Major  advances  in  physics  and  materials  science are  necessary  to  build  stable quantum computers
            powerful  enough  to  herald  breakthroughs  in  computing.  But  given  the  rapid  advance  of  both  fields,
            computer scientists as a whole believe that the next generation of the field will be dominated by quantum
            computing.




            Quantum codebreaking: a major risk to privacy and national security

            Promoting the safe research and development of QC in the United States is vital for the country to remain
            macroeconomically competitive in the next generation of computing. But there are also major risks that
            this disruption brings, most notably within national security.

            Cryptography is the area most imminently impacted by quantum computing. Nearly half of the encryption
            powering modern identity verification and the protection of secrets online is vulnerable to attacks that
            leverage quantum computers’ parallelization capabilities.

            With a modern computer, a codebreaking attack to search for a 2048-bit RSA private key (such as those
            used to protect cryptocurrency wallets and encrypt private communication between users and websites)
            would take longer than the lifetime of our universe. But using a quantum computer and a technique known
            as Shor’s Algorithm, this attack could take minutes.

            Shor’s Algorithm and other QC codebreaking methods are well known in intelligence and national security
            circles. They were researched decades ago and are still researched intently by government groups and
            defense contractors. US federal programs such as NIST’s Post Quantum Cryptography (NIST PQC)
            program have spent the last decade developing new cryptography resistant to known quantum code
            breaking techniques.

            While drafts of this new post-quantum cryptography exist and are undergoing review and implementation
            in code across the public and private sector, there are no laws or regulations that exist to guide when
            and how they should be broadly deployed.

            It is likely that NIST’s FIPS 140, a certification program to verify cryptographic security for military use
            cases across the US and many NATO countries, will eventually address QC defense. But for the private
            sector and many non-military government use cases, no such programs or initiatives to migrate to post-
            quantum cryptography exist.

            Lawmakers in the US will likely have to create new rules and regulations to push tech companies (and
            the internet at large) to migrate quantum-vulnerable cryptography to new post-quantum counterparts.

            Failure to do so means that the cryptography used to identify users and protect privacy online is rendered
            vulnerable to adversaries such as governments and major non-state cybercrime actors.











            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          52
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.