Labs Prepare To Exploit and Counter Quantum Computing in Crypto
Quantum computing offers the potential for cracking cybersecurity far beyond existing capabilities, and U.S. government laboratory researchers are hard at work developing ways of countering its attacks on secure crypto systems. Similarly, the private sector is accelerating its efforts to exploit quantum computing to keep ahead of peer adversaries in all aspects of crypto operations.
These points were discussed in a micro keynote on the final day of AFCEA’s TechNet Cyber 2023, held in Baltimore May 2-4. Titled “The Urgency of Action: Focused, Aligned and Ready,” the conference and exposition is focusing on the collaboration necessary to maintain effective cyber vigilance in all corners of the information realm.
And collaboration between government and industry is the key to staying ahead of other nations and even organizations in quantum computing operations. Citing the migration to post-quantum cryptography, Bill Newhouse, cybersecurity engineer and project lead, National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence, described how NIST is trying to find new algorithms that could run in traditional classic computing that would protect against quantum computing decryption. Time is of the essence because existing data secured by existing crypto methods could be cracked by future quantum capabilities.
That point was emphasized by James L. Matney, vice president, defense strategy, Defense Division, General Dynamics Information Technology. “The threat is now because they are harvesting the data now,” Matney said of adversaries.
Explaining how quantum computing is a serious threat to cybersecurity, Matney pointed out that the qubit capability of quantum computing is doubling every year. Companies are exceeding earlier estimates of the processing power they can realize with quantum computing, and different algorithms could be used to shorten the quantum computing development timeline. The technology is more than just evolutionary.
“Quantum computers aren’t necessarily just the next generation of a classical computer,” Matney said. “It [quantum computing] is completely different in the way that it computes and actually stores information.”
The NIST cybersecurity center is working to validate new quantum-resistant algorithms that have been selected only in draft so far, Newhouse allowed. It is working closely with industry, having signed cooperative research and development agreements (CRADAs) with 19 different companies. Discovery technology from these CRADAs is brought into the lab, and NIST will publish what it has learned from those tools in late summer.
NIST will be working toward validation, but none of the old algorithms will be deprecated right away, he added. “Maybe on the day that we know a cryptographically relevant quantum computer exists, NIST would say, ‘We need you to stop using those algorithms.’ But until we have more evidence in that space, it’s going to be a measured approach,” he stated.
The elephant in the computing room is artificial intelligence (AI), and it offers to add a new dimension to quantum computing decryption. Newhouse pointed out that AI already has been used to attack crypto algorithms, and if it is shared, the danger will be available to more adversaries faster.
Matney expanded on the effect of AI on quantum computing. “Quantum computing will make AI what it was envisioned to be,” he declared. “It will make a lot of the different optimization-type problem sets more of a reality.” Solving these optimization problems will draw on the strength of quantum computing, he added.
Effectively, the researchers developing quantum computing and those trying to counter its effects are racing against time. “This is a threat that is not just to the DoD, it’s something that can impact across the world,” Matney warned. “This isn’t a one-and-done type of situation. This is something that will have to be continuously monitored to ensure that we understand the threat as quantum advances, but then also making sure … that we are implementing [new solution sets] to make sure we stay secure across the enterprise.”