Just Below the Cyber Horizon - Follow Up

17/04/2019

Following up on our recent 'Just Below the Cyber Horizon' blog post about the future impact of quantum computers, one of our industry colleagues (who supports our own cyber training programmes) added these personal reflections to the debate. We like the way he describes quantum mechanics as “magic”, and thank him for a very clear and understandable description of why they will change the whole cyber security game – it’s a matter of when, not if!

 

 

It is very difficult to comprehend the impact of new technologies without some grasp of how they work and, unfortunately, quantum computing theory is a bit mind-blowing! However, here goes for a [reasonably] simple explanation and some perspective...

Standard computers today, including 'supercomputers', handle information as a series of 0s and 1s called 'bits' where a bit can only be a 0 or a 1 at any one time; quantum computers on the other hand use 'qubits' which, through the magic of quantum physics, can represent both a 0 and a 1 at the same time... still with me? Because of this, the computational power increases exponentially with every qubit you add in. To give some perspective to this: a year ago, it was estimated that a quantum computer with a 50 qubit capacity could out-perform the most powerful supercomputers on earth at the time; this year, one company is shipping quantum machines with 2,048 qubit capacities and estimate they can increase that to 5,000 qubits by the middle of next year. In certain applications, quantum computers can do in one second what would take a conventional computer 10,000 years.

But it is not as simple as that...

The important thing to bear in mind is that, currently, quantum computers only excel massively in certain applications; unfortunately, one of those applications could be used for breaking encryption. Used globally to protect our data and communications from unscrupulous eyes and ears, 'public key encryption' such as RSA is virtually unbreakable using traditional computers; however, quantum computers using something called Shor's algorithm can factor numbers, and that will eventually break public key encryption as we know it; it is this application of quantum computing that the Global Risks Report is pointing to. There is much debate as to how long it will take quantum computers to evolve to a point where they can break RSA and estimates vary wildly, but one thing is certain: it is 'when' and not 'if'.

A final thought is on the cost of quantum computing. Machines available today are still very expensive, but arguably the cost of future quantum computers capable of breaking current encryption methodologies could be within the budget, compared to the supercomputers of today, of moderately-funded organised groups who exist to undermine our society and do us harm. Despite the emergence of newer, stronger encryption methodologies to defeat the threat posed to our current ones, quantum computing in the hands of the 'bad guys' is still a major risk: not only could it unlock our present day secrets through decryption later of data harvested today, but could also afford those dangerous actors better anonymity to carry out their evil work by virtue of the same technology.