace the next big development in quantum cybersecurity. Until post-quantum security becomes a reality, NordPass offers the next best thing. Our password manager uses the cutting-edge XChaCha20 encryption algorithm, invented by post-quantum cryptography researcher Daniel J. Bernstein and already used by some of the pioneers in quantum computing research like Google and Cloudflare.
Start preparing for the quantum future by protecting your organization’s data with an advanced password manager. Keep passwords, passkeys, and other sensitive information in a securely encrypted vault, enable strong IT password management, and stay ahead of data breaches with NordPass.