Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more
Quantum computing (QC) brings with it a mix of groundbreaking possibilities and significant risks. Major tech players like IBM, Google, Microsoft and Amazon have already rolled out commercial QC cloud services, while specialized firms like Quantinuum and PsiQuantum have quickly achieved unicorn status. Experts predict that the global QC market could add more than $1 trillion to the world’s economy between 2025 and 2035. However, can we say with certainty that the benefits outweigh the risks?
On the one hand, these cutting-edge systems hold the promise of revolutionizing areas such as drug discovery, climate modeling, AI and maybe even artificial general intelligence (AGI) development. On the other hand, they also introduce serious cybersecurity challenges that should be addressed right now, even though fully functional quantum computers capable of breaking today’s encryption standards are still several years away.
Understanding the QC threat landscape
The main cybersecurity fear tied to QC is its potential to break encryption algorithms that have been deemed unbreakable. A survey by KPMG revealed that around 78% of U.S. companies and 60% of Canadian companies anticipate that quantum computers will become mainstream by 2030. More alarmingly, 73% of U.S. respondents and 60% of Canadian respondents believe it’s just a matter of time before cybercriminals start using QC to undermine current security measures.
Modern encryption methods rely heavily on mathematical problems that are virtually unsolvable by classical computers, at least within a reasonable timeframe. For instance, factoring the large prime numbers used in RSA encryption would take such a computer around 300 trillion years. However, with Shor’s algorithm (developed in 1994 to help quantum computers factor large numbers quickly), a sufficiently powerful quantum computer could potentially solve this exponentially faster.
Grover’s algorithm, designed for unstructured search, is a real game-changer when it comes to symmetric encryption methods, as it effectively cuts their security strength in half. For instance, AES-128 encryption would only offer the same level of security as a 64-bit system, leaving it open to quantum attacks. This situation calls for a push towards more robust encryption standards, such as AES-256, which can stand firm against potential quantum threats in the near future.
Harvesting now, decrypting later
The most concerning is the “harvest now, decrypt later” (HNDL) attack strategy, which involves adversaries gathering encrypted data today, only to decrypt it once QC technology becomes sufficiently advanced. It poses a significant risk to data that holds long-term value, like health records, financial details, classified government documents and military intelligence.
Given the potentially dire consequences of HNDL attacks, many organizations responsible for vital systems around the world must adopt “crypto agility.” This means they should be ready to swiftly swap out cryptographic algorithms and implementations whenever new vulnerabilities come to light. This concern is also reflected in the U.S. National Security Memorandum on Promoting U.S. Leadership in Quantum Computing While Mitigating Risk to Vulnerable Cryptographic Systems, which specifically points out this threat and calls for proactive measures to counter it.
... continue reading