Communications of the ACM, April 2019, Vol. 62 No. 4, Page 120
Review articles : “Cyber Security in the Quantum Era”
By Petros Wallden, Elham Kashefi
Cyber security deals with the protection of computer systems from attacks that could compromise the hardware, software or information. These attacks, by allowing unauthorized use, could leak private information and cause damage or disruption. In the future, the part of everyday life and economy requiring computer systems is bound to increase further and become fully dominant. Cyber warfare and cyber crime will be common and the role of cyber security crucial.
Since the computer systems (and attackers) evolve both in hardware and software, the constant evolution of this field is of high importance. Arguably the most dramatic development that one can envision is a change in the paradigm of computational model used. Quantum technologies appear to bring us close to such a change. Here, we explore the research field that lies on the intersection of cyber security and quantum technologies research.
The dawn of the quantum technologies era. One of the major scientific revolutions of the 20th century was the development of quantum theory. From its early days, all the way until the development of the full mathematical formalism and the subsequent development of first wave of applications (for example, transistors, laser, superconductors, among others) quantum theory has been very successful in many different settings being confirmed in unprecedented accuracy (record accuracy of 10−8 for the anomalous magnetic dipole moment). Crucial in this first wave of applications was the new understanding of nature that quantum theory provided. However, the ability to control quantum systems as desired was limited, putting restrictions on the class of technological applications that one could envision.
In recent years this has changed and the control of quantum systems has advanced considerably, while further progress appears very plausible in the near future due to the increased interest and investments as well as the scientific breakthroughs that have already occurred. Many countries all around the globe have launched national quantum technologies programs, varying from millions to billions, including those of Australia, Canada, China, EU, Japan, Netherlands, Russia, Singapore, U.K., U.S. At the same time, major industrial players such as Google, IBM, Microsoft, Intel, Atos, Baidu, Alibaba, Tencent along with numerous smaller and bigger quantum start-ups have initiated labs developing quantum hardware and software. This has led to what is now called “the second quantum revolution,” where the ability to manipulate quantum systems as desired is leading to an era in which a variety of new technologies will appear and, in certain cases, could potentially replace existing solutions.
Arguably, the most important quantum technology will be the development of computation devices that exploit quantum phenomena, which we refer to as quantum computers. Quantum computers are likely to become a disruptive innovation as they can offer considerably greater computational power than their classical counterparts.
Here, we must stress that this is not something that will become relevant in the far future. Impressive quantum technological achievements are already available. To name two recent examples: Google’s latest quantum processor “Bristlecone” has a record of 72 qubits with very low error rates, and is expected to be larger in size than what the best classical supercomputers can simulate. Satellite quantum key distribution has been realized, enabling information theoretic secure encryption over distances of 7600km (intercontinental) and used as basis for a secure teleconference between the Austrian Academy of Sciences and the Chinese Academy of Sciences.
Quantum cyber security. The development of large quantum computers, along with the extra computational power it will bring, could have dire consequences for cyber security. For example, it is known that important problems such as factoring and the discrete log, problems whose presumed hardness ensures the security of many widely used protocols (for example, RSA, DSA, ECDSA), can be solved efficiently (and the cryptosystems broken), if a quantum computer that is sufficiently large, “fault tolerant” and universal, is developed. While this theoretical result has been known since the 1990s, the actual prospect of building such a device has only recently become realistic (in medium term). However, addressing the eminent risk that adversaries equipped with quantum technologies pose is not the only issue in cyber security where quantum technologies are bound to play a role.
Quantum cyber security is the field that studies all aspects affecting the security and privacy of communications and computations caused by the development of quantum technologies.
Quantum technologies may have a negative effect to cyber security, when viewed as a resource for adversaries, but can also have a positive effect, when honest parties use these technologies to their advantage. The research can, broadly speaking, be divided into three categories that depend on who has access to quantum technologies and how developed these technologies are (see Figure 1). In the first category we ensure that currently possible tasks remain secure, while in the other two categories we explore the new possibilities that quantum technologies bring.
About the Authors:
Petros Wallden is Lecturer at the University of Edinburgh, Scotland, U.K.
Elham Kashefi is a professor at the University of Edinburgh, Scotland, U.K. and Sorbonne Université, CNRS, Laboratoire d’Informatique de Paris, France.