Artificial intelligence is often in the spotlight when discussing cyber security. But another technology is fast approaching — one that poses significant risks to our digital world…

Quantum computers are on the horizon, and with them comes the potential upheaval of our current cyber security systems. In fact, experts widely agree that quantum computers may soon be capable of undermining many of the encryption and identity techniques that keep our data safe.

What are quantum computers?

Quantum computers are not just more powerful computers; they are a different type of computing altogether.

Traditional computers (including mobile phones and tablets) process data in binary bits, where each bit is either a 1 or a 0. However, quantum computers harness the unique properties of quantum physics through qubits. These qubits can exist in multiple states simultaneously, a phenomenon known as ‘superposition’.

The more qubits your quantum computer has, the more powerful it is, and there is a lot of money being spent on achieving that.

In 2022, China invested a staggering $15 billion in quantum technologies, outspending Europe, the US and Japan combined. However, it is worth noting that many state-sponsored projects are classified, meaning some nations may be further along than we realise.

Outside of nation-states and the public sector, private companies like IBM and Google are also making significant strides; IBM unveiled a 1,000-qubit machine last year!

Why is quantum a threat to encryption?

The real danger of quantum computers lies in their ability to break current encryption methods. Today, we rely on prime numbers as the foundation of secure online communication. Every time you connect to a website, your computer uses prime numbers to help encrypt the connection, ensuring your data remains safe.

Quantum computers have the potential to break the backbone of this security system.

One of the most famous quantum algorithms is Shor’s algorithm, developed in the 1990s. This algorithm enables a quantum computer to find the prime factors of large numbers much faster than any classical computer.

Why is this important? Because prime factorisation is the core of public-key infrastructure (PKI) — the technology that secures your HTTPS web connections, IPSEC VPNs, and even SSH access to servers.

There are two phases to securing these connections:

  1. Asymmetric encryption algorithms that generate encryption keys and digitally sign certificates
  2. Symmetric encryption algorithms that encrypt data using the generated keys

The good news is that strong symmetric encryption algorithms, like AES-256, are considered secure even against quantum computers. Currently, no quantum algorithm can realistically attack them.

The bad news is that asymmetric encryption is much more vulnerable to quantum computers, meaning Shor’s algorithm could one day be used to break these keys and allow an attacker to decrypt your data.

Harvest now, decrypt later (HNDL)

You may think your data is safe because quantum computers are not yet powerful enough to break current encryption algorithms. However, there is a technique known as ‘harvest now, decrypt later’ (HNDL), where attackers capture encrypted data today, store it and wait until quantum computers become strong enough to decrypt it.

In this scenario, even though your data is safe now, it could be vulnerable in the future once quantum computers reach their full potential.

Think about the sensitive information you have transmitted today: bank details, personal emails and private messages. Even if it is encrypted right now, quantum computers could render that encryption obsolete, exposing your data when quantum technology matures.

What’s next?

The timeline for when quantum computers will be able to practically break encryption is still up for debate. Following recent public announcements, it looks like it could happen in the next three to five years — although the reality is likely to be even scarier. After all, if a nation-state already possesses this technology, do you think they are going to tell us?

As quantum computers hurtle towards reality, one thing is certain: they bring with them the potential to break much of the encryption that secures our digital world. The risks are real, meaning developing quantum-resistant algorithms is crucial to protecting our future digital security.

Asymmetric encryption is at significant risk, but even symmetric encryption is no longer safe. Generally speaking, symmetric encryption sessions are set up using key material derived from within an asymmetric encrypted ‘conversation’ that is assumed to be secure. But we know it will not be long before asymmetric encryption is not secure, so if your encryption material is generated in this way, your symmetric session will not be safe either.

As we prepare for the future, staying informed about quantum advancements and their impact on encryption is critical to protecting your data. In a future post, we will explore the technologies that can help protect us in the face of quantum computers and outline the steps you can take to ensure your data remains safe. So, keep an eye on this blog for more insights on how we can safeguard our digital world against the quantum threat.

Author credit: Mark Sones and Nigel Edwards