Organizations Urged to Act on Quantum Cybersecurity Threat Now

Future quantum computers threaten to break the current cryptography used to keep data safe. In this contributed thought-leadership article, Sam Curry, vice-president and chief information security officer at cloud security company Zscaler, says that Large language models and generative AI could be the key to rebuilding cryptography.

Quantum computing promises to open the door to boundless innovation but also threatens to effectively change and compromise the contents of all public – and much symmetric – key cryptography. Indeed, one of the things that was said about the technology during this year’s WEF conference was that quantum computing could spark a “cybersecurity Armageddon.”

While Armageddon smacks of hyperbole, the warning must be heeded. So how should today’s leaders be getting their businesses quantum-ready in 2024?

Cryptologic Verus Cryptanalysis

When it comes to cryptography, quantum computing could end up being as much of an advantage to businesses as it is a threat – the difference being whether you are talking about the cryptologic or cryptanalysis side.

On the cryptologic side, quantum computing and other quantum technologies offer businesses advantages in terms of random number generation and, to some degree, the sharing of secrets, with some additional tamper-proofing benefits thanks to the properties of quantum entanglement.

Related:Apple Brings Post-Quantum Encryption to iMessage

On that first point, if you ask a computer to choose a number between one and 10, it’s a struggle to make it do so in a way that is truly, or even effectively, random. The number generation function within computers is built on a sampling of the things within the machines themselves or using external services.

This means that they are all either local and deterministic, or remote and not only probably deterministic but also public. In other words, if you knew the state of the machine and its inputs when you asked that question, you would know the random number it gave back or at least have a reasonably small and finite set of numbers to work through. 

Quantum technology has the potential to solve this problem since certain events at large enough scales are effectively non-deterministic. Furthermore, the very act of intercepting and observing transmissions will affect them.

On the cryptanalytic side, quantum computing’s potential impact is far less positive. All public key cryptography to date is based on something that is computationally relatively simple to do in one direction and much more difficult to reverse.

Factoring the product of two large prime numbers has, until now, been challenging, which is what the RSA algorithm of 1977 relied upon. Breakthroughs in quantum computing are, however, dramatically simplifying these problems, and in this example would make factoring a computationally much less intensive and therefore far faster operation.

With quantum computers capable of quickly cycling through prime number combinations, breaking keys to read the messages they hide becomes a matter of determination – an inevitability with the right amount and duration of attack on the cryptosystem.

Using AI to Rebuild Cryptography

If quantum computing broke a business’s cryptography tomorrow, the task that would be involved in having to go through every piece of code, isolate the crypto parts and replace them would be nothing short of Herculean.

Instead, businesses need to do the factoring of their code now so that it becomes a relatively straightforward task to replace vulnerable libraries with new ones that do the same function. Of course, that is far easier to state than it is to do. 

Within any organization, code grows a bit like a coral reef, with different coders adding their own branches over time until no one remembers who wrote what, let alone what it says. Eventually, the tribal wisdom is lost and the code has gained a momentum and life of its own. This is where AI can step in. 

Large language models and generative AI are great at reading and parsing language. And that is all coding is, making these tools ideally suited to tackling and refactoring it. When directed toward old code, AI can, with work, refactor it, analyze it, tell you what the components did, and even assist with modularizing and commenting a new body of functionally equivalent code.

This will allow anybody in the future to read each discrete section of code and immediately understand what it does. In other words, businesses can use AI to gradually modularize and modernize their code, making it more maintainable and reducing their technical debt.

Supporting the Development of Quantum-Resistant Algorithms 

Beyond their walls, businesses and government institutions also have to support industry efforts to find the next set of quantum-resistant algorithms. 

Some of these already exist or are being developed as we speak but they remain either untested or in need of more testing and development. The only way the industry can have confidence in new algorithms is for them to be made public and then hammered rigorously over a sustained period. And this takes a truly cross-border, multi-stakeholder effort. 

Whether acting on their own or with others, I would encourage business leaders to start conversations about their quantum-readiness as soon as possible. This isn’t some future problem – the data that will one day be broken by quantum computing-enabled cryptanalysis is being encrypted right now and kept in storage ready for decryption sometime in the next couple of years.