16 Sep 2022 6 min read

Common Quantum Queries

What is a quantum computer? What can it do?

A quantum computer is a computer that does not calculate in binary, as a classical computer does. Instead of a “bit”, either a 0 or 1, a quantum computer’s basic building block is a “qubit”, which can be in any combination of 0 and 1. This allows quantum computers to operate in ways classical computers cannot by storing and operating on far more complex combinations of variables. Quantum computers will not be better at everything than normal computers, but specific algorithms have been found that would provide a “quantum advantage” – a quantum computer using these algorithms could solve problems faster than a comparable classical computer. Some areas where there is quantum advantage are in modeling atoms to develop new materials with desired properties, solving optimization problems such as route optimization, searching databases, or testing new proteins. In the future, all of these uses will help advance research and technology.

Why is Quantum Computing a threat?

Quantum computers are a threat because of Shor’s Algorithm, an algorithm which allows quantum computers to efficiently factor large numbers. The inability of classical computers to factor these numbers is a key element of many modern cryptographic schemes. One encryption algorithm called RSA is in particular danger. RSA would take a modern supercomputer millions of years to crack, but a quantum computer with 4,000 qubits could break it in a matter of hours. RSA is used to protect most online data, including emails, bank data, phone calls, and e-commerce. On “Q-Day”, the day when quantum computers can break RSA, bad actors will be able to access almost any online system. This is a potentially apocalyptic occurrence: if organizations do not prepare, quantum computers will make encryption obsolete, meaning hackers could easily access bank accounts, health records, or national security secrets.

What is the quantum timeline?

Quantum computers capable of breaking modern encryption do not yet exist. Currently, the largest quantum computer has 127 qubits. However, just two years ago the largest quantum computer was 53 qubits, less than half today’s number. This pace has accelerated in recent years, with many industry experts now predicting that Q-Day could be in the next 5 years. A more conservative estimate based on the last two years’ doubling pattern would still put Q-Day only 10 years away. This means powerful quantum computers will likely be able to break today’s encryption methods in the next decade.

What are SNDL attacks?

Powerful quantum computers and the advent of Q-Day are potentially still a decade away. But this does not mean data is safe from quantum computers. There is increasing prevalence of “Store Now, Decrypt Later” (SNDL) attacks, where hackers or foreign nation-states steal encrypted data without being able to decode it. They plan to store the data until quantum computers are available and powerful enough to decrypt it. This is a serious threat because most data has a lifetime of more than ten years. For example, information such as national security secrets, bank records, or health information needs to be kept private for the next 30 or more years. SNDL attacks will allow hackers to see today’s data decrypted in the next decade, and these attacks are going on every day. Luckily, once data is protected by quantum-resilient encryption, it is no longer vulnerable to SNDL attacks, as hackers with quantum computers will still be unable to decrypt it.

What is government doing on this? – is there regulatory oversight on this?

The U.S. government recognizes the serious threat quantum computing poses. Earlier this year, the White House published a National Security Memorandum which requires federal agencies to start switching to quantum-secure cryptography. Additionally, there is bipartisan support for action in Congress. The Endless Frontiers Act, which includes $100 billion in federal funding, supports quantum computing and post-quantum encryption efforts, while the equally bipartisan Quantum Computing Cybersecurity Preparedness Act, which is on the Senate floor, would direct the National Institute of Standards and Technology (NIST) to develop a plan to mitigate the quantum threat. NIST has also recently completed a six-year search for algorithms to use as the standard for post-quantum cryptography (PQC). These will replace current cryptography algorithms, such as RSA. The search gives guidance towards future cybersecurity efforts, which will have to comply with NIST’s standards. All four potential algorithms are compatible with QuProtect, QuSecure’s quantum security solution.

How do we know NIST’s algorithms work if we can’t go at them with quantum computers? What is the long-term prognosis of current PQC algorithms / Will the upgrade process be cyclical?

The reason quantum computing is threatening is a specific algorithm, Shor’s Algorithm. Today’s PQC encryption methods are mathematically proven to be resistant to Shor’s algorithm. Each encryption method uses a different protection method, so new encryption algorithms will be safe unless corresponding decryption methods are found. This is a possibility, since quantum computing is a young field and there are still many algorithms to discover. If vulnerabilities are found in today’s PQC standard, cryptography would have to move to a new encryption algorithm. QuSecure recognizes this, and so QuProtect is crypto-agile, allowing it to easily swap between algorithms without disruption to clients’ networks. QuProtect can thus easily leave behind obsolete algorithms and embrace new, better solutions.

Do I need a quantum computer to protect myself?

No, you can protect yourself without any quantum hardware. The only quantum component of QuProtect is quantum random number generation (QRNG), which occurs within QuProtect’s software. This means organizations can protect themselves with lightweight software instead of expensive machinery. QuProtect has zero dependencies on quantum computers to operate. All the necessary technology is available today and integrates with existing network and cybersecurity infrastructure.

Why should I try out QuSecure’s solution?

Without quantum-resilient encryption, organizations are vulnerable to SNDL attacks now, and potentially catastrophic data breaches in the future. This puts heavy impetus on organizations to solve their quantum-security vulnerabilities. QuSecure offers by far the easiest and most comprehensive quantum security solution on the market, with a variety of selling points. QuProtect is orchestrated, lightweight, and backwards-compatible, allowing our single solution to fit the needs of any client. It is also crypto-agile, which allows QuProtect to use whichever encryption algorithm is the best in any given situation. Lastly, QuProtect is proven, having been chosen as the U.S. government’s default PQC provider. As a trusted, non-invasive, flexible solution, QuSecure is the easy button for quantum security.

AES is immune from quantum attacks; why do I need you?

AES is a “symmetric encryption algorithm”, meaning it uses one key given to two users to create an encoded message channel between those two users. This is perfect for security, but gives rise to a “key distribution” problem: it is hard to distribute the key to both users in a secure manner. For this purpose, AES is often combined with other algorithms in a “hybrid encryption scheme” where the AES key is encrypted with another algorithm, say RSA, then distributed to users, at which point the users use AES to communicate. Because these schemes use two algorithms, they are still vulnerable to quantum computers even though AES is safe.

SHARE ARTICLE

Are you ready? Contact us today.

Find out more