GRC Viewpoint

Understanding Quantum Risk: The Threats Posed by Quantum Computing

Quantum computing is one of the most significant technological developments of the past few decades. While it promises enormous benefits, such as faster and more powerful computing capabilities, it poses significant risks. One of the most significant threats is the ability of quantum computers to break traditional encryption. Why will this matter, and what can  businesses do to prepare for it?

Quantum computing is a revolutionary technology that promises to change the world as we know it. It has the potential to solve problems beyond the capability of classical computers and unlock new frontiers in science, medicine, and industry. However, it also poses a significant risk to data security and privacy. Quantum computers will break the encryption used by most current security protocols, including those that protect sensitive data in transit, such as chat messages, emails, and financial transactions.

The risk posed by quantum computing is not hypothetical but very real. It is not a question of if but when quantum computers will become powerful enough to break the encryption. Governments and private entities worldwide have invested billions of dollars in developing quantum computers in recent years. Experts predict that quantum computers capable of breaking current encryption standards could become available within the next decade.

Harvest and Decrypt: The Basis of Quantum Risk

One of the most significant risks of quantum computing is the ability to break traditional encryption and harvest and decrypt sensitive data. When transmitting data over the internet, there is always some risk of interception. According to Telegeography, a telecommunications market research firm, 99% of the world’s internet traffic travels on fiber optic cables, most of which travel undersea. People can tap these cables to intercept data because undersea cables occupy a legally murky area, where no government has legal jurisdiction over what happens to them. This undersea cable risk becomes even more significant in the context of quantum computing, as the ability of quantum computers to harvest and decrypt vast amounts of sensitive data could make it easier for attackers to exploit any information intercepted from these cables.

The basis of quantum risk is the capture of encryption keys. Today’s encryption methods, such as RSA and ECC, rely on complex mathematical problems that are difficult for classical computers to solve. Quantum computers will use Shor’s algorithm to solve these problems faster, potentially in seconds. Any data encrypted with traditional methods will be vulnerable to attack by a quantum computer, meaning any data harvested today will be decrypted later.

NIST PQC Competition

The NIST post-quantum cryptography (PQC) standardization competition announced finalists after six years of global debate and analysis. These finalists will become standards in about 18 to 24 months, assuming nothing catastrophic happens. According to the White House’s National Security Memorandum on promoting quantum security while mitigating risks, U.S. government agencies must plan to migrate to these standards. However, migrating to new encryption standards can be challenging and may take several years. Furthermore, flaws may still be found in the new standards, rendering previously encrypted data vulnerable to decryption.

Why this Matters

Quantum risk matters because it poses a significant threat to the security and privacy of sensitive data. Any data that needs to be kept confidential for a long time, such as sensitive government information, financial data, medical records, intellectual property, and trade secrets, is at risk and needs quantum security now. With advances in machine learning and artificial intelligence, even seemingly trivial information can provide a rich set of data to synthesize with other data points.

Preparing for Quantum Risk

Businesses and individuals can prepare for quantum risk by adopting quantum-secure encryption methods. Quantum-secure encryption methods are designed to be resistant to attacks by quantum computers. Using one-time pads or information-theoretic secure encryption is not vulnerable to quantum attacks. If data is harvested, it can never be decrypted using a quantum computer. Quantum key generation and quantum-secure tunnels can secure data transfer by generating one-time pads at the endpoints. Developing post-quantum cryptography standards will require ongoing research and collaboration among experts in the field and significant investment in research and development.

Conclusion

Understanding quantum risk is essential for individuals, businesses, and governments to stay ahead of the emerging threat posed by quantum computing. Mitigating quantum risk requires adopting quantum-resistant encryption methods, implementing quantum key distribution, and developing post-quantum cryptography standards. Developing these solutions is critical for ensuring the security of our digital infrastructure in the post-quantum world.

By Leon Brown, Director of Product Marketing at Qrypt

About Leon Brown
Director of Product Marketing, Qrypt

Leon Brown is a well-versed authority on quantum risk and security with over 20 years of experience in the technology sector. As a thought leader in the field, he has played a crucial role in driving innovation and raising awareness about the challenges and opportunities posed by quantum threats in the rapidly evolving security landscape.

 

Related Articles

Latest Articles