As the concept and applications of quantum computers transcend into the realm of reality, it is time that the world acknowledges the positive and negative impacts of such devices and technologies. While the potential of quantum computers is still being explored at large, there are specific instances of quantum computers having a massive impact on existing systems and technologies. With the commercial aspects and applications of quantum computing still remaining in their infancy, research using existing quantum computers provides an accurate glimpse into the effects of such devices in the near future.
One such area of definitive impact that quantum computing has remains the field of cybersecurity. While the prospects of quantum technologies provide a more secure and safe environment for the existing ecosystem, it also poses a variety of threats to cyberspace. With the development of defensive quantum capabilities such as quantum key distribution (QKD) techniques, there is a focus on providing security solutions against current and future quantum technology applications. However, this is eclipsed by the immense security risks that quantum computing poses for existing cryptographic systems.
In this quantum age, it is imperative to address the detrimental impact of quantum computing on cybersecurity, especially the ease with which such computers can break any in-use cryptographic models, techniques and protocols. With adversaries like China rapidly gaining and leading the quantum race, especially in the field of computing and communications, there is a need for increased focus on the particular field. India needs to provide more resources and funding for the conceptualisation, standardisation and development of ‘quantum resistant cryptography’ to ramp up its cybersecurity efforts.
Focus on Quantum Resistant Cryptography
Currently, the most commonly used cryptography model (and its different algorithms) remains the asymmetric/public-key encryption model. Public-key encryption uses a pair of keys, one for encrypting data and the other for decrypting it. The message is encoded using a public key, and it is decoded using a private key. Such encryption techniques like the RSA employ algorithms that permit the message to be decrypted by the legitimate holder of the private key. These keys are challenging for traditional computers to crack because information encoded for the recipient’s public key can only be unlocked by his private key.
These encryption techniques will be rendered useless against a modern-day quantum computer. Recent public-key cryptography techniques are predicated on the idea that while classical computers can compute enormous numbers, such as multiplying large prime numbers, they require years of processing to identify the factors of such a massive product. In other words, public-key cryptography is simple to use in one way but difficult to reverse. A professor at MIT, Peter Shor, devised a hypothesis in the 1990s that quantum computers could instantly divide huge numbers (integers) into their primes. This algorithm, known as Shor’s Algorithm, describes the ability of such systems to break down complex encryption techniques in very short time periods.
Although the commercial capability of quantum computers remains out of reach currently, the pace at which technological developments have taken place in recent times showcases the urgency of the situation. While the number of quantum computers (almost all housed at research institutes or tech companies) is in its infancy and mostly used for only research purposes, it is time that ‘post-quantum cryptography’ is paid due diligence considering the cybersecurity (especially offensive attacks on critical ICT infrastructure) vulnerabilities it poses.
US and China Taking the Lead
In light of China’s recent ‘quantum leaps’ and rising cross-border cyberattacks, the US has taken the first steps towards increasing its preparedness for post-quantum cryptography. The National Security Agency (NSA) developed the first set of quantum-resistant encryption algorithms known as the ‘Suite B Quantum-Resistant Cryptography’. The National Institute for Standards and Technology (NIST) has also been engaged in developing a new set of encryption standards and tools to handle quantum computer attacks. Specifically, it has been working on combining four new encryption algorithms to form a new cryptographic standard by the year 2024.
This has not been the only development in the US. In early January 2023, President Biden officially signed the Quantum Computing Cybersecurity Preparedness Act. This was aimed at all federal agencies to prioritise shifting to post-quantum encryption systems in light of future cyber threats from quantum computers. It also highlighted how the Act was devised keeping in mind the national security status of the country, especially in providing better safeguards against future quantum computer cyberattacks. This, coupled with the thriving private sector’s role in providing quantum-resistant security solutions, the US has announced its intent to lead the way in championing post-quantum cryptography.
On the other hand, China has showcased tremendous growth in harnessing both quantum computers’ positive and negative capabilities. Owning some of the fastest quantum computers in the world, Chinese researchers have managed to extract most of the existing quantum computing technology. In December 2022, some Chinese cybersecurity experts published a scientific paper which details the methodology to break the most widely used RSA algorithm using a quantum computer made of 372 qubits.
Most scientists have accepted this theory but have questioned its practicality and scalability of it. But considering the recent development of quantum technology applications, the possibility of this becoming a potential offensive tool in the cyber arsenal soon is very high. This emphasises the need to provide holistic quantum-resistant solutions as soon as possible.
What can India do?
Considering the cyber threats posed by quantum computers, it is critical for India to at least look at post-quantum/quantum-resistant cryptography as a national security priority area in the coming years.
One, India must look to align itself with the existing or the in-development global post-quantum cryptography systems. The US’ NSA quantum-resistant protocols and NIST post-quantum encryption standards can be taken as the current baseline for protection against potential quantum cyber attacks. With cross-border attacks on the rise, India must ensure that globally verified, validated and tested post-quantum encryption techniques are used to protect its own critical ICT infrastructure.
Two, India must invest in the private sector and other startups which have made tangible gains in the field of quantum cybersecurity. Domestic companies like QNu Labs and BosonQ are doing exemplary work in providing cybersecurity solutions for the quantum age. The state must identify such firms, provide the required support (financial and otherwise) to ramp up their operations, and procure scalable solutions that can be implemented nationally.
Three, the recently announced National Mission on Quantum Technologies and Applications (NM-QTA), comprising a total outlay of Rs 8,000 crore, must include post-quantum cybersecurity as a key area of focus. While the funds under the mission have not been disbursed yet (as per the government’s reply on the floor of Parliament), there must be a push by the state to allocate a significant chunk of resources from the National Mission towards developing quantum-resistant cybersecurity solutions through academic or defence research institutions.
Although current-day quantum computers still need to develop targeted offensive capabilities, the threat of quantum cyberattacks remains at large. It is also in India’s interest to remain vigilant and build concrete quantum-resistant capacities. The age of quantum cybersecurity is here, and India cannot afford to be underprepared.
Arjun Gargeyas is an IIC-UChicago Fellow and a Consultant at the Ministry of Electronics and Information Technology (MeitY), Government of India. The views expressed in this article are those of the author and do not represent the stand of this publication.
Read all the Latest Opinions here
Comments
0 comment