Last August, the National Institute of Standards and Technology (NIST) released the first three “post-quantum encryption standards” designed to withstand an attack from a quantum computer. For years, cryptography experts have worried that the advent of quantum computing could spell doom for traditional encryption methods. With the technology now firmly on the horizon, the new NIST standards represent the first meaningful step toward post-quantum protections.
But is quantum computing the threat to encryption it’s been made out to be? While it’s true that quantum computers will be able to break traditional encryption more quickly and easily, we’re still a long way from the “No More Secrets” decryption box imagined in the 1992 movie Sneakers. With energy demands and computing power still limiting factors, those with access to quantum computers are likely considering putting the technology to better use elsewhere — such as science, pharmaceuticals and healthcare.
Remember the electron microscope theory?
I’ve spent a long time working in digital forensics, and it’s given me a unique perspective on the challenges of quantum computing. In 1996, Peter Gutman published a white paper, “Secure Deletion of Data from Magnetic and Solid-State Memory”, which theorized that deleted data could be recovered from a hard drive using an electron microscope. Was this possible? Maybe — but ultimately, the process would be incredibly laborious, resource-intensive and unreliable. More importantly, it wasn’t long before hard drives were storing information in such a densely-packed manner that even an electron microscope had no hope of recovering deleted data.
In fact, there is almost no evidence that such an electron microscope was ever successfully used for that purpose, and modern testing confirms that the method is neither practical nor reliable. But the fear was real — and it led to the U.S. Department of Defense (DOD) issuing its famous “7-pass wipe” method of data erasure to eliminate any forensic evidence that an electric microscope could theoretically detect. Should we take such extra precautions with sensitive or classified data? Of course. But the threat was nowhere near as dire as it was made out to be. When it comes to quantum computing, we may be heading down a similar road.
The practical reality of quantum computing
First, it’s important to understand how quantum computing works. Despite the way movies like to portray hackers, it isn’t a magic wand that will instantly end cryptography as we know it. It will still need to be fed individual messages and tasked with breaking encryption — which means attackers will need to have a pretty good idea of which messages contain valuable information. That might sound easy, but more than 300 billion emails are sent each day, along with trillions of texts. There are ways to narrow the scope of the search, but it still requires the attacker to throw an awful lot of computing power at the problem.
That leads me to the real issue: Computing power is not infinite. Quantum computing is at the cutting edge of technology, which means your average script kiddie or hacker collective isn’t going to be able to get their hands on it. The only players who will have access to quantum computers (and the energy needed to run them) will be nation-state actors and large corporations like Google, Microsoft and AI companies. To put it simply, quantum computing is initially going to be expensive and not as fast to market as many have opined — and that means nation-states will only have so much computing power at their disposal. The question, then, is this: Is breaking down encryption protocols really what they plan to spend it on?
The true use cases for quantum
The answer is a strong…maybe. To me, the real advantages in quantum rests in research, economic competition and global influence. That doesn’t mean quantum computers won’t be put to use cracking encryption if a hostile nation-state gets its hands on something they know is good — but it won’t be the primary way the technology is used. Look at it this way: If you’re a foreign power with access to the most advanced computer models on earth, what would you use them for? Would you go on a wild goose chase through millions of encrypted communications, or would you devote that critical time, energy and compute to cure cancer, eradicate dementia or create advanced new materials? To me, that’s a no-brainer. An individual attacker might be after short-term gains, but nations will think more long-term.
Quantum computing is likely to drive significant breakthroughs in the development of new materials and catalysts, leading to the creation of stronger, lighter composites for manufacturing and more reactive catalysts for chemical processes. That alone has the potential to revolutionize multiple industries, providing far greater long-term gain for the nation deploying the technology. Quantum computing has also shown promise in the pharmaceutical industry, helping researchers develop more effective drugs and other treatments in a fraction of the time. The technology is even being used to enhance space travel capabilities by enabling faster trajectory calculations, making navigation more accurate and optimizing fuel usage.
It comes down to a cost-benefit analysis. Only nation-states and large corporations will have access to quantum computing anytime soon — and will they really spend their limited computing power cracking encryption algorithms when they could instead be boosting their economic output and dominating financial markets? This isn’t to say that every use case for quantum computing is good — in the wrong hands, it could certainly be used in dangerous ways. But with so much focus on the so-called “quantum apocalypse” some believe is looming, context matters.
Is breaking encryption on the list of use cases for quantum computing? Yes. But it’s not high on the list. So before we spend billions of dollars to rip and replace every cryptographic algorithm in use, it might be time to take a deep breath and consider how quantum computing will actually be used.
Rob Lee is the chief of research and head of faculty at SANS Institute.
The post Beyond encryption: Why quantum computing might be more of a science boom than a cybersecurity bust appeared first on Venture Beat.
