Speaking at an Intelligence and National Security Alliance event this March, US National Security Agency Director, Gil Herrera warned that the advancement in quantum computing presents a mounting threat. In case of a significant breakthrough in quantum computing by US adversaries, US economy and other sectors including defense could become vulnerable. He also hinted at HNDL (Harvest Now Decrypt Later) attacks which denotes the campaign under which data is being collected through offensive measures in the hopes that it will become vulnerable to decryption and hence, malicious use in future.
The concerns over “harvest now, decrypt later” have already triggered the Biden Administration to take notice. On May 4th, 2022, the White House released an executive order as well as a memo to ensure that America was on top of quantum competition and would not become vulnerable to quantum threat. Reportedly, National Institute of Standards and Technology, United States is all set to release three new post-quantum encryption standards for the organizations worldwide as breakthroughs towards stable quantum computing are gaining momentum.
Quantum computing is like upgrading from a horse-drawn carriage to a supersonic jet in the world of computing. Think of traditional computers, which have been the bone of modern digital economy till now, as a bulb which can be either on or off. This allows the bits, the computational unit used in these computers, one possibility at a time. But the quantum bits or the qubits, exhibit the possibility of coming up with the values of 0 and 1 and all the probabilities in between. This potentiality to be found to exist in multiple states/ configurations at any given time is called superposition. Precisely this allows these devices to process information at breakneck speeds. Apart from superposition, qubits can also “entangle”, meaning the state of one qubit (On, off, both or something in between) can affect the state of another. It adds another level of complexity to the quantum processing and hence allows the processing power to exponentially increase with the addition of each qubit unlike in classical computers where adding bits causes only linear increase in power. The analogy of a vast maze aptly underpins the contrasting modes of computing. To find a way out of the maze, while the classical computer will entertain each possible path one at a time, the quantum processor can entertain every conceivable path at once and can come up with the correct answer instantly. This leap forward not only enables us to compute existing problems insurmountable for classic computers, but also to explore new possibilities of application as we go. That’s why quantum computing holds the key to unlocking challenges that are currently insuperable, from developing new medicines to cracking codes that keep our digital world secure.
While Quantum computing possibly holds the potential to revolutionize problem exploring and solving capabilities of mankind, it has its fair share of caveats. The one that has caught the attention of national security apparatus all over the word is the question of safety of encryption standards. As quantum computing sees progress in essential developmental parameters, the consensus appears to hold that pre-quantum encryption standards based on traditional algorithms are vulnerable to brute force quantum attacks. The shocking realization was brought home to cryptographic community when this theoretical threat was materialized through a study in China. In December 2022, Chinese researchers were able to break 48-bit RSA encryption (which is based on difficulty of factoring very large prime numbers) with a 10-qubit quantum processor using a new universal quantum algorithm instead of previously used Shor’s algorithm. According to their estimates, the popularly used 2048-bit key RSA internet encryption protocol can be decrypted using a quantum computer with only 372 qubits with a depth of few thousand of quantum gates executed in parallel, employing their proposed algorithm. Quantum gates are the operations that tell a quantum computer how to process information by changing the state of qubits. The same feat was previously considered to have needed millions of physical qubits. It is mind boggling since the IBM development roadmap shows such a capability is only a few years away, making what seemed like a distant threat, imminent. However this theoretical claim has met with hefty skepticism and should be taken with a grain of salt. Another review study also found that the cryptographic algorithms based on large prime numbers could be compromised by using quantum computing algorithms like Shor’s algorithm.
As the threat becomes more and more real with nations racing to develop a large enough stable quantum computer, such a potential vulnerability has very serious implications. Encryption is the process of altering the data carefully by using a particular key which makes it unreadable and random to everyone else but the receiver who holds the key to decrypt it and bring it back to the original form. While cryptography has been used since ancient times across different civilizations, the primary protection stemmed from the physical security of secrets. In the internet age, encryption is fundamental more than ever for securing messages and transactions for a wide range of confidential activities. As quantum computing has shown the promise of cracking encryption open without a key, its real-world implications amount to undermining of internet-based messaging and transaction protocols which would mean evaporation of trust on a global scale and ramifications for international markets, destabilization of states and compromised individual privacy.
The magnitude of threat cannot be overstated; however, solutions are being developed. The scare has led to the development efforts of post-quantum cryptography. Apart from some encryption algorithms such as lattice-based ones that have been found to be quantum decryption resistant, three new post-quantum algorithms are scheduled to be introduced by NIST in 2024. World’s leading technology giants have started the implementation process as well. Apple is rolling out new quantum resistant encryption algorithm PQ3 for iMessage to prevent HNDL attacks this year. Not too far behind are other Corporations such as Google and Microsoft in developing and implementing these solutions.
Despite the fact that fast progress in quantum computing has taken the technology and data security community by storm due to concerns stated above, the scant amount of attention towards the subject in Pakistan is appalling. Recently, critical infrastructure including but not limited to National Institutional Facilitation Technologies (NIFT), Federal Board of Revenue (FBR), NADRA, National Bank of Pakistan, K-Electric, and Bank Islami have faced cyber-attacks and data theft, yet the account of state of literature on the specific issue of encryption in Pakistan presents a tattered image of understanding and awareness of the highly fast paced arena. Despite these breaches, the discourse on the subject remains fragmented and outdated. The latest “Pakistan Security Standard For Cryptographic & Information Technology Security Devices” report released by National Telecom & Information Technology Security Board even fails to mention post-quantum encryption. At this critical juncture, the lack of adequate policy measures, regulatory mechanisms and resource allocation combined with such knowledge chasm could prove a ticking bomb.
Considering all this, adapting to the leap in computing power is an existential necessity that needs addressing through immediate concerted action of policy makers, technology community and citizens alike. It is crucial that we, as a nation, realize the seriousness of situation and generate political will for mobilization of the resources to fortify our digital infrastructure. Clearly, the time for public-private collaborative efforts to focus on data safety is now, to shield Pakistan from a potential national security breakdown. The imperative for swift action is clear, and the response to this call will determine the resilience of our nation’s future in the face of quantum threats. As we stand at this pivotal moment, the question is not if, but how swiftly we can adapt to the quantum era.
Bibliography
Blog – iMessage with PQ3: The new state of the art in quantum-secure messaging at scale – Apple Security Research. ‘Blog – iMessage with PQ3: The New State of the Art in Quantum-Secure Messaging at Scale – Apple Security Research’. Accessed 8 April 2024. https://security.apple.com/blog/imessage-pq3/.
Companies, Countries Battle to Develop Quantum Computers | 60 Minutes, 2023. https://www.youtube.com/watch?v=K4ssT6Dzmnw.
Deloitte. ‘Quantum Computing: Companies Aware of Benefits Also See Risks’. WSJ. Accessed 31 March 2024. https://deloitte.wsj.com/riskandcompliance/quantum-computing-companies-aware-of-benefits-also-see-risks-01665687625.
Feldman, Andrey. ‘Breakthrough in Quantum Computing with Stable Room Temperature Qubits’. Advanced Science News, 19 January 2024. https://www.advancedsciencenews.com/breakthrough-in-quantum-computing-with-stable-room-temperature-qubits/.
GitHub. ‘Picnic/Spec/Design-v1.0.Pdf at Master · Microsoft/Picnic’. Accessed 9 April 2024. https://github.com/microsoft/Picnic/blob/master/spec/design-v1.0.pdf.
Google Online Security Blog. ‘Toward Quantum Resilient Security Keys’. Accessed 9 April 2024. https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html.
House, The White. ‘Executive Order on Enhancing the National Quantum Initiative Advisory Committee’. The White House, 4 May 2022. https://www.whitehouse.gov/briefing-room/presidential-actions/2022/05/04/executive-order-on-enhancing-the-national-quantum-initiative-advisory-committee/.
‘National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems’. The White House, 4 May 2022. https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/.
How Does a Quantum Computer Work?, 2013. https://www.youtube.com/watch?v=g_IaVepNDT4.
https://www.washingtontimes.com, The Washington Times, and Ryan Lovelace. ‘NSA Fears Quantum Computing Surprise: “If This Black Swan Event Happens, Then We’Re Really Screwed”’. The Washington Times. Accessed 31 March 2024.
https://www.washingtontimes.com/news/2024/mar/25/nsa-fears-quantum-surprise-if-this-black-swan-even/.
‘IBM Quantum Computing | Technology’. Accessed 9 April 2024. https://www.ibm.com/quantum/technology#roadmap.
Khodaiemehr, Hassan. ‘Navigating the Quantum Computing Threat Landscape for Blockchains: A Comprehensive Survey’, n.d.
markets.businessinsider.com. ‘Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations Consider Implications of Quantum Computing’. Accessed 31 March 2024. https://markets.businessinsider.com/news/stocks/harvest-now-decrypt-later-attacks-pose-a-security-concern-as-organizations-consider-implications-of-quantum-computing-1031753928.
‘NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers’. NIST, 24 August 2023. https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-attack-quantum-computers.
‘Public – PSS Crypto GuideBook.Pdf’. Accessed 8 April 2024. https://moitt.gov.pk/SiteImage/Downloads/Public%20-%20PSS%20Crypto%20GuideBook.pdf#page=3.10.
Quantum Computers, Explained with MKBHD, 2023. https://www.youtube.com/watch?v=e3fz3dqhN44.
The Express Tribune. ‘Cybersecurity Breach at NIFT Puts National Security at Risk’, 22 June 2023. https://tribune.com.pk/story/2423250/cybersecurity-breach-at-nift-puts-national-security-at-risk.
‘Will Quantum Computers Break RSA Encryption in 2023?’, 9 January 2023. https://www.kaspersky.com/blog/quantum-computers-and-rsa-2023/46733/.
Yan, Bao, Ziqi Tan, Shijie Wei, Haocong Jiang, Weilong Wang, Hong Wang, Lan Luo, et al. ‘Factoring Integers with Sublinear Resources on a Superconducting Quantum Processor’. arXiv, 23 December 2022. https://doi.org/10.48550/arXiv.2212.12372.
Najam Ul Hassan Naqvi
Najam Ul Hassan Naqvi is an International Relations Researcher affiliated with National Defence University, Islamabad. He can be reached at najamulhassan.ir@gmail.com
