Quantum Safe: How Cybersecurity Will Change in the Quantum Era
With the advancement of quantum technologies, particularly the development of quantum computers, the currently used methods of information encryption may become insufficient. Quantum computers, with their unique ability to perform computations at an extremely high level, have the potential to break the currently employed encryption algorithms.
For this reason, it is important for companies and government institutions to secure their information systems in a “quantum safe” manner, meaning they are secure against potential attacks utilizing quantum technologies. This applies to both the protection of transmitted data and the security of existing information resources.
If companies and government institutions do not follow this trend, there is a risk that their systems and data will be vulnerable to attacks that could lead to serious consequences such as the loss of confidential information or the disruption of key services.
Finally, securing “quantum safe” systems is also important from a future perspective. The earlier institutions and companies start implementing such solutions, the easier it will be for them to adapt to future changes and minimize the risks associated with transitioning to new quantum technologies.
The guest of Cyfrowa Ekonomia was Sebastian Zimnol, CEO of Quantum Cybersecurity Group. This company, a spin-off from the University of Gdańsk, specializes in quantum and post-quantum cybersecurity. They are developing the world’s largest ecosystem related to quantum information theory at the University of Gdańsk. You are invited to watch or read our interview:
Daniel Haczyk (Cyfrowa Ekonomia): What is the current state of development of quantum mechanics and quantum computers?
Sebastian Zimnol (CEO Quantum Cybersecurity Group): Our company does not focus on building quantum computers, but our activities are related to protecting against their potential threats. We produce specialized devices and software that ensure security in the face of quantum technology development. Why are we doing this? Quantum computers today are not advanced enough to pose a threat to cryptographic keys. But we know their potential. For example, the largest current quantum computers from IBM have 433 qubits. When this technology develops, it could become a serious threat to cryptography.
Daniel Haczyk: Are you referring to keys like SHA 256, 512 bits?
Sebastian Zimnol: Yes, exactly.
Daniel Haczyk: What is your response to this development?
Sebastian Zimnol: We use quantum and post-quantum technologies to secure keys against potential breaches. We employ quantum random number generators that generate much larger keys. Currently, we do not use a public key that is vulnerable to attacks using Shor’s algorithm*. Our technology prevents the reconstruction of the private key based on the public key.
*Editor’s Note: Shor’s algorithm is a quantum algorithm created by mathematician Peter Shor in 1994. It was designed to efficiently factorize numbers into their prime factors, breaking down numbers into smaller prime numbers. For example, the number 15 can be broken down into the prime numbers 3 and 5.
Shor’s algorithm is significant because it poses a potential threat to the security of many currently used cryptographic systems, including RSA, which relies on the difficulty of factoring large prime numbers for its security. A quantum computer executing Shor’s algorithm could factorize these large numbers much faster than traditional computers, potentially breaking these encryption systems.
Daniel Haczyk: For example, in the case of Bitcoin, this problem was solved by generating a new address for the change of Bitcoin after each transaction. Is that correct?
Sebastian Zimnol: Yes, exactly. Currently, with the public key, quantum computers can break the private key. When quantum computers with 4,100 qubits are developed, breaking the RSA key will not be a problem. What is currently practically impossible for traditional computers will become a matter of seconds for quantum computers. It will pose a huge threat to global information exchange.
Data is being collected worldwide, which currently cannot be read, awaiting a quantum computer that will enable its decryption. That’s why we use true random number generators instead of commonly used pseudorandom ones to secure this information.
Daniel Haczyk: What are true random number generators?
Sebastian Zimnol: In our technology, we use quantum mechanics to generate keys. We send photons that behave absolutely randomly. Based on the information from a detector that records these photons, we generate a key. Its randomness is absolute because we cannot predict when and in what state a photon will appear. Unlike pseudorandom number generators that are common in today’s computers and are based on mathematical algorithms that can be broken, our process is completely unpredictable.
Daniel Haczyk: Are prime numbers crucial in this security technology?
Sebastian Zimnol: Yes, prime numbers are important. All the numbers used in our key are involved in its generation. We only send the key through our quantum system using entangled photons, where the same pairs of photons carry the same information. We send that key, and the information and data flow through standard systems. This means that data encrypted with this key cannot be broken because there is no public key.
Daniel Haczyk: I understand, this will introduce significant changes in all security measures.
Sebastian Zimnol: Exactly. Currently, almost everything we know, all our devices, our text messages, messengers, banking transactions, phones, are encrypted. They are protected by standard cryptography, where we have a public key and a private key. However, this will change when quantum technology becomes widespread. It’s not a matter of “if,” but “when.” Then, the current security measures will no longer be as effective.
Daniel Haczyk: How do classical computers differ from quantum computers?
Sebastian Zimnol: Classical computers process information binary, using 0 and 1. For example, when cracking a password, a classical computer tries all possible combinations one by one. Quantum computers, through the entanglement of photons, can perform these operations in parallel, which gives us significantly faster results. This allows us to break keys that would take millions or even billions of years for a normal computer in seconds or minutes.
Daniel Haczyk: Do quantum computers bring us closer to achieving the so-called technological singularity, the point in technological development where machines become more intelligent than humans?
Sebastian Zimnol: Currently, we are aware of two aspects. Firstly, with the emergence of artificial intelligence, we will have to change our approach to how we think about technology. It seems to me that the key may lie in combining artificial intelligence with quantum computers. Machines can already perform complex tasks. With tools like Chat GPT, we have machines that generate texts that are hard to distinguish from texts created by humans.
Daniel Haczyk: So, machines might soon lead all technological innovations in a faster and more efficient way?
Sebastian Zimnol: Exactly, that’s what I expect. Just this morning, while driving to InfoShare, I listened to an interview with Google’s chief AI specialist. He said that artificial intelligence, combined with new technologies, can pose a threat to the world.
Daniel Haczyk: It sounds a bit like science fiction. Do you believe that humanity is capable of achieving a state referred to as “computronium” using artificial intelligence?
*Editor’s Note: Computronium is a hypothetical form of matter that is perfectly optimized for computational purposes, surpassing the efficiency of any currently known forms of computation. The term was first used by scientist Norman Margolus and computer scientist Tommaso Toffoli at MIT to describe “programmable matter,” an optimal substitute for silicon in computers.
In extreme futuristic visions, for example, in the context of technological singularity, computronium may be seen as the ultimate goal of technological evolution, where entire planets, stars, and even universes can be transformed into massive, efficient computers.
Sebastian Zimnol: That is an interesting question. Currently, we are facing two key issues. Firstly, we need to realize that we do not have full control over new technologies. We do not have full regulation of these systems. This is one of the most important challenges we must address. We need to determine what we want to achieve, how we want to achieve it, and above all, how to ensure proper regulation and certification of the technology. Without this, we may find ourselves in a difficult situation. This is what we need to consider: how do we want to control this situation when technology becomes so advanced.
Daniel Haczyk: Currently, the biggest threats to cybersecurity are ransomware, phishing, DDoS attacks, and attacks on IoT and artificial intelligence systems. How can this evolve in the future?
Sebastian Zimnol: It will certainly change. When advanced systems like the ones we are developing are implemented, some of these attacks will no longer be possible. For example, our quantum random number generators can detect any eavesdropping attempt. Similarly, DDoS attacks will not be possible because any hardware manipulation will be detected, and the flow of information will be immediately blocked. However, spam attacks that come through email will still exist because this part of communication is not yet encrypted by us. Education will be crucial here, and artificial intelligence can help us distinguish between legitimate and malicious messages.
Daniel Haczyk: Can the technologies you are developing eliminate cyberterrorism?
Sebastian Zimnol: Yes, I believe so to a large extent. Our technologies can protect against attacks that are already happening, but also future threats such as potential quantum attacks. As I mentioned earlier, it is important today to protect our information because every minute lost means lost information. If we don’t secure it now, someone with a quantum computer will be able to read it. That’s why it’s so important to increase public awareness of new information security technologies. For example, President Biden has issued a decree requiring all government agencies to be quantum-safe by the end of the year, and from next year, all American companies. This is a response to what is already happening in China, where they are implementing a quantum network, connecting large factories and offices to it. In Europe, a similar project is also developing – EuroQCI, the European Quantum Communication Infrastructure, where 22 European countries have agreed to build a quantum-based communication infrastructure to protect against external attacks.
Daniel Haczyk: In summary, what is the difference between current cryptography and the one that will be used in the future?
Sebastian Zimnol: Current cryptography is based on a private and public key. When two machines communicate with each other, the public key is used to send information, and the private key is used to decrypt it. In post-quantum and quantum cryptography, there will be no such division. The information is encrypted only at one level and is transmitted using entangled photons, which operate at the hardware level rather than software. The state of these photons determines the size of the key being transmitted, making such encryption impossible to break. Quantum computers will not be able to extract the private key from the public key because such a division will no longer exist. If someone tries to attack one of the photons, its state will change, and we will learn about the eavesdropping attempt, preventing the exchange of information.
Summary
Quantum computers, when they reach full computational power, can have a significant impact on cybersecurity. Many of today’s standard cryptographic protocols, such as RSA and ECC (elliptic curve cryptography), which form the basis of most current security systems, may be vulnerable to quantum attacks. For example, the Shor’s algorithm uses the computational power of quantum computers to efficiently solve the factorization problem, which can break RSA cryptography.
However, it is equally important that the world of science and technology is already preparing for the “quantum era” by developing new cryptographic techniques. Polish company Quantum Cybersecurity Group, whose CEO we had the opportunity to talk to, is creating innovative solutions in the field of Quantum Safe.
Quantum cryptography and post-quantum cryptography are two different areas of research that address the growing challenges arising from the development of quantum computers. While quantum computers have the potential to drastically accelerate certain computations, they can also pose a threat to existing cryptographic systems.
Quantum cryptography is a type of cryptography that uses quantum phenomena to perform cryptographic tasks. An example is the Quantum Key Distribution (QKD) protocol, which allows two parties to share secret information, such as cryptographic keys, with a guarantee that they cannot be eavesdropped on without detection. The most well-known example of QKD is the BB84 protocol, proposed by Charles Bennett and Gilles Brassard in 1984. In this protocol, the key is generated by exchanging single-photon signals between the two parties. Due to the Heisenberg uncertainty principle, any attempt to eavesdrop on and measure these photons by a third party will affect the result, enabling the detection of eavesdropping.
On the other hand, post-quantum cryptography (or quantum-resistant cryptography) is a research area focused on creating cryptographic systems that can withstand potential threats from quantum computers. Many currently used cryptographic systems, such as RSA and ECC, rely on the difficulty of factoring large prime numbers or the discrete logarithm problem – tasks that quantum computers can potentially solve efficiently. Post-quantum cryptography aims to develop new algorithms that are difficult to break even for quantum computers. Examples include lattice-based cryptography, error-correcting codes, multivariate polynomials, and hash-based cryptography.
Therefore, both these fields aim to secure communication in the face of the development of quantum technologies, but they do so in different ways: quantum cryptography utilizes the principles of quantum mechanics for secure information transmission, while post-quantum cryptography focuses on creating cryptographic algorithms that are resistant to attacks using quantum computers.