Quantum cryptography offers ability to protect from attackers looking to break encryption

Quantum computing isn’t widely available yet, but the time is likely coming—and with it, the ability for users to deploy the technology for encryption and cryptography.

That includes threat actors. Marc Lijour, an Institute of Electrical and Electronics Engineers researcher, told IT Brew that attackers are already getting ready for the opportunity provided by quantum computing. They are “downloading everything they can at the moment and storing it, basically copying the internet and anything they can so they can open it later [using quantum technology],” he said.

Big time. That probably only applies to nation-states, John Bruggeman, a consulting CISO, said. To Bruggeman, the likelihood is low that criminals are storing the information, but high that countries are.

“Probably the world’s largest storage repository is out in [Bluffdale] Utah—thanks to [former Utah senator Orrin Hatch and the NSA—and they are definitely, without a doubt, storing lots and lots of internet traffic waiting for the day when they can decrypt it using a quantum computer,” Bruggeman said.

Advances in quantum computing have, thus far, been limited in use to researchers and other high-volume projects. But the future of the technology is in commercial viability, Rigetti Computing CEO Subodh Kulkarni told IT Brew: “Almost all of us in the quantum computing field are absolutely convinced.”

Number games. Much of the talk around quantum computing remains hypothetical, but it’s fun to think about the possibilities. Oliver Dial, IBM Quantum CTO, told IT Brew that because the most common public key encryption online is based on factoring large number sets, a large enough quantum computer could theoretically break most of it.

“Those machines are still far outside of our reach, and it’s worth noting that there are new encryption protocols that are already approved by NIST, which are not vulnerable to this attack—they’re called quantum safe encryption algorithms,” Dial said. “It’s actually something that the world is working on adopting today to remove that boogeyman from the future.”

Moving forward. Switching encryption algorithms is easier than you might think, Bruggeman said, and “can be done in the background without disrupting day-to-day operations.” Often, users don’t even notice. Changing these backend details can be done quietly; it’s effectively a security software upgrade.

“You change the protocol that you’re using for the encryption algorithm, and now your point-to-point connections are no longer susceptible to man-in-the-middle attacks and harvest and decrypt later,” Bruggeman said.

It’s not a total fix to the issue, but it’s an easy step in the right direction. Bruggeman analogized it to developing fiber- optic internet solutions—one doesn’t have to change hardware as you increase the number of users.

“Imagine a scenario where you have fiber optic in your physical building—you’re in an office building, and you have 1,000 rooms and you have 1,000 people that come into work,” Bruggeman said. “You don’t have to change the fiber, you probably don’t even have to change the switches. The only thing you’d have to change is the backbone communication protocol.”