Will quantum break traditional cryptography?
The realm of cryptography is never a static one, a constant push and pull of breaks and patches with the goal of absolute security at the forefront of it all. As we move into an increasingly emerging quantum age the dynamics are changing, however, and could shake traditional cryptography and cybersecurity to its core.
To understand the changing landscape of cybersecurity, the concerns over quantum in the cryptography space, solutions to these concerns, and what the future holds for these fields, Electronic Specifier spoke to Jon Maliepaard, CEO of Crypta Labs.
The changing landscape of cybersecurity
These is a growing awareness and interest in quantum computing that is continually being spurred on by advancements in other emerging technologies such as AI. This awareness is, however, seen as somewhat speculative in nature, with many investing in the field without a clear direction of where it might actually end up, “many people are placing their bets, but nobody knows where it’s going to go,” attributes Maliepaard.
“Quantum computing is very much still in its infancy. It is so in its infancy in fact that we’re probably not even at a ZX Spectrum (a simple PC) level of traditional computing on the quantum side,” he explained. However, there is a considerable potential for breakthroughs to emerge, similar to those in AI over the past few years. There are certainly parallels to be had between the emergence of these technologies, “who’s to say there won’t be a crazy breakthrough that could just happen, like what happened with AI,” he says, touting the work of OpenAI and ChatGPT which brought AI to the forefront of people’s lives.
The ZX Spectrum is an 8-bit home computer developed by Sinclair Research in the 1980s. It was designed to be small, simple, and most importantly inexpensive, with as few components as possible.
Maliepaard also put forward that increasingly, the advent of quantum computing is creating a new awareness among companies about their cybersecurity vulnerabilities. This has led to a re-evaluation of security practices, as stated by Maliepaard: “It’s definitely created a groundswell of awareness for companies to look at what they’ve been doing so far, and more importantly what they need to do in the future.” However, it is worth noting that whilst the threat is certainly present, there is also a temporal distance of quantum threats. The threat posed by quantum computers to current encryption methods might be “a decade or more away,” says Maliepaard, which gives forward-thinking companies time to prepare.
The future advent of quantum computing has also brought on thought regarding the development of “post-quantum algorithms,” which is the need for cryptographic systems that are secure not only from classical computers but also quantum ones whilst maintaining the ability to interoperate. However, Maliepaard remains sceptical in this area, with current work on algorithms effectively un-testable in their effectiveness against future quantum computers: “We can’t unequivocally say that a quantum computer won’t be able to break these algorithms.”
We are already seeing a level of urgency amongst official international governments, taking the US government’s stance and directives on becoming quantum resilient as an example. The US has become a major driver of change in the cybersecurity landscape, with specific deadlines set creating urgency and need. Maliepaard expanded: “The US government has very clearly come out and said you need to be doing everything you can to become quantum resilient.”
The cybersecurity landscape is in flux, driven by the nascent but potentially revolutionary field of quantum computing. There is a sense of both excitement and caution, with an emphasis on the need for preparedness and adaptation in the face of uncertain but significant technological advancements.
The quantum threat to traditional cryptography
At present, the threat posed by quantum to traditional cryptography methods is, explains Maliepaard, “practically nothing,” touting the infancy of the technology as being a key hindrance. When compared to the current cryptography standards, quantum computing capabilities simply aren’t there – yet. As Maliepaard encapsulates: “The kind of traditional cryptography that can be cracked on a laptop today is maybe years away from being replicated on a quantum computer.”
Maliepaard did however attribute credibility to the notion that there is a future threat, highlighting Shor’s Algorithm as a significant theoretical framework for understanding how quantum computing might impact cryptography. “Shor’s Algorithm is effectively a computational theory of how a quantum computer will attack an algorithm to crack it,” explains Maliepaard. The method utilises the properties of quantum to efficiently solve integer factorisation, undermining the security of cryptographic systems that rely on the difficulty of factoring large numbers.
It is for reasons such as these that Maliepaard agrees that the advancement of quantum computing will eventually render traditional cryptographic methods obsolete. “At a certain point, once a quantum computer is able to have enough qubits which are error-correcting…, it’s game over for traditional encryption,” he adds.
As previously mentioned, in anticipation of these developments there is a significant push towards post-quantum cryptography. Maliepaard notes that there is an overwhelming consensus in the field regarding the necessity to transition towards newer cryptographic methods, as traditional methods become vulnerable. “Everybody is talking about post-quantum algorithms and implementing them wherever they possibly can.”
We are at a key transition point in the field of cryptography, driven by the anticipated advancements in quantum computing. While the immediate threat is minimal, the future implications are profound, necessitating a proactive shift towards more resilient cryptographic methods.
Addressing quantum concerns
Whilst this all sounds very daunting, and like there is nothing that can be done, there are emerging technologies out there to address these concerns. Maliepaard puts forward Quantum Key Distribution (QKD) as an example of this: “QKDs readily address this sort of stuff. It’s something that is quantum proof, verifiably.”
However, despite the availability of such technologies, Maliepaard points out that the are practical challenges in implementing these solutions across the common devices of the masses, such as mobile phones or home networks. In the near term, this isn’t something which Maliepaard believes feasible. The ongoing struggle to keep up with evolving threats is, and almost always has been, “a constant game of Whack-a-Mole,” says Maliepaard, demonstrating the dynamic nature of the field and the continuous effort required by cryptographers to stay ahead.
While solutions to quantum computing's challenge to cryptography exist, their implementation and adaptation across various technologies and platforms remain a significant hurdle. More work will need to, and is currently, being done in order to bring security to the devices of the masses.
What’s in the future for cybersecurity and cryptography?
Within the cybersecurity and cryptography space, there is an identifiable shift towards post-quantum algorithms, for reasons previously mentioned, something Maliepaard readily agrees with: “The first step is that we are heading towards post-quantum algorithms.” This is a crucial step towards advancing cybersecurity.
For Maliepaard, an essential component of this, which Crypta Labs themselves are actively working on, is the integration of Quantum Random Number Generators (QRNG). The use of QRNG alongside post-quantum algorithms can ensure entropy and reliability, essential for successful cryptography. Implementation of these advanced technologies, like QRNGs or QKDs, is not without its challenges and costs, particularly for manufacturers. Maliepaard pointed out the need for dedicated hardware and the associated expenses, highlighting a barrier to widespread adoption.
There is also a need for improved direction from the scientists behind the technologies, the lack of resulting in an observed uncertainty in the market. As Maliepaard suggests: “The market is at a stage where it’s not quite sure where to go,” requiring definitive guidance from quantum scientists.
Whilst acknowledging the presence of technologies like QRNG and QKD, Maliepaard also suggests that these technologies need further development and maturation to be fully effective and widely adopted. As things stand, these cutting-edge developments have not been cracked, nor shown vulnerability, but will undoubtedly face challenge. As Maliepaard puts it: “Everybody’s going to be going after it now, you’re the baseline, and people want bragging rights.”
These themes indicate a period of transition and evolution in cybersecurity and cryptography, with emerging technologies like post-quantum algorithms and QRNGs playing a pivotal role. However, the path forward involves navigating practical challenges, market uncertainties, and the need for continued testing and verification.
Share your views on the advent of quantum in cryptography in the comments below, or brush up on quantum computing some more here.