Page 52 - Cyber Defense eMagazine September 2023
P. 52
Major advances in physics and materials science are necessary to build stable quantum computers
powerful enough to herald breakthroughs in computing. But given the rapid advance of both fields,
computer scientists as a whole believe that the next generation of the field will be dominated by quantum
computing.
Quantum codebreaking: a major risk to privacy and national security
Promoting the safe research and development of QC in the United States is vital for the country to remain
macroeconomically competitive in the next generation of computing. But there are also major risks that
this disruption brings, most notably within national security.
Cryptography is the area most imminently impacted by quantum computing. Nearly half of the encryption
powering modern identity verification and the protection of secrets online is vulnerable to attacks that
leverage quantum computers’ parallelization capabilities.
With a modern computer, a codebreaking attack to search for a 2048-bit RSA private key (such as those
used to protect cryptocurrency wallets and encrypt private communication between users and websites)
would take longer than the lifetime of our universe. But using a quantum computer and a technique known
as Shor’s Algorithm, this attack could take minutes.
Shor’s Algorithm and other QC codebreaking methods are well known in intelligence and national security
circles. They were researched decades ago and are still researched intently by government groups and
defense contractors. US federal programs such as NIST’s Post Quantum Cryptography (NIST PQC)
program have spent the last decade developing new cryptography resistant to known quantum code
breaking techniques.
While drafts of this new post-quantum cryptography exist and are undergoing review and implementation
in code across the public and private sector, there are no laws or regulations that exist to guide when
and how they should be broadly deployed.
It is likely that NIST’s FIPS 140, a certification program to verify cryptographic security for military use
cases across the US and many NATO countries, will eventually address QC defense. But for the private
sector and many non-military government use cases, no such programs or initiatives to migrate to post-
quantum cryptography exist.
Lawmakers in the US will likely have to create new rules and regulations to push tech companies (and
the internet at large) to migrate quantum-vulnerable cryptography to new post-quantum counterparts.
Failure to do so means that the cryptography used to identify users and protect privacy online is rendered
vulnerable to adversaries such as governments and major non-state cybercrime actors.
Cyber Defense eMagazine – September 2023 Edition 52
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.