Quantum computing, and how to use it to boost encryption


One thing’s for sure: no matter how hard cyber security professionals work to stop online criminals, there will always be new avenues of attack and technologies they will exploit to get what they want.

Quantum computing is one of these technologies and, as one security expert has warned this week, could change the game when it comes to online safety.

Put simply, quantum computing is a term that describes IT techniques that take advantage of the way that subatomic particles – the fundamental building blocks of all matter – can exist in more than one state at any time. While in classical computing information is conveyed in “ons and offs” – or 1s and 0s – quantum systems use quantum bits (or “qubits”) which can exist in a whole range of different states, and therefore store that much more information.

According to Jaya Baloo, CISO of KPN Telecom in the Netherlands, the technology will soon be industry standard, and organisations of all sizes should start preparing for it.

With attackers using quantum computing techniques, traditional methods of encryption become far less water-tight, says the European telecoms information security officer.

Most encryption keys are based on the idea that anyone trying to figure out the code by the process of elimination – or “brute forcing” it – but even the most basic quantum systems will be able to cut down that time to a fraction of what it was.

“Despite violent disagreements between cryptographers and physicists, it is not a question of if, but of when quantum computing will be a reality, and when it is, many of the current encryption techniques companies rely on will be open to cracking,” she explains.

“Enormous strides are being made towards building viable quantum computers, so it is important that information security professionals understand why this is a threat to many popular encryption methods and that they start taking action now to ensure they are in the best possible position when it happens.”

Baloo says that China is known to be one of the biggest investors in quantum computing tech, both for defensive and offensive purposes, and that the money put behind it in Europe is lagging behind.

As a result, she has three recommendations for security professionals to take into consideration.

First, companies and organisations should consider upgrading their encryption keys to the maximum possible length to help defend against the first wave of quantum attackers.

“Right now, organisations can extend their encryption key length by simply changing the appropriate configuration option, and thereby extend the lifespan of current algorithms,” said Baloo.

Second, those that handle very sensitive data – and a lot of it, like banks – should start investing in quantum security keys to improve the integrity and confidentiality of the data.

Thirdly, Baloo recommends replacing some existing algorithms with post-quantum ones. Just a little work could massively improve security.

“Organisations can already start considering what are their vital parts of their network where post quantum algorithms should be implemented and talking to their suppliers to ensure that the new algorithms will be supported by their hardware when the algorithms are released by Nist,” she said.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *