An approach to quantum resilience: Navigating to a new frontier

Guest blog by Manish Garg, Director at VE3 #techUKCyber2023

Quantum computing is on its way to shape a new digital world. It will come with a paradigm shift by revolutionizing how data gets processed and stored. The internet and the web will soon see a new phase. That is because of the inexorability of quantum computing developments.

Within a decade or two, quantum computers will be in their market price and personal computer shape. The immense performance & potential of quantum computing will also welcome new threat levels and paradigm shifts.

Let’s dive into some essential insights about quantum computing & quantum resilience. Find out what the cybersecurity industries are doing to protect against quantum threats. Lastly, let’s bust some myths & raise awareness about how the UK is preparing for resilience for the quantum era.

What is Quantum Computing?

Quantum computing is a branch of Computer Science blended with Physics that uses quantum physics to operate. It uses quantum mechanics and the theory of particles to calculate the outputs. These are subatomic particles, such as protons and electrons. Quantum bits, or "qubits" are the micro components in quantum computing that allow these subatomic particles to be in more than one state (i.e., 1 and 0) simultaneously.

According to a recent report, the quantum computing market was at USD 717.3 million in 2022. Their prediction estimates that it will grow from USD 928.8 million in 2023 to USD 6,528.8 million by 2030, exhibiting a compound annual growth rate (CAGR) of 32.1 percent during the forecast period.

It was the 1980s when the field of quantum computing came into implementation. Researchers found they could solve quantum problems efficiently using quantum algorithms rather than classical versions. Various companies like IBM, Microsoft, Google, D-Waves Systems, Alibaba, Intel, Rigetti, etc., are doing intensive research on quantum computing to preserve security aspects and market it.

What is Post-Quantum Cryptography?

Post-quantum cryptography is a cryptographic technique that uses quantum computing to design algorithms and protocols for resisting quantum attacks. Post-quantum cryptographic algorithms aim to deliver high-end quantum encryptions resistant to quantum computing cyberattacks.

Cyber Security Risks through Quantum Computing

Although we will encounter significant innovations through quantum computing, it will accompany myriad risks. With various promises, quantum computing is also giving birth to perils. Quantum cyber threats are one such concern. It will lead to sensitive data breaches, health & financial data leakage, etc.

Underpinning cryptocurrencies running on public-key cryptography, breaking strong cryptosystems, threatening data integrity, etc., are also concerning threats. Let us discuss some advanced quantum threats that will pose security issues soon.

HNDL is a threat: Harvest Now, Decrypt Later is a security concern many organizations are raising because of quantum computing. In this cracking technique, the attacker will accumulate encrypted data from target organizations today. They will decrypt these data through quantum computing techniques when the technology matures completely. According to a poll by Deloitte, more than half of its surveyed professionals (50.2%) believe that their organizations will be at risk because of the "harvest now, decrypt later" (or HNDL) cyber-attacks.
Asymmetric cryptographic algorithms will become obsolete: Another threat prevailing because of quantum computing is when most modern asymmetric encryption methods become obsolete. Robust asymmetric cryptographic algorithms like Diffie-Hellman (DH), RSA, and Elliptic Curve Cryptography (ECC) will get easily decrypted through quantum computers. It was 1994 when Peter Shor developed the theoretical quantum algorithm to find the prime factors of a large integer. Quantum computers can use their performance power to utilize Shor's algorithm to decrypt any private key.
Blockchain technology will be vulnerable: Apart from threatening all encryption techniques, quantum computers can pose significant problems to blockchain technology. Since blockchain runs on disseminated consensus of trust and integrity, the vulnerability in the public-key cryptography can be susceptible to cyber-attacks. It can reveal the users' private keys & can distort the conviction among blockchain users. One report uncovered that 65% of ethers (in Ethereum cryptocurrency) and all bitcoins contain a public key in their blockchain that is vulnerable to quantum computing.

Preparing for Quantum Resilience

There are various myths about the fact that quantum computing will not impact in the next decade or two. But there is no guarantee that quantum computers will get marketed at their full potential. Also, no one can exactly tell when it will come for personal use in the market.

That is why organizations and security firms should suggest & implement proactive steps toward quantum resilience. It will help maintain various technologies and prevent them from quantum threats.

Let us closely look at the various preventive measures organizations should take against quantum cyber threats.

Post-quantum research: Numerous organizations are spending hefty amounts on developing post-quantum algorithms for cryptosystems. These algorithms will be resistant to quantum attacks. NIST (National Institute of Standards and Technology) has been running a Post-Quantum Cryptographic Algorithm Standardization project that will help evaluate & standardize multiple quantum resilience algorithms.
Quantum Key Distribution (QKD): Another quantum technology that will help redefine security principles in secret key distribution is Quantum Key Distribution (QKD). It uses quantum mechanics to secure communication channels dynamically. Industries like defense, healthcare, finance, cloud data centers, etc., are exploring and developing QKD solutions to prevent sensitive data from quantum cyber-attacks.
Quantum-safe encryption techniques: Many organizations have already prepared themselves for quantum resilience. They have developed & started implementing quantum-safe encryption solutions in their networks, data centers, cloud services, and other systems. Every organization should perform this transition from modern encryption standards to quantum-safe encryption techniques.
NIST encryption algorithms: The National Institute of Standards and Technology (NIST) is a security standard organization that has a global impact. They have been conducting research and competitions to standardize post-quantum cryptographic algorithms. They have come up with several post-quantum computing algorithms for quantum resilience. Some of them are:
- CRYSTALS-Kyber: It is a general-purpose quantum crypto algorithm that will help in securing websites.
- SPHINCS+: It is a well-designed cryptographic encryption algorithm for digital signatures.
- CRYSTALS-Dilithium: It helps in protecting digital signatures while remotely signing documents.

UK’s resilience and preparedness towards Quantum Resilience

Like other countries, the UK is also preparing itself for quantum resilience. According to their National Quantum Strategy launched as a part of the UK's budget, they have a funding of £2.5 billion. It helps various UK-based organizations plan for research and skills development to tackle quantum threats. It also incorporates a regulatory framework that endows innovation and the moral use of quantum technologies.

According to Stanford University's professor Mauritz Kop, the UK and other government organizations should impose regulations on AI and quantum computing practices before it's too late. He also stated, "Quantum computers can become more dangerous than artificial intelligence."

Conclusion

Quantum computer is a double-edged sword for the technology and the cybersecurity world. On one side, it offers incredible computational performance, but it will also threaten the very foundation of digital security. Thus, organizations across different countries should embrace quantum resilience & prepare to protect their technologies and data from quantum threats.

Here’s where VE3 emerges as a trusted partner in bolstering cybersecurity defences against quantum threats. With our innovative cybersecurity solutions, we help organizations adapt to the quantum age. This may involve developing and deploying quantum-resistant encryption protocols, ensuring the integrity of data in a quantum computing environment, and providing comprehensive training and consultancy services to stay ahead of emerging quantum risks. By trusting us, you can fortify your technology and data against the potential challenges posed by quantum computing, ensuring a secure and resilient digital future.

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more