In this week’s episode of the Business of InfoSec Podcast, we chat to Voya Financial CISO and author Raj Badhwar about how quantum computing will transform cryptography as we know it
Quantum theory is arguably one of the most poorly understood concepts in the public understanding of science.
However, much progress has been made since Nobel-prizewinning US theoretical physicist Richard Feynman’s famous quote from The Messenger Lectures at MIT in 1964, especially in the field of quantum computing.
“I think I can safely say that nobody really understands quantum mechanics” Richard Feynman
Quite how soon quantum computing might make a commercial debut is still up for debate. What is clear, however, is that when it does the implications for cybersecurity, and specifically for cryptography, will be revolutionary.
In this week’s episode of the Business of InfoSec Podcast, Voya Financial CISO and author Raj Badhwar argues that cybersecurity professionals should act now to bolster their cryptography systems.
“The IT community and the security community worldwide has to start investing in post-quantum cryptography,” Badhwar says.
Understanding the Nature of the Risk
Quantum computers are unlike conventional computers in almost every way. One important similarity, however, is that they receive input and produce output. And they do it fast. Very fast.
In July of this year, Chinese researchers announced the creation of Zuchongzhi, a 66-cubit quantum computer. Zuchongzhi completed a designated quantum benchmark test in a little over an hour. The fastest conventional supercomputer we have today would take more than eight years to complete the test.
And while cyber attackers may not be using quantum computing yet, cyber defenders have already started to explore post-quantum cryptography.
“The biggest risk that is there from quantum computing to cyber security is the theoretical capability of a quantum computer to breach traditional encryption algorithms,” Badhwar says.
He continues: “[Quantum computing] will raise the risk to an unprecedented level once we have strong quantum computers, but even a semi-powerful quantum computer can pose some risks.”
Exploring Post-Quantum Cryptography
Traditional cryptographic systems will offer little to no protection against the brute force power of quantum computers.
Today, the National Institute of Standards and Technology (NIST) in the US is reviewing finalists as a part of its standardization effort in the field of post-quantum cryptography.
“The industry has to find equivalent quantum-safe algorithms, and we have some very good candidates,” Badhwar says. “Things like lattice-based cryptography or multivariate, cryptography, or hash and code-based cryptography.”
He continues: “As part of the NIST standardization effort, these algorithms are being looked at, and the industry is making sure that these are standardized, and that these are implemented.”
Doing the hard work now is necessary, Badhwar thinks, to prevent the risk of a catastrophic attack should attackers use this technology sooner than expected.
Badhwar concludes: “[Post-quantum cryptographic algorithms] should be made available for the community to start using them so that when we need them in a future state, we have them readily available and we are not scrambling at the last minute.”
Raj Badhwar is the author of two cybersecurity books: The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms, and The CISO’s Transformation: Security Leadership in a High Threat Landscape