Threat 2: Making Asymmetric Cryptography Obsolete
Implementation of a practical quantum computer will render most current asymmetric encryption methods unsafe, such as RSA, Diffie-Hellman (DH), and Elliptic Curve Cryptography (ECC).
Back in 1994, Peter Shor developed a theoretical quantum algorithm to find the prime factors of a large integer. While important research, it was not considered an immediate risk, given the lack of the technology to implement quantum computers.
Now, however, quantum computing is much closer to becoming mainstream. In 2021, IDC estimated that by 2027, the market for quantum computing may grow to $8.6 billion, a 50% compound annual growth rate since its value of $412 million in 2020. It poses a “Quantum Threat,” a match for the complicated math problems previously unbeatable by classic computers. The world's data, currently protected by asymmetric cryptography algorithms such as RSA, DH and ECC, will soon become readable – and subsequently, easy for cybercriminals to infiltrate and bring down global digital security.
Put simply, a practical quantum computer could not only render traditional online activities insecure; it could break most of the security underpinning the internet.
Threat 3: The vulnerabilities of blockchain technology
Besides threatening current encryption schemes, quantum computing has the capacity to render blockchain technology extremely vulnerable. Because blockchain depends on the disseminated consensus of trust, achieved through the use of public-key cryptography, it is particularly susceptible to attacks that reveal a user’s private key given, only the public key.
A recent study found that 25% of all bitcoins in circulation and 65% of ether — the tokens in the Ethereum network — reside in addresses with a public key that is published on the blockchain. This means they could be stolen by leveraging a quantum computer with sufficient resources. Hundreds of billions of dollars’ worth of cryptocurrencies could be vulnerable to this attack vector.
Developing Post-Quantum Cryptography and Encryption Solutions
Although there is no consensus on a timeline for when practical quantum computers are expected to mature, it is clear that institutions with information that holds value beyond the next decade or so should prepare for quantum threats.
For organizations, it is important to build awareness of the threat quantum computing poses beyond the cybersecurity experts to the senior leaders and executive decision-makers. This will help organizations to develop a more cohesive response across different levels and stakeholders.
Governments and businesses have already begun preparing for a post-quantum world. For example, CISA and NSA recently released quantum-resistant algorithm recommendations andrequirementsfor critical infrastructure and national security systems based on thepost-quantum cryptography selections from NIST.
With time, it will become even more important to be agile. Organizations can focus their strategy on “crypto agility,” by which they will be able to switch between crypto algorithms seamlessly in case one or more become vulnerable to attack. For enterprises hesitant to adopt new and untested algorithms, there is the option of integrating classical and quantum-based solutions for a hybrid approach.
Other technologies, like Post-Quantum Cryptography, or technologies based on the characteristics of quantum mechanics – think Quantum Key Distribution and Quantum Random Number Generation – is also a way to strengthen cryptography.
As we have seen in recent years, companies unprepared for the worst outcome became victims to new and unstoppable breaches and ransomware attacks. Regardless of the uncertainty around quantum threats, taking necessary precautions and keeping an eye on the horizon could have a significant impact, beyond seamlessly transitioning companies in the quantum era. In fact, it may make all the difference as to whether or not a company will succeed in a post-quantum world.