Cyber security experts have warned that within the next decade, cryptographically encrypted data - currently considered the gold standard for securing data - could be decrypted as cybercriminals and nation states develop quantum computing capabilities.
A recently published peer-reviewed paper, led by an Australian research team, found that without urgent action to properly secure IT networks against “quantum hacking”, cryptographically encrypted data could in future be decrypted by malicious actors.
Dr Fida Hasan, the lead author of the paper and Lecturer in Cybersecurity at UNSW Canberra, says that quantum computers could potentially reduce the time required to decrypt and compromise cryptographic security systems from millions of years to days or even hours.
“IT networks that use popular cryptographic security algorithms, like RSA, are currently quite secure against being hacked, even if supercomputers are used to try and decrypt the cryptographic algorithms,” Dr Hasan said.
“Using current conventional supercomputers, it would still take millions or even billions of years to hack those security cryptosystems, but with the power of quantum computers the time taken to decrypt those algorithms would be significantly reduced, potentially to a day or even less.
“There are some predictions that suggest a quantum computer, with the ability to rapidly decrypt cryptographic security algorithms, could be developed within the next decade. For example, the often cited ‘Neven's Law’ for quantum computing, which says that quantum computing power will grow at a doubly exponential rate, would mean this timeline is within the realms of possibility.”
To combat the threat of quantum hacking, Dr Hasan and the research team have urged the roll-out of newly developed US National Institute of Standards and Technology (NIST) approved “post-quantum cryptography” (PQC) to further secure sensitive and classified data.
“PQC attempts to create new cryptosystems based on mathematical problems that are thought to be incredibly difficult to solve even for quantum computers,” Dr Hasan said.
“There should be an urgency to implement security systems, like PQC, that can resist quantum attacks because adversaries are already harvesting stolen encrypted data with the intent of decrypting it later using quantum computers.”
As part of the paper, published in the peer-reviewed IEEE Access Journal, the research team has developed a framework for transitioning to PQC systems that is focused on the unique challenges of migrating IT security systems to PQC.
Over the next few years, it is expected NIST will have coordinated the development of standardised, interoperable, and quantum-safe PQC systems that can be used by government agencies, businesses, and other organisations to protect sensitive information from future quantum computer attacks.
“Australia has been monitoring the looming threat of quantum hacking, which has led to the Australian Signals Directorate to direct organisations to follow the NIST guidelines for PQC systems,” Dr Hasan said.
“Organisations need to start migrating their data assets as soon as possible, and that work needs to be prioritised by the value and required longevity of secrecy of each asset.”
The research was supported by the Cyber Security Cooperative Research Centre (CSCRC) and was a collaboration between Queensland University of Technology, University of New South Wales, Deakin University, Quintessence Labs, and Tata Consultancy Services.