What is Quantum Computing?
Quantum computing is the use of quantum-mechanical phenomena such as superposition and entanglement to perform computation. Computers that perform quantum computations are known as quantum computers. Quantum computing can solve and calculate complex and incredibly large numbers and can preform complex computation problems which cryptography relies on. RSA encryption is specifically based on integer factorization at a very complex level, something a quantum computer could solve rendering the encryption useless.
Quantum computers are made up of qubits which are different to traditional models of computing with a bit representing a "0" or "1". A qubit or quantum bit are vectors of complex numbers representing probability amplitudes representing the superposition of a zero or one.
Another concept that makes up quantum computing is known as "entanglement". Entangled qubits affect each other instantly when measured, no matter far apart they are, based on what Einstein euphemistically called “spooky action at a distance.” Some quantum safe encryption advocates postulate that we simply need to increase the difficulty of the problem that needs to be solved to decrypt the data.
Quantum Computing and Security
With the rise in research and development in quantum computing, cryptography as we know it will have to adapt or risk being broken. Quantum computers will use quantum physics to efficiently process information and solve problems that are impractical to solve using current computing capabilities. Quantum computers that are available now are not sufficiently powerful enough to break cryptography, but the technology is advancing quickly and could be available by the 2030s. However, threat actors can steal encrypted information now and hold on to it until a sufficiently powerful quantum computer is available to decrypt, read, or access the information, even well after the information was created.
Some key judgements on cryptography and quantum computing include:
- There is a realistic possibility that within 7 years, organisations with access to a quantum computer may be able to train machine learning models to aid detection of cyber threats more effectively than on a classical computer.
- Post-quantum algorithms that are resistant to attack by both quantum and classical computers will likely be approved by NIST by 2024, whilst full adoption is expected to take significantly (potentially decades) longer.
- It is difficult to predict when a computer with the necessary power to break current cryptography will exist.
- Within 10 years it is likely that quantum sensors will increase the range from which TEMPEST attacks can be conducted, although close physical access will still be required.
Now the focus is on post-quantum cryptography to ensure that when quantum computers available to organizations, encryption will be strong enough to keep information safe. Quantum-safe (sometimes referred to as Post-quantum cryptography, quantum-proof, or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer.
Even though current, publicly known, experimental quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat.
Quantum Resistant Cryptography
Although there are many different avenues that industries are exploring when talking about quantum safe computing, two of the main ones are Lattice cryptography and multivariate cryptography. For a bigger and more comprehensive list see the NIST publication on Post-Quantum Cryptography.
Lattice cryptography encrypts data inside mathematical lattices and is considered unbreakable (without a backdoor). It has an additional benefit in that it can be used to perform processes on an encrypted file without decrypting its data first -- a technology called Fully Homomorphic Encryption.
This includes cryptographic systems such as the Rainbow (Unbalanced Oil and Vinegar) scheme which is based on the difficulty of solving systems of multivariate equations.