In this article, we will explain quantum computing in simple terms, answer five integral questions about the impact of quantum computing on cybersecurity, and outline potential threats emerging from this technology. Furthermore, we will argue why it is time to start taking measures now and share how Zühlke can support organisations in their cybersecurity efforts.

## What is quantum computing?

While classical computers use bits (which are either 0 or 1), quantum computers use quantum bits (qubits), which can have a value of 0, 1, or a combination of both states (the technical term for such a mix is "superposition"). In fact, a qubit's value is based on probabilities — unlike a classical bit, which is always known to be either 0 or 1 — and can remain indeterminate until someone observes it using a measurement.

Another unique phenomenon of qubits is quantum entanglement, where two or more particles become correlated in such a way that the state of one particle cannot be described independently of the state of another, regardless of the distance between them. These unique properties allow quantum computers to perform certain tasks much faster than classical computers.

Large quantum computers are believed to be capable of efficiently breaking asymmetric encryption mechanisms such as RSA or elliptic curve cryptography that are ubiquitously used to secure communication, data, and other assets. These encryption techniques are based on mathematical problems that are believed to be difficult for classical computers to solve but are potentially much easier for quantum computers.

### Key takeaways about quantum computing

- Quantum computers affect the security of today's cryptographic mechanisms. In theory, they will be able to break asymmetric cryptographic algorithms that are currently in use. In practice, there are still significant engineering challenges that researchers must overcome before quantum computers are able to break cryptography in impactful ways.
- Post-quantum cryptography (PQC) addresses the threat of quantum computer-based attacks. It is being developed and standardised by NIST. The first round of the standardisation process is expected to be completed by 2024. Despite this, organisations should already start adapting to the new cybersecurity paradigm. For example, by taking an inventory of cryptographic assets and specific actions such as increasing the key size for symmetric keys (for instance to 256-bit keys for AES).
- It is time for organisations to act and begin planning for the transition to post-quantum cryptography. In this article, we present a roadmap to help assess the potential risks and impact of quantum computing on your security infrastructure by considering factors such as data lifespan, sensitivity and exposure to public networks, and the availability of post-quantum algorithms that meet your organisation’s security requirements.

## Why is quantum computing a threat to traditional cryptographic systems?

Traditional asymmetric cryptographic systems rely on mathematical problems that are difficult to solve on classical computers. For example, in the popular RSA public-key system, the public key is a product N=p*q of two large secret prime numbers p and q. The security of RSA critically relies on the difficulty of finding the factors p, q of N. The fastest known algorithm on a classical computer needs O(2^{∛}^{n}) operations to factor the product N that consists of n bits. Thus, the runtime of the classical algorithm that receives N as input and returns the two factors p and q as output is exponential in the number of bits n.

Using a combination of classical and quantum computing, these problems can be solved in polynomial time using Shor's algorithm. Thus, reducing the time to break current asymmetric cryptographic schemes by many orders of magnitude. However, the applicability of algorithms such as Shor’s is currently limited by the practical difficulties of building and operating large-scale quantum computers. Nevertheless, assuming the existence of a sufficiently fault-tolerant quantum computer, frequently used asymmetric cryptographic mechanisms such as RSA and DH must be considered broken.

Symmetric encryption algorithms (such as AES) and hashing algorithms (such as SHA256) are not affected by Shor’s algorithm. However, the security of these schemes is also weakened by quantum computers. Grover's algorithm is a quantum algorithm that can be used to search an unsorted database or to find the solution to an unstructured search problem. It provides a quadratic speedup compared to classical algorithms, making it useful for brute-force attacks on symmetric cryptography.

## How far along is the development of quantum computers?

**When will a quantum computer be able to efficiently break RSA-2048 keys?**

Companies such as IBM, Google, or D-Wave are duelling with each other to announce the largest quantum computers. Currently, it is expected that in 2023, a universal quantum computer with more than 1,000 qubits will be announced.

Despite these recent advances, quantum computing is believed to still be in the early stages of development. Plus, today’s quantum hardware is still short on qubits, limiting its usefulness for computing. Quantum states necessary for quantum computation are infamously fragile, being susceptible to heat and other disturbances, which makes scaling up the number of qubits a huge engineering challenge. Furthermore, there are other factors such as the stability of a qubit that need to be taken into consideration. For example, to factor an RSA-2048 number, no less than 4999 perfect qubits are required. But current qubits are unstable and therefore are only useable for a short amount of time. To account for this, additional qubits can be used to perform error corrections. Consequently, researchers estimate, it takes around 20 million noisy qubits to factor an RSA-2048 key. In general, it is expected that fault-tolerant attacks on cryptography require billions of operations on millions of qubits.

## What countermeasures are taken to protect against the emerging threat of quantum computing-based attacks?

To address the threat of quantum computer-based attacks on cryptography, researchers are developing new encryption techniques that are difficult for both classical and quantum computers to solve, commonly referred to as post-quantum cryptography (PQC). These include techniques such as lattice-based cryptography, hash-based cryptography, and code-based cryptography.

The US National Institute for Standardization and Technology (NIST) has been leading a process to develop and vet a set of quantum-safe cryptographic algorithms. This process began in 2016 and led to four winning algorithms being picked in July 2022. The first standardisation round of these algorithms is expected to be completed by 2024.

In the meantime, companies such as Google and Cloudflare started to test the selected algorithms in practice by using them as ciphers in TLS. This is important because PQC algorithms use much larger public keys and signatures than classical algorithms, which will have an impact on the duration of the TLS handshake. These experiments provide insight into the readiness of cryptographic protocols for PQC.

## Why do I need to act now if quantum computers for breaking current encryption techniques don’t exist yet?

Although quantum computing technology is not yet fully established, today's data is still vulnerable to attacks by quantum computers. This is because the useful lifespan of the data may be longer than the time required to develop a universal quantum computer that can break current encryption methods. This type of attack is often referred to as "harvest now, decrypt later" attacks, where an attacker collects encrypted information now in the hope that quantum computers will be able to break that encryption in the future. To assess the risks and possible impact of such attacks, your organisation should be able to answer the following questions:

- Which systems use cryptography?
- Can your organisation compile an inventory of the cryptography used in those systems (type, key material, purpose)?
- Which systems and data are exposed to the Internet?
- Where is the data kept for long periods of time?
- What is the business impact if such encrypted information is cracked in the next 10 years?

## What measures should I take to future-proof my organisation against the threat of quantum computing?

**In which cases do we need to use post-quantum cryptography to achieve long-term secrecy?**

The transition to post-quantum cryptography is a complex process that will require time, resources, and careful planning. Therefore, it is essential for organisations to act now by preparing for this transition. Below, we created a roadmap (inspired by the Infographic by DHS) that should guide you from the current corporate cybersecurity ecosystem to a quantum-resilient one and help ensure the continued security of critical data. The roadmap consists of the following steps:

**Assess the organisation’s current cryptographic footprint**by compiling an inventory of critical data (including its lifecycle!) and cryptographic technologies used within the organisation. The goal is to identify systems that use public-key cryptography or short-key symmetric cryptography. Typically, these systems include:- Data exchange over public networks. This includes communication between data centres, web browsing, or data exchange between local premises and cloud infrastructure.
- Public key infrastructures (PKI), which still mostly use RSA-based signing keys and certificates.
- Cryptography-related hardware such as hardware security modules (HSMs), crypto co-processors, and hardware-accelerators for cryptographic protocols (e.g., for IPsec).
- Virtual private networks (VPNs) that encrypt data and route it through remote servers by establishing virtual tunnels.
- Software distribution that uses signatures to verify the origin and integrity of the distributed update. This should also consider hashes of git commits and signed commits to git repositories.
- Secure email based on protocols such as PGP and S/MIME that use asymmetric cryptography to ensure the confidentiality and integrity of the emails.
- Blockchain technology that uses signatures to sign transactions and hashes to link its blocks. Blockchain nodes exposed to the Internet must be considered vulnerable to quantum computing-based attacks.

**Assess the organisation’s quantum risk**by checking the exposure and lifetime of the cryptographic assets aggregated in the previous step. This information will help assess current operational risks and provide the required information for the next step.**Prioritise systems for replacement.**The prioritisation of systems is highly specific for each organisation but should be conducted based on the following factors:- High value asset: Is the system a high value asset based on the organisational requirements?
- Type of data: What kind of data is the system protecting? Examples for critical data are key stores, public-key infrastructures (root keys, signing keys), personally identifiable information, sensitive data, and authentication/authorisation mechanisms (passwords, tokens, client certificates).
- Data lifetime: How long does the data need to be protected?
- Communication: What other systems does the system communicate with? Is the communication occurring via a public network such as the Internet?
- Information sharing: To what extent does the system share information with other entities (potentially outside of your organisation)?
- Critical infrastructure: Does the system support critical infrastructure such as the power sector, the military sector, or the healthcare sector?

**Invest in cryptographic agility.**Cultivate the ability to seamlessly adapt and transition between different cryptographic algorithms and protocols to prepare for the transition to PQC algorithms. This transformation could include pilot projects to test and evaluate post-quantum cryptographic algorithms in real-world scenarios. This will help your organisation to assess the performance, compatibility, and interoperability of these algorithms within your existing systems and infrastructure.

In addition, this investment could include the implementation of hybrid cryptographic solutions that combine traditional cryptographic algorithms with post-quantum algorithms. This approach can provide a transitional period during which both types of algorithms are supported, ensuring backward compatibility while gradually phasing out the vulnerable algorithms.

In summary, organisations should develop a plan for the transition of vulnerable systems to the use of PQC algorithms based on their inventory of cryptographic assets, prioritisation information, and experience from pilot projects.

## What Zühlke can do for your organisation

Zühlke’s service offerings focus on building next-generation sustainable security solutions, taking into account the evolving threat landscape posed by quantum computing in current and future projects. With our expertise in applied cryptography, we can assist your organisation by conducting an in-depth assessment of your cryptographic assets, creating cryptographic inventories, and evaluating their exposure and importance in terms of criticality of replacement.

In addition, our experts can guide customers in achieving cryptographic agility by leading pilot projects that test the use of post-quantum cryptography in the context of your organisation, ensuring their viability and compatibility. Finally, we can work with your organisation to develop a comprehensive transition plan that outlines the steps required to adopt PQC, ensuring a seamless and secure migration to the next generation of cryptographic solutions.

### Dr. Raphael Reischuk

Raphael Reischuk is the author of numerous scientific publications in various areas of IT security and cryptography, many of which have received awards. BILANZ and Handelszeitung listed him among the Top 100 Digital Shapers in Switzerland in 2021.

Reischuk is a member of multiple international programme committees for IT security and Vice-President of the Cybersecurity Committee at digitalswitzerland. He is also the co-founder and a board member of the National Test Institute for Cybersecurity (NTC).

In 2017, he joined Zühlke, where he channels the expertise he has gained in various industries into his role as Group Head Cybersecurity & Partner. As an experienced IT security expert, he is driven by curiosity, innovation, technology, a sense of commitment and a strong business ethos.