Quantum Computing – Should We Be Worried for Data Security?
What is Quantum Computing?
Quantum computing is a new method of computing that harnesses the properties of quantum mechanics to deliver huge leaps forward in processing power. Whereas traditional computers store information in bits that can represent either 1 or 0, quantum computers use qubits which can represent 1 and 0 simultaneously. This allows quantum computers to solve certain problems exponentially faster than classical computers.
Some of the key properties of quantum computing include:
- Superposition – qubits can represent 1 and 0 at the same time
- Entanglement – qubits can be correlated with each other in a non-classical way
- Interference – qubits can cancel out or amplify each other
- Tunneling – qubits can pass through energy barriers that classical bits cannot
This gives quantum computers the potential to be millions of times faster than today’s supercomputers for certain tasks like optimization, simulation and cryptography.
How Far Along is Quantum Computing Today?
Quantum computing is still in the early stages of development. Some of the key milestones so far have been:
- 1998 – First 2 qubit quantum computer built
- 2007 – First 8 qubit quantum computer built
- 2017 – IBM makes first 20 qubit quantum computer available via cloud
- 2019 – Google claims quantum supremacy with 53 qubit computer
- 2022 – IBM unveils 433 qubit quantum computer
So although the field is advancing rapidly, the largest quantum computers today are still small scale prototypes. Full scale, universal quantum computers are likely still 10-20 years away.
What are the Security Risks of Quantum Computing?
Many standard encryption techniques like RSA and ECC rely on the fact that factoring large prime numbers is very difficult for classical computers. However, quantum computers will be able to easily break this encryption via Shor’s algorithm. This poses major security risks as much of today’s secure web traffic relies on RSA and ECC encryption.
Specifically, quantum computing poses a risk to:
- Encrypted web traffic
- Cryptocurrencies
- Electronic banking
- Military communications
- Consumer privacy
Anything relying on standard encryption techniques could potentially be broken once large scale quantum computers exist. Sensitive information like passwords, financial data and trade secrets may suddenly become accessible.
When Will Quantum Computing Break Encryption?
Most experts estimate it will take a 1000+ qubit quantum computer to break meaningful RSA encryption. The largest quantum computers today have less than 500 qubits. At the current pace of progress, we likely have 5-10 years before quantum computers can break encryption schemes.
However, data secured today could still be at risk in the future. Any data that needs to remain confidential for 10+ years should consider quantum-safe encryption. This includes government secrets, banking archives, medical records, etc.
How Can We Protect Against the Quantum Threat?
There are a few approaches we can take to protect sensitive data against quantum computing:
-
Quantum-safe encryption – New encryption schemes like lattice-based cryptography are thought to be quantum-safe. However, they have not yet been tested to the same degree as RSA and ECC.
-
Quantum key distribution – Using quantum properties like photon polarization to generate shared cryptographic keys that are guaranteed secure by physics.
-
Post-quantum cryptography – A hybrid approach combining traditional and quantum-safe cryptography to hedge bets.
-
Limiting data retention – Reducing the window of vulnerability by minimizing how long data needs to be kept confidential.
Should We Panic About the Quantum Threat?
The risk quantum computing poses to encryption and data security is real. However, with 5-10 years of warning time, there are steps we can take to prepare:
- Begin migrating high value data to quantum-safe encryption schemes
- Build infrastructure for quantum key distribution
- Support research and standardization of post-quantum cryptography
- Limit data retention periods to lessen the chance of brute force attacks
- Foster collaboration between government, industry and academia
By taking a proactive approach, we can ensure a smooth transition to the new quantum era for data security. While the quantum threat presents challenges, with careful planning there is no need to panic. The same ingenuity that gave us quantum computing can make our data systems quantum-safe.