Overview
What it is: Quantum Hacking refers to the potential use of quantum computers for malicious purposes. Currently, multiple actors are competing in the race to develop quantum computing technology. It’s hypothetical but highly plausible that the power of quantum computing could render modern cryptography obsolete, creating an unparalleled crisis in internet security.
What it does: Quantum Hacking breaks modern cryptographic protocols which protect information with a private key—a number that’s required to decrypt encrypted data. These protocols are currently effective because it’s mathematically difficult to figure out a private key with a “brute force” calculation. However, quantum computing offers new computational models that could circumvent that barrier.
Why it matters: An effective quantum hacking algorithm could create the need for a complete overhaul of existing Internet security practices and tools. Any and all data could become compromised if the challenge of quantum hacking is not addressed. Currently, new security technology that takes advantage of quantum computing is being developed, but, like quantum hacking itself, it is still in a theoretical stage.
What to do about it: Currently, no action is required. However, security technology is often slow to catch up to the activity of malicious actors. It might be worth considering how data can be protected if encryption is no longer an option, and the impact on personal privacy etc. Though post-quantum encryption is being developed, it’s unclear when it will become viable, or how smoothly it will be adopted. Thus, it’s advisable to stay apprised of the evolving quantum threat.
How Does Quantum Hacking Work?
The technology that keeps your data safe is called “public key cryptography,” and scrambles data by plugging one number into an encryption algorithm, which then descrambles it when another number is introduced. The former number is the “public key,” and the latter is the “private key,” because the former is sent along with the data, and the latter is privately held by the rightful recipient. Since these numbers are mathematically related, it’s theoretically possible to break these protocols by calculating the private key based on the public key, but it’s a complicated process that would take an astronomically long time with today’s computers, which makes it infeasible for hackers.
However, quantum computing, with its immense mathematical potential and non-linear computing approach, could change that.
Who Is Developing Protection?
Multiple actors are working on the problems of quantum security across academia, the private sector, and governments around the world. Notably, China has made a disproportionate investment in quantum security. This could lead to a possible scenario in which Chinese-sponsored companies are the only ones with access to tools that prevent quantum hacking.
Will it Impact You?
Quantum hacking could have a severe impact, depending on how quickly developing security technology can intercept the threat it poses. One complicating factor is the historical slowness of enterprise to adopt new security systems. Even if quantum hacking is defeated, there could be a lag period, possibly 10-15 years, wherein large portions of the world’s data remain unnecessarily insecure.
Is It All Hype?
It’s easy to dismiss worries about quantum hacking as paranoid speculation. However, as noted above, quantum hacking would exploit a real, known weakness of current encryption algorithms. In the face of quantum hacking, encryption might still be an option for short-term data protection, e.g. data in motion between user and server. Organizations may once again have to enforce ‘air gaps’ on protected data; perhaps different protection models will be needed in which encryption keys are no longer the only approach (e.g. data separation plus keys, or use of mechanisms which cannot be quantum-broken.) So, while quantum hacking technology hasn’t yet emerged, it’s far from theoretical flight of fancy, as evidenced by the worldwide efforts to develop post-quantum security.