Quantum computing, the use of quantum phenomena such as superposition and entanglement to perform computation, is expected to impact many sectors, including healthcare, energy, finance, entertainment, and security.
Before this large-scale impact is achieved, several challenges need to be overcome, and security leaders should start preparing for this change, says Sergey Strakhov, Chief Technology Officer at IronCAP. Here, we talk to Strakhov about the impact quantum computing will have on security and the potential risks it poses.
Security magazine: What is your title and background?
Strakhov: I am the CTO and Software Architect at IronCAP with nearly 30 years of experience in North American and European projects involving cryptography, communications, embedded systems and kernel hacking.
Security magazine: Can you discuss the impact of quantum computing?
Strakhov: This is something that is going to change the ways of the entire humanity. The big data problems, which are hard or impossible to solve with conventional computing due to a huge number of variables, are going to be addressed with quantum computing. This is a very powerful tool that will help to understand the Universe, the Earth, the life - including the extra-terrestrial, and so on. Think of precise long-term weather forecasts - being a function of too many variables, this task in unachievable with any contemporary supercomputer, while the quantum computers may provide much better results. Or, the big data generated by the SETI program - there might be signs of an extra-terrestrial life there, which we just cannot detect because of our data processing weaknesses. And of course, it will affect the industry.
Security magazine: What are some of the potential risks quantum computing poses to today’s cybersecurity and encryption methods?
Strakhov: Quantum computers will have enough power to break the conventionally used public key cryptography, in particular – key exchange protocols and digital signatures. It will affect strength of some algorithms and stream ciphers, making them obsolete. All this can severely impact security of the existing data communication and storage systems by providing ways of unauthorized decrypting the encrypted data or forging digital identities.
Security magazine: What are some of the solutions to these challenges?
Strakhov: We have to start enabling our software with immunity to quantum attacks. As a part of the plan, we need to introduce quantum-safe public key crypto systems into the currently used software by either replacing the quantum-unsafe RSA and ECC or building hybrid solutions where the old and the new cryptography will co-exist for the transition time.
Security magazine: What should enterprise security leaders be aware of, and what steps should they take to be prepared for these challenges?
Strakhov: Here are some steps leaders can take:
- Get yourself informed about the progress in this field.
- Read online papers of NIST.
- Participate in conferences and meetups on the subject.
- Start building action plans for bringing quantum-safe crypto stacks into the business logic.
- Work together with solution providers to achieve quantum-safety by the "Q-day", which is coming.