• United States




The quantum computing cyber storm is coming

Jul 09, 20185 mins
Data and Information SecurityEncryptionTechnology Industry

What cyber leaders need to know now to protect their critical data in the quantum era.

binary code
Credit: Thinkstock

As technologies advance, they can solve a lot of problems. Radio linked our continent-wide nation with nearly-instant communications. Electric lights made it so we could keep working long after the sun went down. Computers, and later the Internet, created a myriad of new opportunities and entire industries that most of us owe our livelihoods to today.

But as wonderful as technological advancements are, they can also be disruptive, shaking up the status quo and sometimes instantly making the ways in which we live and conduct business obsolete. The more revolutionary the technology, the greater the disruption.

Of all the currently emerging technologies, quantum computing is probably near the top of the list when it comes to revolutionary potential. The disruption that will follow in its wake, especially for established technologies like encryption, could be nothing short of a Category 5 mega storm.

Quantum computing’s evolving science

Once the realm of science fiction, quantum computers fundamentally change the way computation is done in a way that almost seems more like magic than science. Instead of circuits, they operate with quantum bits, or qbits. Unlike today’s computers where circuits process data in terms of binary ones or zeros, qbits exist in a superposition where they sit in every state from one to zero, and the infinite states in between, all at the same time. This gives them the theoretical power to look at every possible solution to a given problem instantly, while a digital computer must try each possibility one at a time.

Right now, the only thing holding back quantum computers are physical engineering challenges, and many people in both government and the private sector are working to overcome them.

Encryption protection in the crosshairs

Which brings up encryption, and the dangers of protecting digital information using that technology as quantum computing advances. Right now, the main ally of encryption is the time that it would take, using digital computers, to break into an encrypted file. Most modern encryption systems like Diffie-Hellman and RSA are based on the premise that it would take too long for hackers to carry out the mathematical calculations required to reveal encryption keys.

But quantum computing doesn’t follow those rules. It doesn’t need to try one combination at a time. Using its qbits, it can try every combination at once, and then present the “correct” solution in a matter of seconds. The only thing keeping current encryption from cracking open like an egg smashed by a sledgehammer, are the limited number of qbits available to today’s quantum computers, which are steadily advancing.

The scientists at NIST have seen this danger. A report from the agency clearly states the danger quantum computing will pose to encryption. The report notes that “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.” The only solution, according to NIST, is to “begin now to prepare our information security systems to be able to resist quantum computing.”

Hackers aren’t waiting. Potential attackers are stealing encrypted data right now, with the expectation that quantum computers will let them break those locks in the near future. Anyone without the proper data protection today, risks a quick breach as soon as quantum machines are available.

Data protection in a quantum world

The problem of quantum computers defeating encryption is still evolving. Few people fully understand the scale of the problem, and fewer still have any idea what to do about the pending crisis. There are however, a few innovators working to follow the NIST recommendation to prepare for the coming storm.

Most of the solutions involve using quantum computing, or at least quantum mechanics, to try to create a lock that a quantum computer can’t solve. As such, post-quantum cryptography is distinct from typical AES encryption today.

In one example, Luxembourg-based satellite operator SES is working to establish the Quantum Cryptography Telecommunication System (Quartz), which will be a new platform for future advances in encryption key distribution for geographically dispersed networks. The satellite-based QKD system uses photons from space to protect the encryption keys.

IBM researchers are developing a new encryption scheme built on mathematical lattices, where data is hidden within complex algebraic structures. The idea is to prevent quantum computers from using their try-everything-at-once power of decryption by layering more complex encryption behind the original problem and making it so that the entire lattice can’t be probed at the same time.

Meanwhile, a newly launched company called Quantum Xchange has developed a way to use the technology of Quantum Key Distribution (QKD), where cryptographic keys are generated based on unbreakable quantum phenomena, to build the first nationwide network for safely securing files, and transmitting them over any distance. Unlike the other solutions in development, the Quantum Xchange network is already available, and fixes the shortcomings inherent with modern-day encryption, plus the threat of data being mined today for cracking by quantum computers in the near future.

The disruption that will be unleashed by quantum computing is coming, but we aren’t powerless to protect our data when the storm breaks. By investing in the proper defenses now, those who plan ahead can keep their cool and protect their critical data when everybody else is either panicking or drowning in a sea of quantum disruption.


Alan Usas is Program Director and an Adjunct Professor of Computer Science for the Executive Master in Cybersecurity program at Brown University. The program equips industry leaders to address the global, technical, and policy challenges of cybersecurity issues. Alan is responsible for coordinating the work of academic, professional, and administrative personnel to establish the program and to achieve success and growth.

Earlier in his career, Alan led engineering teams in developing successful hardware and software products to secure networks, systems, and data. At Tandem Computers, now part of HP Enterprise, he managed software development for the SAFEGUARD access control system and led the development of cryptographic products for the Atalla Division. Alan held executive engineering positions at several startup companies that were designing enterprise access control and network security appliances.

Alan also held senior operational roles in information technology. In 2003, he joined Brown University as Assistant Vice President for Computing and Information Services where he had responsibility for the data, voice, and video network, core enterprise systems, and information security. Most recently, he was Chief Information Officer at the Yale School of Management. Additionally, he has held faculty appointments in electrical engineering and computer science at Princeton and Brown universities. Alan earned his bachelor’s at Princeton University and Master’s and Ph.D. at Stanford University, all in electrical engineering.

The opinions expressed in this blog are those of Alan Usas and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.