Quantum computing is a new paradigm different from classical computing based on the use of quantum bits (qubits), which would allow the development of new algorithms. One of the possible applications of this new paradigm that has caught the attention of web application security experts is quantum cryptography.
Right now, quantum cryptography represents advantages and threats to cryptography as we know it. The main risk is that the current encryption could easily be compromised with a machine that uses quantum cryptography. On the other hand, the promise of secure communication channels for key distribution persists, which could eventually help consolidate a completely secure and invulnerable encryption system.
Almost any encryption system relies on the use of keys (long strings of random numeric characters used to encrypt/decrypt data). Current encryption packets are crafted using keys that can be symmetric or asymmetric, sometimes an asymmetric key is used that transfers a shared symmetric key to perform actual data encryption.
According to web application security experts, a quantum computer would compromise both key encryption methods. Thanks to the quantum algorithm known as “Grover’s algorithm”, a quantum computer could cut a symmetric key in half to reduce the amount of time required to break with encryption.
For asymmetric key systems (such as PKI), they use mathematically generated public/private key pairs. In the case of RSA algorithms, these mathematics are highly complex, but experts mention that it is possible to break this encryption by factoring a very large number into its two prime number factors; this is a virtually impossible task for today’s computers if use a key with enough bits, however, using Shor’s quantum algorithm finding these factors is a task that takes a few minutes.
Currently, when talking about quantum computing, web application security specialists are likely to refer to quantum key distribution (QKD). Actually, this is not a key encryption method, but it ensures that keys are distributed securely among users, which could eventually be used for encrypted communication.
Although QKD’s implementation has not yet become widespread, its commercial use in Europe and the United States has been in place for nearly a decade for interbank communications, electoral systems, among others.
According to specialists from the International Cyber Security Institute (IICS), the main limitation for the widespread use of QKD is that the systems are not interoperable between different suppliers; however, experts are already working to change this in the future.