Quantum computers are expected to deliver extraordinary speed and computing power, with the potential to transform scientific research and business operations. That same power also makes them especially appealing targets for cyberattacks, said Swaroop Ghosh, a professor of computer science and electrical engineering at the Penn State School of Electrical Engineering and Computer Science.
Ghosh and Suryansh Upadhyay, who recently earned his doctorate in electrical engineering from Penn State, coauthored a research paper that outlines several serious security weaknesses affecting today's quantum computing systems. Published online in the Proceedings of the Institute of Electrical and Electronics Engineers (IEEE), the study argues that protecting quantum computers requires more than securing software alone. The physical hardware that runs these systems must also be part of any serious defense strategy.
In a Question and Answer discussion, Ghosh and Upadhyay explained how quantum computers work, why they face unique security challenges, and what steps developers can take to prepare these machines for wider use.
Q: What makes a quantum computer different from a traditional computer?
Ghosh: Traditional computing works using units of information called bits, which you can picture as a light switch in the "on" or "off" position. These positions are assigned values of one or zero, with one representing on and zero representing off. We program computers by using algorithms or educated guesses to develop the best possible solution for a problem, compiling this solution to generate machine-level instructions -- directions specifying which bits need to equal one and which bits need to equal zero -- that the computer follows to execute a task.
Quantum computers are built on quantum bits, or qubits. These qubits are much more versatile than standard bits, capable of effectively representing one, zero or both at the same time, otherwise known as a superposition. These qubits can also be linked to one another, known as entanglement. By incorporating superpositions and entanglement into decision making, quantum computers can process exponentially more data than bit-powered computing systems, while using an equivalent number of qubits.
This is useful for improving workflows in many industries, since quantum computers can process information much faster than traditional computers. One example is the pharmaceutical industry, where quantum computing can quickly process data and predict the efficacy of potential new drugs, significantly streamlining the research and development process. This can save companies billions of dollars and decades spent researching, testing and fabricating innovative drugs.
Q: What are some of the main security vulnerabilities facing quantum computers right now?
Upadhyay: Currently, there is no efficient way to verify the integrity of programs and compilers -- many of which are developed by third parties -- used by quantum computers at scale, which can leave users' sensitive corporate and personal information open to theft, tampering and reverse engineering.
Many quantum computing algorithms have businesses' intellectual property integrated directly in their circuits, which are used to process highly specific problems involving client data and other sensitive information. If these circuits are exposed, attackers can extract company-created algorithms, financial positions or critical infrastructure details. Additionally, the interconnectedness that allows qubits to operate so efficiently inadvertently creates a security vulnerability -- unwanted entanglement, known as crosstalk, can leak information or disrupt computing functions when multiple people use the same quantum processor.
... continue reading