Quantum computing will have a profound and game-changing effect on the current cybersecurity landscape, making many current companies, products, and services obsolete.
What is Quantum Computing?
Consider this 10-year-old-friendly explanation - typical computers operate in a binary manner, meaning there is no true multi-processing. Instead, a present-day computer constantly switches between tasks creating an illusion of performing them at the same time. They do this using tiny chunks of information called bits, which can only be represented in memory as either 1 or 0. On or off.
Not the case with quantum computers. Using something called quantum superposition this technology operates in qubits (i.e. quantum bits) that can be 1, 0...or both simultaneously. Think about it this way: when you toss up a coin and while it is still in the air, is it heads or tails?
200 seconds vs 10,000 years
The computational power of quantum computers is therefore measured in the number of qubits they have. This has absolutely massive implications on computing speed, making quantum computers immensely faster than regular ones.
For example, a four qubit computer can effectively be in four different positions at once. A prototype quantum computer called Bristlecone (by Google), which has 72 qubits, can try 4,722,366,482,869,645,213,696 values at once, performing computations in 200 seconds that would take the world's fastest supercomputer 10,000 years, Google researchers said in a blog post about the work.
How Does it Affect Cybersecurity?
The ability of quantum computers to solve incredibly complex mathematical problems in milliseconds applies to solving the algorithms behind encryption keys, brute-forcing passwords, searching for weaknesses within a complex network, and just about any other applications of cybersecurity controls out there.
Many current-day encryption algorithms, for example, are based on complex mathematical formulas that would take a traditional computer an impractically long time to decode. The widely used RSA (Rivest–Shamir–Adleman) public-key cryptosystem, for example, uses encryption key sizes of 1,024 to 4,096 bit. According to the current security standards, that's secure - a 2048 bit RSA key would take a traditional supercomputer 6.4 quadrillion years (6,400,000,000,000,000 years) to decode.
A quantum computer with 4099 perfectly stable qubits will break the RSA-2048 encryption in 10 seconds.
The imminent arrival of quantum computing technology, as well as the cybersecurity issues it brings with it, did not go amiss with national security agencies, governments, and security researchers. For example, the U.S. National Institute of Standards and Technology (NIST) is already evaluating 69 potential new methods for what it calls “post-quantum cryptography (PQC), and you can bet that the three-letter agencies are working on this as well.
Another promising method is Quantum Key Distribution (QKD) - a secure communication method that implements a cryptographic protocol involving components of quantum mechanics to share the quantum key between two endpoints. The security of encryption that uses quantum key distribution relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography, which relies on the computational difficulty of certain mathematical functions and cannot provide any mathematical proof as to the actual complexity of reversing the one-way functions used. As such, QKD has provable security based on information theory, and forward secrecy.
Whichever approach ends up being the way to go, make no mistake: the proliferation of quantum computing technology will be a game-changer for cybersecurity in the next decade.