Digital Media Concepts/Quantum Computing and Information Security

SecurityQuantum computing is an emerging field that has the potential to disrupt many areas of technology. It also presents a serious threat to all forms of information security systems. This page will describe how quantum computers can undermine the security of information and actions being taken to minimize/mitigate those threats. The Threats Quantum Computers Pose to Information SecurityCurrent encryption techniques rely on mathematical problems that cannot be solved in any reasonable extraordinary amount of time by classical (non-quantum) computers. Quantum computers are capable of conducting specific computations that are exponentially [faster than traditional computers and will directly undermine public key cryptography. Some of the main risks include:

Under mining the security of public key encryptographic methods Most secure communications today are based on public key cryptographic (PKC) algorithms such as the following: RSA (Rivest-Shamir-Adleman)Elliptic Curve Cryptography (ECC)Diffie-Hellman Key ExchangeThese PKC systems maintain security because they are based on either the difficultly in - factoring a large product of two prime numbers to recover the original numbers (RSA) or the difficulty in solving the discrete logarithm problem (Diffie-Hellman, ECC). In other words public key cryptography relies on a problem that a classical (non-quantum) computer cannot solve in an unreasonable amount of time. Shor's algorithm demonstrates that it is possible for a practical quantum computer to solve either of these problems efficiently, meaning that PKC algorithms based on these methods will become irrelevant once a large-scale quantum computer is practical.

Weaknesses Induced in Symmetric Encryption While symmetric encryption approaches (i.e., AES - Advanced Encryption Standard) have some known resistance to quantum-based attacks, relative to public key cryptography; it should be remembered that Grover’s algorithm used in quantum computers allows an attacker to attack symmetric encryption systems in a way that, in effect, only cuts the strength of the encryption technique in half (in other words, only half the strength against a quantum-based attack). A simple hypothetical example would be:AES-256 would only be providing the same security as AES-128 against a quantum-based attack.This may effectively require the organization to double the length of their encryption keys to maintain an equivalent symmetric encryption security level.

Breaking of Digital Signatures Digital signatures are important for establishing identities on the internet, securing transactions, and authenticating software. Breaking the cryptographic algorithms for digital signatures can lead to a number of broad consequences:Unauthorized modification of software.Identity theft. Monetizing the vulnerability of the blockchain.

"Harvest Now, Decrypt Later" Attacks Although effective quantum computers are not available just yet, an attacker can still intercept and store encrypted communications today to decrypt when a quantum computer is available. So, if viable quantum computers become attainable, secrets that were previously considered safe for long-term confidentiality may be compromised.Weakening Password Hashing AlgorithmsMany systems rely upon storing passwords as cryptographic hashes (e.g., SHA-256 or bcrypt). Quantum computers may weaken hashed passwords from stolen databases, significantly reducing the effort required for password cracking attempts.

In response to potential risks from quantum computing, researchers have been focused on post-quantum cryptography (PQC) – encryption mechanisms that will be secure against quantum attacks. For example, there are Lattice-based cryptography (which relies on hard problems in high-dimensional lattice);Code based cryptography (which relies on error-correcting codes);Multivariate-quadratic cryptography (which relies on systems of multivariate polynomial equations). For their part, organizations such as the National Institute of Standards and Technology have also expanded their efforts to help facilitate a process of standardizing new encryption mechanisms for security going forward.  In conclusion, quantum computing represents a serious challenge to the current system of cryptographic security. The broad extent will not be realized for years to come. It is prudent to take active steps, including ways to phase in and implement post-quantum cryptography, or increase the length of encryption keys, to safeguard information that is sensitive.

“Quantum Cryptography - Shor’s Algorithm Explained.” RSS, Classiq Technologies, 19 July 2022, www.classiq.io/insights/shors-algorithm-explained.

“Grover’s Algorithm.” Grover’s Algorithm | IBM Quantum Learning, learning.quantum.ibm.com/course/fundamentals-of-quantum-algorithms/grovers-algorithm. Accessed 6 Apr. 2025.

“Harvest Now, Decrypt Later: A New Form of Attack.” Keyfactor, 26 Nov. 2024, www.keyfactor.com/blog/harvest-now-decrypt-later-a-new-form-of-attack/.

Computer Security Division, Information Technology Laboratory. “Post-Quantum Cryptography: CSRC.” CSRC, csrc.nist.gov/projects/post-quantum-cryptography. Accessed 6 Apr. 2025.

“What Is Quantum Computing’s Threat to Cybersecurity?” Palo Alto Networks, www.paloaltonetworks.com/cyberpedia/what-is-quantum-computings-threat-to-cybersecurity#:~:text=According%20to%20the%20Global%20Risk,old%20encryption%20methods%20potentially%20ineffective. Accessed 6 Apr. 2025.