Quantum computing has made significant advancements in recent years, and it is expected to continue growing in maturity. Experts predict that by 2030, commercial quantum computing offerings will be available to the mainstream market.
While the potential business applications of quantum computing are being explored, cyber criminals have taken notice of this technology. They now prefer to retain heavily encrypted data, rather than discard it, in anticipation of the future capabilities of quantum computing. This strategy, known as ‘steal now, crack later’, involves harvesting and storing encrypted data until quantum computing tools become available to decrypt the information.
Although it is not expected that cyber gangs will have access to powerful quantum computers in the immediate future, businesses must start preparing for the possibility that these machines may one day crack their encrypted data.
The longevity of data security is a growing concern. A recent Gartner report highlights that the Rivest-Shamir-Adelman (RSA) algorithm, a widely used encryption method, is vulnerable to quantum computing. Key cracking is one of the few mathematically solvable problems that quantum computing can address.
“Quantum computers are steadily advancing and gaining the power and stability required to pose a realistic threat to the widely-used public key encryption that currently protects sensitive data, applications, and transactions,” explains Greg Wetmore, VP of Software Development at Entrust Cybersecurity Institute.
While the exact timing of when a quantum computer will be capable of breaking current cryptographic algorithms remains uncertain, many experts believe it could happen within the next decade.
Gartner predicts that conventional asymmetric cryptography will become unsafe by 2029 and will require larger key sizes in just three years. However, Gartner’s senior director analyst and co-author of the report, Mark Horvath, assures that there is at least a decade before a 2048-bit key can be broken.
It is important to note that the ‘steal now, crack later’ approach is not likely to be feasible for most cyber criminals. The cost of accessing quantum computing power and the need for sophisticated tools currently make it impractical for them. Low-hanging fruit, such as social engineering or phishing, remains the preferred methods for most cyber criminals.
Nation-state actors or state-sponsored groups seeking highly sensitive information with potential national security implications are more likely to utilize quantum computing for nefarious purposes.
However, the security risks associated with quantum computing extend beyond the ‘steal now, crack later’ strategy. Breaking existing public key cryptography will impact the encryption used for secure communications and digital signatures. It may also affect critical infrastructure that relies on public key cryptography for hardware and software. Additionally, blockchain technology is susceptible to quantum computing, prompting major blockchain companies like Bitcoin and Ethereum to develop quantum-safe protocols.