By Nikhil Malhotra, Global head- Makers Lab at Tech Mahindra
Much has been written about the promise of quantum computing and its implications across industries. Far surpassing the limits of conventional computing’s binary calculations, quantum enables computing of enormous, unstructured data sets, at vastly faster speeds than what is currently possible. Quantum offers seemingly limitless potential applications – hyper-accelerated drug discovery, exponentially better battery efficiency, ever smarter AI solutions, and infinitely more.
However, it’s imperative not to overlook the accompanying challenges, not the least of which is the very real risk of hacks once quantum computing becomes mainstream. In fact, encrypted data can be harvested today through external breaches and be held until it can be decrypted it in the future using a quantum computer. Business, technology, and information security professionals contemplating quantum supremacy must take steps now to prepare.
While advanced cryptography standards for quantum are in development, adoption will be complex, expensive, and time-consuming. With these standards not expected until 2024, there are five key approaches businesses should tap today to protect themselves from possible quantum vulnerabilities and attacks.
- Review attack vectors
Companies must consider several different attack vectors: points of vulnerability that could be exploited to gain access to enterprise resources. Whether common phishing scams and Trojans or more sophisticated DDoS or web-based hacks, determining how to prevent and recover is key.
Undertaking comprehensive and frequent assessment of potential attack vectors and implementing preventative measures is imperative for identifying likely vulnerabilities and implementing systems and processes to guard the security of quantum infrastructure.
- Assess hardware- and application-level algorithms
Best-in-class organizations understand the importance of reviewing algorithms applied at the hardware level and the application level to ascertain whether they are quantum safe. If vulnerabilities are identified, such as those associated with elliptic and curve cryptography, changes must be made.
There are some algorithms that are inherently quantum insecure, including any cryptosystem which is built on top of mathematical complexities and integer factoring and discrete logarithms, such as RSA, DSA, DH, ECDH, and ECDSA. This is because quantum computing enables exponentially faster computation, which has the potential to break these factoring complexities.
Let us explore an example to illustrate how a public-private key encryption works. If our task is to find A and B in an equation, A x B = 48, the solution is quite simple, with choices including A=6, B=8 or A=12, B=4. Now let us imagine the 48 is a 2056-bit string instead, and the task is to find A and B. This is a non- deterministic polynomial hard (NP hard) problem, where standard computer factorization of a large number may take billions of years. This is how an RSA algorithm, in which a public-private key mechanism is inherent, works today. Quantum computing, however, enables factoring at an exponential speed, which can potentially break this algorithm.
- Harden current infrastructure
Hardening enterprise infrastructure is key to eliminating – or at least minimizing – the risk of a quantum hack. Ensuring servers and other IT assets are hardened against attacks may take multiple forms. One option to consider is having a reverse proxy, ensuring that the user cannot see the internal URLs of the asset being sent over the wire.
The use of quantum-safe cryptography offers the highest level of security. For those without the internal expertise to implement such an approach, partnering with a highly experienced solution provider is often the best approach.
- Educate IT staff
Making sure internal IT teams are well-prepared to prevent, detect and respond to quantum-supremacy threats should be top of mind for all enterprise leaders. Identifying or creating educational opportunities is critical to develop the quantum savvy of internal resources
For many IT professionals, however seasoned, quantum remains an unknown that lingers somewhere in the future. However, quantum is here today, and its applications will only grow. The lexicon, the technology and the value proposition of quantum computing must be understood and embraced, with IT teams at the vanguard of the enterprise. There is no shortage of books, podcasts and courses on quantum – such as Qiskit and QuantuC to name a few. Quantum Computation and Quantum Information by Michael A. Nielson and Isaac I. Chuang is also an interesting read on this subject.
- Choose the right partner
It is crucial to choose the right solutions provider to help with the design, implementation, and management of any business-critical IT system. The stakes are much higher given the cost, security risks, and enterprise-wide implications of quantum-first solutions. It is imperative to strengthen partner evaluation criteria to ensure that products, processes, and protocols are quantum-safe. Businesses must evaluate potential vendors and consultants to verify that they not only understand but also have proven expertise in quantum-level cryptography.
The quantum future is upon us. Now is the time to prepare.
Nikhil Malhotra is the Global Head of Maker’s lab, R&D (Research & Development) arm, and a unique Thin-Q-Bator space at Tech Mahindra. With over 21 years of experience, Nikhil leads the growth of Artificial Intelligence, Robotics, Quantum Computing, and Neuroscience research within Tech Mahindra.
The current bets he has undertaken include quantum and its impact on enabling better cancer drugs, GANs, and their application for languages, and space tech. He believes in the limitlessness of human curiosity where man and machine collaborate to create future innovations. He is very passionate about facilitating machines to communicate in the local Indian dialect. There are 1645 dialects in India and 26 mother tongues. Nikhil is currently researching about how Sanskrit, an ancient Indian language could sow the seed for the next computer revolution.
Prior to joining Tech Mahindra, Nikhil has worked with AT&T, Batelco, and IBM. He is a TEDx speaker and a World Economic Forum AI Fellow working on responsible AI and Quantum ethics. He has also won numerous awards including the 2020 and 2021 Innovation Congress award for the most innovative leader in India.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.