The Quantum Threat to Global Security
By Justin Sherman
Modern computers are about to radically change. Currently, these devices are restricted to a certain simplicity in their operation. Despite the speed and efficiency with which we run sophisticated programs on our laptops, tablets, and smartphones, these digital machines are functioning only in binary states — they can either register a 1 or a 0 at a single time — and as a result, complex calculations — like those required for something like chemical modeling — are often exceptionally difficult.
These challenges will begin to vanish with the advent of quantum computing. By leveraging physics principles such as superposition (where particles are in two states at once) and quantum entanglement (which links separate objects despite large physical distances), quantum computing will permit computers to make far more complex decisions. This will exponentialize our current computing power.
Such a development isn’t far off, and will likely be achieved in the next several years based on current advances. From integrating with virtual reality to advancing machine learning towards a “true” artificial intelligence, quantum computing will likely provide numerous benefits to society. It will also, however, have some drawbacks — primarily, threatening to upend all modern encryption.
Because contemporary devices make computations using just 1s and 0s, the strength of current “public key” encryption like RSA — which encrypts traffic over the Internet — depends on computers’ inability to factor large numbers. Previously unusable algorithms that could factor those numbers, however, will likely be enabled by quantum computing. Everything from banking systems, intelligence databases, military communications, and critical infrastructure all the way down to mobile phones, ecommerce transactions, and credit card information could be vulnerable. As quantum computers rapidly break what now takes a lifetime, human lives will be at stake.
From an access perspective, this has profound global security implications. If we fail to upgrade public key encryption protocols to quantum-resistant cryptography, whoever controls the world’s first quantum computer could gain direct, full-access control to any public key-encrypted and/or Internet-connected system in the world. This company, government, or individual could control systems publicly (i.e., manipulating stock exchanges, deactivating electrical grids, etc.), or could decide to manipulate everything quietly (i.e., throwing elections, stealing trillions of dollars, etc.), or something totally out-of-the-box. No matter which way we look at it, the outcomes are disastrous if we don’t have quantum-resistant encryption in place.
The immediate step the United States needs to take is investing in quantum cryptography. This means starting and funding projects at the policy level, supporting and contributing at the research level, and developing talent at the education level. As current cybersecurity initiatives have shown us, collaboration is necessary if the world is to properly defend itself from what is to come.
Once successfully developed, it will require a concerted effort on the part of business leaders, technologists, policymakers, and the public to make quantum encryption a reality across devices — as NIST just specified in their recent call for quantum-resistant cryptography. But even this, while a desirable result, would not prevent all negative outcomes.
Quantum-resistant public key cryptography (like multivariate encryption) should prevent active access to systems — that is, adversaries won’t be able to control most devices in the moment. This is a good step. It will not, however, necessarily stop an adversary (or really anyone) from reading information “at rest” that was encrypted pre-quantum, using so-called private key encryption.
At this very moment, countries and hackers around the world are hoarding unfathomable amounts of data. While this information might be securely encrypted now, that may not be the case when quantum computing arrives; it’s possible that weak private key encryption (e.g., that uses short keys) could be broken apart by quantum computing. Should this happen, any actor with a powerful quantum computer and a stockpile of data will be able to decrypt everything currently stored “at rest” in a database or hard drive.
Enemy nation-states might not be able to manipulate voting machines or switch off national communication systems, but they’ll still be able to read about everything that underlies those technologies in the first place. Even multinational corporations could employ this tactic, reading virtually all the intellectual property their competitors have on record.
Termed “harvest and decrypt,” this tactic is incredibly dangerous to global security. Imagine: every confidential business document, classified military file, and secretive personal communication will be open to the world, online and readable to all.
So, what do we do?
In a world where all current encryption may be worthless — and any document could become part of a “global WikiLeaks” — crafting a safe and secure future is difficult. There are many difficult strategic and policy questions, in addition to technical ones, that need to be answered. But if we’re going to start somewhere, it has to be recognizing the quantum threat in the first place.
The Author, Justin Sherman, is a student at Duke University double-majoring in Computer Science and Political Science, focused on cybersecurity, cyberwarfare, and cyber governance.