Menu
Cryptographically-Relevant-Quantum-Computers

Cryptographically Relevant Quantum Computers: a threat to IT security?

Quantum computing currently represents one of the most promising but also concerning frontiers in IT.  This technological revolution is based on the concept of the Cryptographically Relevant Quantum Computer (CRQC), a device which could pose a threat to the very existence of today’s global IT security systems.

In order to gain a clearer understanding of the situation, we might consider that while traditional computing (based on classical bits) is limited by the laws of physics, this type of machine will be able to use the principles of quantum mechanics to process information in totally new ways, resulting in exponentially superior calculation potential.

The difference between CRQCs and quantum computers

The power of a quantum computer derives from its use of qubits (quantum bits), the basic units of quantum computing.  These units differ from classical bits (which can only have states of 0 or 1) because thanks to the principle of quantum super-positioning, qubits can exist in a superpositioning of both states at the same time.  This characteristic and quantum entanglement enable these machines to carry out multiple operations in parallel.

As mentioned above, a CRQC is a quantum computer with sufficient calculation power to breach the encryption algorithms currently used throughout the world to protect communication and sensitive data.  Unlike experimental versions and existing supercomputers, it could be capable of solving complex mathematical problems (which form the basis of current digital security systems) extremely fast, rendering current encryption procedures obsolete.

Fortunately, to pose a genuine threat to security standards, a Cryptographically Relevant Quantum Computer needs thousands (if not millions) of stable qubits, a requirement which would be difficult to meet using currently available tecnology.  Nevertheless, recent advances in research and development have put international cybersecurity experts on their guard.

One example is Microsoft’s announcement of its Majorana 1, a quantum computer that uses more stable topological qubits.  Although there is still a long way to go, this revolutionary device represents a significant step towards the creation of such machines.

The Shor algorithm and the vulnerability of symmetrical encryption

The main threat from CRQCs involves Shor’s algorithm (developed in 1994 by the mathematician Peter Shor).  If implemented on a sufficiently powerful quantum computer, it can factorise very large prime numbers efficiently, thereby compromising the security of encrypted public key algorithms like RSA, DSA and ECC (Elliptic Curve Cryptography).

The problem of prime number factorisation forms the basis of RSA security.  Currently, a classical supercomputer would take thousands of years to factorise a 2048 bit number, as used in modern RSA keys.  However, a CRQC could, in theory, complete this calculation in a matter of hours and minutes, rendering existing protections ineffective.

Symmetrical encryption algorithms such as AES (Advanced Encryption Standard) are not immune to quantum threats either.  Grover’s algorithm (another important quantum algorithm) can significantly lower the level of security provided by this encryption technique.  For example, AES-256 (which currently offers 256 bit security) would have its resistance reduced to around 128 bits in a post-quantum world.  This does not imply immediate vulnerability, but it highlights the need to reconsider key sizes and security protocols.

Risk scenarios and potential impacts

One of the most concerning strategies used by hackers is known as ‘Harvest Now, Decrypt Later’.  This technique involves the systematic gathering of encrypted data today, with the intention of deciphering it at a later date, once CRQCs have become available.  This approach poses a silent but potentially devastating threat, as sensitive data gathered now could be exposed in the future.

This strategy is paraticularly alarming because a lot of information maintains its value over time.  Financial data, intellectual property, healthcare details and state secrets could be compromised years after their initial protection, with serious, unpredictable consequences.

Cryptographically Relevant Quantum Computers not only threaten data privacy, but also other cornerstones of IT security, such as authentication and data integrity.  Widely used digital signature algorithms (such as DSA or ECDSA) are based on vulnerable mathematical principles similar to the Shor algorithm.  In a world of functioning CRQCs, attacks could therefore:

  • falsify digital signatures on documents or for software;
  • compromise the authentication of secure communications;
  • impersonate legitimate users or services;
  • manipulate digital certificates and public key infrastructures (PKI).

Such scenarios would make it extremely difficult (if not impossible) to guarantee the digital identity of all those involved in online commmunications or transactions.

Timescales and estimated CRQC availability

The most urgent issue regards the timescale required to build a functioning CRQC.  Sector experts have offered varying estimates, but the growing consensus is that these machines could become a reality within the next decade.

At present, the most advanced quantum computers operate with around 150-200 physical qubits subject to errors and instabilities.  To obtain stable logical qubits (necessary for complex encryption calculations), a large number of physical qubits are required in order to enable the use of quantum error correction techniques.

Roadmaps prepared by sector leaders such as IBM suggest that quantum computers with 200 logical qubits could be available by 2029-2030.  In any case, in order to breach modern encryption techniques effectively, between several thousand and several million qubits are required, depending on the specific algorithm and its uses.

The majority of experts estimate that truly efficient CRQCs will be developed in the mid 2030s, although the real timescale could vary considerably, depending on future technological progress and investment in the sector.

In conclusion, it is apparent that the quantum threat to encryption will bring fundamental changes to the nature of IT security, comparable to the introduction of the internet or cloud computing.

Organisations that recognise this as a genuine risk and take action accordingly will be able to navigate this epic transition successfully, while those that put off dealing with it could become vulnerable in the not so distant future.

 

Translated by Joanne Beckwith

Alice Sommacal

I am a Project Manager, Journalist, and a Blogger who is Passionate about writing. I believe that in every phrase there is scope for improvement and that every original version of a text should be perfected, by fine-tuning the words until a truly special result is achieved. It is thanks to these views that I have learnt the Difference between being Ordinary and Extraordinary: an abyss, which anyone wishing to satisfy their readers cannot afford to overlook.

→ Alice Sommacal

Related Posts

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only