Quantum Computing and Cybersecurity

In September, a document was leaked that Google had managed to build a quantum computer. Today there was the official confirmation. The Nature Magazine reports extensively on the Quantum Computer and Sycamore. According to the report, the Quantum Computer did a math problem in around three minutes, which would have required more than 10,000 years for the so-called supercomputer.

Traditional Computers make use of the binary system, which means they are built up of digital bits which can have a value of either 1 or 0. Currently emerging Quantum Computers however are built up of quantum bits, so called “qubits”. Due to certain physical properties these qubits can exist in multiple states at once, meaning a qubit can represent the value 1, 0 or 1 and 0 simultaneously. The Sycamore chip works with 53 qubits. This allows Quantum Computers to work on many computations in parallel and hence exponentially speed up the time it takes to process a task. As a consequence Quantum Computers can solve problems that had been far too computationally intensive, even for current super-computers, to calculate.

Whereas this acceleration of computational power has major benefits and could lead to breakthroughs in many areas like in science and medicine, it also brings significant risks.

As mentioned, Quantum Computers have the capability to solve highly complex problems. This however represents a threat when faced with problems that are not supposed to be solved. These are for example mathematical problems used in cryptography. Cryptography describes the discipline of transforming clear data into ciphers in order to restrict who can read the information. There are two main types of cryptography: symmetric and asymmetric cryptography. In symmetric schemes the same key is used to encrypt and decrypt the data, while in asymmetric schemes (also called public-key) a pair of keys, a publicly shared key for encryption and a private key for decryption, is generated.

Both of these types of cryptography find application for example when browsing the internet. As symmetric encryption is essentially much faster than public-key encryption, it is used to encrypt communication and information. Public-key cryptography is used to securely exchange symmetric keys and to create and authenticate digital signatures. For example when visiting a website which uses HTTPS protocols, the browser will authenticate the certificate of the website using public- key encryption and thereafter set up a symmetric key which encrypts the communication from and to the website. As a result the authenticity of the website has been checked and all information shared cannot be viewed by a third entity.

The problem is that most cryptographic schemes are based on mathematical problems and their security lies in the fact that these problems cannot be solved. However as soon as sufficiently powerful Quantum Computers exist, the consequence is that the majority of standard cryptographic schemes today will no longer be secure and object to attack, hence to eavesdropping and to digital identity theft.

In this context it is to be said, that as symmetric and asymmetric encryption are based on different mathematic principles, the effects of Quantum Computers will be different. Symmetric encryption schemes are expected to be “just” weakened, whereas all public-key encryption schemes which are popular today, like RSA, Diffie-Hellman and elliptic curve, are expected to be broken altogether. This creates a need for new public-key schemes, which cannot be broken by Quantum Computers. Suggestions already exist and concrete algorithms are being developed. Thales has extensive expertise in secure communication solutions. The security of these communication systems is built on cryptographic mechanisms which protect against any eavesdropping and ensure that the transmitted information cannot be obtained by an outstanding entity. Thales experts are aware of the risks through Quantum Computing and are working on solutions.

Sufficiently powerful Quantum Computers do not exist yet today, although the topic is strongly being researched and developed. Even Google's Quantum Computer is not yet called a true quantum computer. Current estimations predict that stable Quantum Computers will likely exist in around 10 years. This may seem like a long time, however especially for data that is created today but could also be of interest in the future, encryption must be secured against Quantum Computers even before these exist, as encrypted data can be saved and decrypted at a later point in time.