Quantum Computing And the Cybersecurity Time Bomb

Quantum Computing And the Cybersecurity Time Bomb

 I know, I know, I used Quantum and Computing in the same sentence. In fact in two sentences. Shoot me. May as well; the internet as we know it is fast approaching it’s end anyway, and being in my 20s, I can’t live without the internet.

Whilst ‘Quantum’ typically instils all but die-hard Star Trek fans with a sense of boredom and dread, those of us in Cybersecurity have a serious problem. Whether you like it or not; much of our technological world relies on Quantum Mechanics, and we may need to get to grips with the nature of a seemingly inevitable Quantum internet sooner than you might think.

The Problem:


We take for granted that when we ping some money to our friend for our half of the Friday night JustEat order, it ends up in their account, and not in some offshore account in the middle of nowhere along with all our life savings.

In fact, most of our communication through the internet is protected by a set few relatively simple encryption techniques, with RSA, AES (formally DES) or SSL Encryption being the ones most of us have heard of, but not necessarily the most commonly used.

One common form of cryptography is public-key cryptography, in it's many forms, where two parties want to communicate privately over a public network.

How It Works:

Prime numbers are numbers only divisible by 1 and the number itself.

Let’s say “Player 1” is wanting to communicate with “Player 2” (I grew up with PlayStations). Both parties create one public and one private ‘key’ (a key being a number that is used to both scramble and later unscramble the message being sent – more on this in a moment).

***Please see image above***

Player 1’s key is shared with Player 2 and used by Player 2 to encrypt messages sent to Player 1. This can only be decrypted by Player 1 with their own private key. This private key is kept secret by Player 1. Likewise, Player 2’s public key is sent to Player 1 for Player 1 to encrypt messages they send to Player 2.

Similar to RSA encryption, public and private keys use an algorithm that takes two huge prime numbers and multiplies them. This works so well as it is extremely hard to re-factorise them, meaning: take that very large number, which has only two prime factors, and find the original prime numbers, which were used to ‘scramble’ the message.

If you know how the message was scrambled, you can unscramble it, a bit like if you know a recipe for specific cake, you know how to recreate the cake.

Here’s Where Quantum Computers Come In:

An algorithm is a sequence of steps taken to produce a meaningful result.

Classical computers use ‘bits’ (0s and 1s) put through various algorithms (via logic gates) to produce a useful result. Quantum computers on the other hand, have Quantum bits or ‘Qbits’.

Qbits have a very special property. Like Classical computers, each bit can be either a 0 or a 1, but they can also be both 0 and 1 at the same time. (for those Physics buffs out there, this is called Quantum superposition).

Let’s look at an example. Let’s say your classical computer needs to search 2^64 keys in order to guarantee decrypting someone else’s 64 bit message. A Quantum Computer would only need to do 2^32 searches.

So, the total number of searches to complete would be:

Classical: 18,446,744,073,709,551,616 searches

Quantum:                         4,294,967,296 searches

If we assume both computers search at the same speed, it could take the Classical computer an entire year to complete this request.

The Quantum computer on the other hand? Just 7.3 MILLISECONDS for the same request.

In effect, your message could be decrypted, altered, then re-sent (commonly: MITM attack) as quickly as a message can be sent in the first place.

Is There A Solution?

Maybe. Don’t get me wrong, it’s not like I’ve just uncovered this for the entire world from my tiny flat. There are experts working on these problems already and some advances have been made to assess which Cryptosystems can withstand the incoming Quantum missile (AES-256 being the most promising at the time of writing).

With some commercial access to Quantum Computers already on the market and others soon to come (D-Wave, IBM’s Q system One and Google’s Bristlecone) it is now that business leaders need to move to Cryptosystems that can survive in a post-quantum world.

How will your organisation fare?


Richard is a Technology Sales Headhunter with a genuine passion for computing, Bionics and the tech that underlies our everyday lives.

Photo Credit:

Share article