The road to quantum-enabled cybersecurity in Australia

Australia is leading the way in many aspects of quantum-enabled cybersecurity. As issues of privacy and data protection become increasingly prominent, the need for advanced cybersecurity methodology looms large.

Australian quantum computing manufacturer Silicon Quantum Computing (SQC) recently announced the world’s first integrated circuit manufactured at the atomic scale, and is leading the world in developing silicon-based quantum computing.

Furthermore, the Australian Government has invested $1 billion in the form of a Critical Technology Fund as part of the broader National Reconstruction Fund, which will help to support home-grown innovation and production in areas like engineering, data science, software development, artificial intelligence (AI), robotics and quantum.

So, what exactly is quantum-enabled cybersecurity? As opposed to traditional hardware, quantum computers have the potential to vastly exceed the abilities of ‘classical’ computers for many types of calculations.

This science is the study of cryptosystems that would be secure against adversaries who have both quantum and classical computers, which can be deployed without drastic changes to existing communication networks and protocols.

As quantum computers can perform certain types of computations more efficiently than classical computers, they could pose a significant threat to current cryptographic cybersecurity systems. This is why there is a need for quantum-enabled cybersecurity.

While quantum computing still seems a long way off, cybercriminals are already collecting and archiving encrypted data with the view to crack them later when quantum technology is available. There are potential security implications for organisations, and early preparations should be put in place.

The US-based Department of Homeland Security (DHS), in partnership with the Department of Commerce’s National Institute of Standards and Technology (NIST), has already released a roadmap to help organisations protect their data and systems and reduce risks related to the advancement of quantum computing technology.

DHS’s new guidance aims to help organisations prepare for the transition to post-quantum cryptography by identifying, prioritising and protecting potentially vulnerable data, algorithms, protocols and systems.

The field of quantum cryptography is progressing, with one of the goals being the use of quantum computing to encrypt data. Additionally, post-quantum cryptography is examining ways to ensure encryption that can resist the brute-force strength of quantum computers.

That raises an important question — when will quantum computers be powerful enough to do this? The answer is at least five to 10 years away for widespread availability. After that date, any information protected by this form of encryption could become insecure. But with these areas still under development in both industry and academia, the outcomes and potential remain under investigation.

All roads lead to quantum-enabled cybersecurity

Quantum information processing, a field that includes quantum computing, quantum cryptography, quantum communications and quantum games, explores the implications of using quantum mechanics instead of classical mechanics to model information and its processing.

To put it technically, a quantum computer of sufficient size and complexity will be capable of executing Shor’s Algorithm, a proven method for breaking factorisation-based encryption that would take a classical computer billions of years of computing time to complete.

Many people worry that quantum computers will be able to crack certain codes used to send secure messages. The codes in question encrypt data using “trapdoor” mathematical functions that work easily in one direction, but not in the other. This makes encrypting data easy but decoding it hugely difficult without the help of a special key.

That’s because these encryption systems have never been unbreakable. Instead, their security is based on the huge amount of time it would take for a classical computer to do the job. Modern encryption methods are specifically designed so that decoding them would take so long that they are practically unbreakable. Quantum computers change this thinking. These machines are far more powerful than classical computers and should be able to break these codes with ease.

Immediate challenges

Because quantum computing computes in the quantum space, it makes sense that classical inputs must be made quantum. This means that quantum outputs of computing must be measured to be made classical before further processing takes place. This measurement also limits the amount of information that can be extracted from the quantum states, thereby reducing the potential acceleration of computing using quantum computers.

The requirement for quantum states of an almost perfect vacuum, or near-absolute zero temperature, and difficulty in maintaining the desired quantum states, means qubits interacting with the environment lose information. However, these challenges are being gradually overcome with advances in material science and continual improvements in control protocols of quantum operations.

Security implications for organisations

It’s important for organisations to work with cybersecurity officials to identify acquisition, cybersecurity and data security standards that will require updating to reflect post-quantum requirements. From these audits, organisations will be able to pinpoint where, and for what purpose, public-key cryptography is being used and mark those systems as “quantum vulnerable”.

Standards Australia recently hosted a forum exploring the key areas, challenges and opportunities for quantum computing in Australia following the breakthrough by SQC. Cybersecurity was identified as an area of priority and the forum identified that Australia should be actively involved in the International Organisation for Standardisation and the International Electrotechnical Commission’s joint technical committee’s working group for quantum computing, to contribute to the international standards and support the safety of this emerging technology.

Summary — early preparation key to future efficacy

Cybersecurity officials within all organisations should identify acquisition, cybersecurity and data security standards that will require updating to reflect post-quantum requirements.

Organisations should empower and ensure their Chief Information Officers increase their engagement with standards-developing organisations for the latest updates relating to necessary algorithm and dependent protocol changes.

Organisations should inventory the most sensitive and critical datasets that must be secured for an extended amount of time.

Finally, organisational leads should ask themselves the following critical questions:

• What other systems does the system communicate with?
• To what extent does the system share information with other entities outside of their organisation?
• Does the system support a critical national infrastructure sector?
• How long does the data need to be protected?
   

Only then can solutions be found to the challenges and long-term benefits of quantum-enabled cybersecurity.

Image credit: ©stock.adobe.com/sakkmesterke