You don’t need to fully understand the algorithms or scientific theory behind how quantum computing works to recognize its potential to disrupt modern cryptography and enterprise IT security.
Quantum computing is not simply the evolution of high-performance computing. Instead, it represents a completely new perspective on computing itself, relying on qubits — as opposed to bits — that represent the probability of being a 1 or a 0 simultaneously. The theory is certainly more complex than I’m qualified to explain, but the important takeaway is that quantum computers have the ability to perform calculations that classical computers cannot. In fact, the term quantum supremacy is used to describe a milestone in which a universal quantum computer performs a task beyond the capability of a conventional computer within a reasonable amount of time.
Why is quantum computing emerging now?
Quantum computers exist today, but so far, none has achieved quantum supremacy. However, we may not be far off.
In March 2018, Google announced a 72-quibit processor and said its researchers were “cautiously optimistic” that the computer could achieve quantum supremacy. This achievement would represent an important landmark, but it wouldn’t sentence traditional computers to the junkyard. Widespread use of quantum computing is a ways off — but maybe not quite so long as you might think.
If quantum supremacy is realized over the next year, many researchers believe we could see a steady progression to more powerful systems. Some believe a universal 2,000-qubit system could be as few as five to 10 years away.
How does it affect IT security?
Systems passing sensitive information across the internet — passwords and credit card numbers, for example — rely on public-key cryptography for security. It’s the multiplication of prime numbers and the sheer computational effort needed to find the factors of the resulting product that make this encryption work.
A 2,000-qubit system would represent an ominous milestone for quantum computing and encryption: a system capable of breaking some public-key cryptography algorithms. Five years is certainly an optimistic estimate, but with quantum computers on the way, the clock is ticking for some forms of modern cryptography that protect businesses and their customers.
Quantum computers — even the limited systems in use today — require specialized and expensive infrastructure. They must operate at near-absolute zero temperatures shielded from outside noise (i.e., radio waves, light or magnetic fields) that can cause errors. It’s unlikely that your average business — never mind an independent hacker — would be able to maintain a quantum computer on premises for the foreseeable future.
Instead, the commercial future of quantum computing is in the cloud. IBM offered a glimpse into its plans for quantum computing when it made its 50-qubit quantum processor available to researchers as a cloud service. The truth is, if any system exists that’s capable of breaking commonly used cryptography methods, you can’t assume your data is safe.
Perhaps the more immediate threat is quantum computers we don’t know about. It’s foolish to believe governments around the world aren’t actively researching quantum computing for national security reasons. Given the technology’s potential to disrupt secure communications, it’s easy to imagine a modern-day Manhattan Project for quantum computers and encryption. Does a 2,000-qubit computer already exist, hidden in a bunker somewhere?
The 2013 revelations of the U.S. National Security Agency’s PRISM surveillance program worried many IT professionals. Some even said they feared it was no longer safe to use U.S.-based cloud providers or IoT-device builders. The details we learned about the program proved that, when it comes to government intelligence agencies, we don’t know what we don’t know.
What do you need to do to prepare?
Popular cryptographic algorithms in use today, including the Rivest-Shamir-Adleman algorithm and Digital Signature Algorithm, will not be secure from attacks by quantum computers. The National Institute of Standards and Technology (NIST) has begun work on how to define new standards for the era of post-quantum cryptography. NIST held a standardization conference in April 2018 and expects to release new draft standards by 2024. IT professionals should identify the information that may be at risk in the era of quantum computing and encryption’s face-off, and research these new standards and practices.
Quantum computing holds immense potential to disrupt IT norms and enable new workloads, but it also poses a very real threat. And while quantum supremacy seems akin to science fiction today, if optimistic estimates prove true, organizations have a lot of work to do to secure their systems over the next five to 10 years.