17 jun. 2024
How quantum computing will transform IT security
Do we need to be afraid of quantum computers breaking into our data? We asked our CISO, Robert Haist, about the risks and how to address them.
If the word quantum makes you wonder about the computer system on the USS Enterprise or transports you to the Quantum Realm in Ant-Man and the Wasp, you’re not alone. Science fiction franchises like Star Trek and Marvel use concepts like quantum mechanics to “explain” futuristic scenarios.
However, real-world quantum computing has little in common with what we see on TV. In fact, quantum computing has started to revolutionize various industrial sectors. Leading companies like Google and IBM, startups, research institutes, and universities are making significant strides in the field.
Future quantum computers will be able to solve problems today’s computers can’t — an exciting thought. But this might also enable them to decode encryption methods that are currently deemed unbreakable.
IT professionals worldwide are debating what quantum computing will mean for network and data security in the future.
As TeamViewer’s Chief Information Security Officer (CISO), Robert Haist is an expert in IT security. We spoke to him about the future of quantum computing.
Watch the video summary of our interview with Robert.
Hey Robert, what’s a quantum computer?
I’ll try to explain it in simple terms, but it’s a complex topic.
Traditional computers work with transistors. In the past, transistors were big enough to hold in your hand, but they’ve become much smaller over time. Now, tiny computer chips have millions of transistors on them.
Still, the computational capacity of traditional computers will hit a limit someday. And so, we need new ways to calculate certain mathematical problems.
Quantum computers are built on the fundamentals of quantum physics. Instead of transistors which can be open or closed — zero or one — quantum computers have qubits.
The special thing about qubits is that there’s something called superposition which allows them to have simultaneous states of zero and one. This allows quantum algorithms to compute certain mathematical problems more easily than traditional computers.
What can a quantum computer do that a traditional computer can’t?
Quantum computers aren’t better at solving every kind of problem. So don’t expect a quantum computer to replace your laptop for everyday purposes like media, gaming, and office work. That’s not what quantum computers will be for.
However, they’re better at certain tasks, such as solving specific mathematical problems and simulating quantum states, which is important for research on quantum physics.
What would happen if a fully functional quantum computer was released today?
Functional quantum computers already exist, and some companies even provide access to them.
But these computers have a very limited number of qubits. So, they’re not powerful enough yet to solve problems that are too complex for existing traditional computers or supercomputers.
If a quantum computer with enough qubits were released today, the biggest issue would probably be that it could break certain types of encryption that traditional computers can’t.
According to current research, this could take up to 20 million qubits, and the biggest current quantum computer only has around 1,200. So, we still have some time.
However, we need to be prepared so that when quantum computers do reach that level of complexity, our encryption will be secure enough to protect our data and privacy.
Are there encryption methods that quantum computers won’t be able to break?
Yes, because there are mathematical problems that are just as difficult for quantum computers to solve. Cryptography experts are currently building cryptographic schemes based on these problems.
This type of encryption is called post-quantum cryptography (PQC).
The National Institute for Standards and Technology in the U.S. (NIST) is already certifying post-quantum encryption methods for various applications. I expect these NIST standards will be adopted throughout the industry.
Can the encryption methods we’re using today be made quantum-resistant?
Some encryption methods that are currently in use are particularly vulnerable to future quantum computers.
For instance, a method called RSA encrypts a large portion of internet traffic. It uses prime factors which are hard for traditional computers to decode but much easier for quantum computers. Organizations will need to replace RSA before a sufficiently powerful quantum computer is released.
The good thing is that there are several ways to do this. Current RSA encryption uses 2048 bits, but doubling the number of bits makes it difficult even for quantum computers to crack.
The same goes for other encryption schemes. Just by increasing the problem size, you can make it much harder to solve.
Some actors are already harvesting data to decrypt in the future. What does this mean?
“Harvest now, decrypt later” is the principle of storing encrypted data until there are methods available to decrypt it.
Some powerful players have deep access to internet traffic data and extensive storage capabilities. They save data they can’t decrypt right now and plan to crack the encryption when new technology — like a powerful quantum computer — becomes available in the future.
The data they’re storing might be old by then, but it can still be critical. Think of intelligence services, for example.
That’s why developing post-quantum encryption is already relevant, even though current quantum computers aren’t powerful enough.
Most internet users today value their privacy. Therefore, as IT professionals, we need to ensure our encryption protects their personal data, even from these types of attacks.
But also keep in mind that you need to store huge amounts of data, if you’re planning such an attack. This is very expensive, so it’s unlikely that attackers save information that isn’t particularly relevant to them. That’s why this might only affect very few people.
How can businesses prepare for the arrival of powerful quantum computers?
If you work in IT, it’s good to identify where you use encryption in your company.
Start with sensitive areas, like VPN, external server access, or remote access. Determine which cryptographic methods you’re using and think about how you could implement post-quantum standards in the future.
I expect most operating systems to deploy post-quantum safe crypto libraries in the upcoming years. Your browser will be able to use those libraries to protect your browsing data. So, make sure all your software is patched and up to date.
If you provide web services to your customers or employees, you might want to ensure they’re also compatible with these crypto libraries.
Any final thoughts?
Quantum-safe encryption is a high-profile topic right now, and I expect it to become even more prominent in the future.
But if you want to ensure the security of your systems, employees, and customers, don’t forget the basics. The probability of your network being attacked, due to an outdated system, is still much higher than the threat of quantum computers breaking your encryption.
So, focus now on what you can do to protect your network first. Then, you can start worrying about the future.
Summary
Quantum computing isn’t fiction but reality. Research institutions and tech giants are already working with early-stage quantum computers. These computers aren’t meant for everyday use, but they have the potential to outperform current computers at solving specific mathematical problems.
Someday, this might enable cyber attackers to break today’s commonplace encryption. That’s why NIST is developing new post-quantum cryptology standards, and businesses are building encryption that can withstand the capabilities of quantum computers.
As an IT professional, you should be prepared to implement these new encryption methods when the time comes. But until then, don’t forget about the basic security measures you can take now to keep your network safe.
