Quantum computing was once nothing more than a dream for computer scientists who were striving to create a computer that could outperform any hardware on the market. In the early days, it seemed such a device would have limited applications. However, in today’s cloud-centric, containerized, AI-obsessed, big-data-driven world, the idea of quantum computing could have massive ramifications throughout the IT industry.
With more and more businesses pushing the envelope of performance to the brink, something will have to arrive soon to offer the computing power required by modern-day workloads. And given how limited the current architectures are (especially under the threat of malicious code that causes companies like Intel to throttle their CPUs), without a new type of technology, those workloads will soon hit a performance ceiling.
Ergo, quantum computing.
What is Quantum Computing?
First off, let’s address exactly what quantum computing is. You’ve probably heard of quantum mechanics, which is (essentially) a physics theory that describes the behavior of everything (such as atoms, electrons, and photons) in the molecular and submolecular realms. In other words, it’s a branch of physics that focuses on the very, very, very small.
One might say that quantum mechanics does sweat the small stuff.
With regard to technology, quantum computers exploit the quantum level by leveraging the behavior of particles and waves by utilizing specialized hardware. This hardware is capable of performing calculations exponentially faster than traditional hardware.
How does this work?
First, let’s consider the basic unit of quantum information, which is the qubit. Unlike the traditional bit, a qubit can exist in two states simultaneously. Because of this, a quantum computer processes data much differently.
Consider the scenario of a mouse in a maze. A traditional computer solves this problem by running every possible path (one at a time) until it finds the solution. A quantum computer solves this problem by running every possible scenario simultaneously. So, instead of running scenario A, then scenario B, then scenario C (etc.) until it finds the solution, a quantum computer runs A, B, C, etc., all at once to arrive at the solution much, much, much faster.
The Implications of Quantum Computing
The implications of this are staggering, especially when applied to cybersecurity.
Let’s set the stage for danger.
Say you have a password that is 8 characters long and all lowercase. A traditional computer can crack that password instantly. However, if you mix cases for that 8-character password, that same computer takes 22 minutes to crack it. Bump the length of that password up to 12 lowercase characters, and the time jumps dramatically to 3 weeks. That same traditional computer would take 34,000 years to crack a password that was 12 characters and consisted of at least one upper case character, one number, and one symbol.
To sum that up:
- password – cracked instantly
- PassWorD – cracked in 22 minutes
- passwordcats – cracked in 3 weeks
- P@ssw0rdcats – 34,000 years
The reason why it can take a traditional computer so long to crack that final password is because it has to test every conceivable option one at a time.
Now, imagine you have a quantum computer that could test every conceivable option all at once? All of a sudden that 34,000 years can be vastly reduced.
However, this is not only “in theory,” but it’s also problematic. For example, qubits cannot be transmitted over the internet, so sending quantum superpositions of passwords to a server isn’t possible. What would be required for this is first cracking into a remote computer, locating the salted password hash, and then running a salt/hash/compare function against what you’ve found. Remember, with a traditional computer, that salt/hash/compare is run one word at a time, which can take a very long while. With quantum computing, you can apply Grover’s Algorithm to use quantum superposition. Follow that with the Grover Iteration to perform the password testing until the password is cracked.
When you combine all of this together, it becomes incredibly challenging to pull off. On top of which, the hacker would have to have access to a quantum computer to make it work.
But let’s say the hacker does have access to a quantum computer and understands all of the technology required to pull it off. All things being equal, what would have taken years to accomplish now only takes days.
Think about that. Instead of a very complicated password taking thousands of years to crack, it could now be done in days.
To add a bit of fuel to that fire, imagine that a hacker collective gained access to (or built) a quantum computer. With that level of power, they could not only crack passwords faster, but they could also create more powerful means of hacking. Instead of hacking into systems one at a time, hackers could instead break into thousands (or hundreds of thousands) of systems simultaneously.
That means traditional security methods are worthless against the might of a quantum computer. And should a group of hackers find themselves with a quantum computer, all bets are off. Once those hackers unleashed the power of a quantum computer, it would take another quantum computer (or a cluster of them) to combat the bad actors.
Companies (especially those of a smaller and mid-sized nature) wouldn’t stand a chance. The only defense they might have would be to either employ their own quantum computer to serve as a means to block other quantum computers from breaking through their systems or to employ air-gapped computers to somehow store sensitive information. The latter option, of course, wouldn’t work because most server login systems require that information to be constantly accessible.
Other options would be to employ things like quantum random number generators, quantum-secure communication (such as quantum key distribution), and machine learning to quickly detect and prevent break-ins. These possibilities not only stand to mitigate the threat of quantum computer attacks but also to bring cybersecurity to a level that would become considerably more challenging to crack.
The good news is that (at least at the moment) the possibility of hackers gaining access to quantum computers is low. Why? First off, quantum computers aren’t readily available. Yes, the first commercially-available quantum computer was put on the market in 2011. But it’s not like hackers can go to Best Buy and purchase one. Not only are they hard to get, but they are also expensive. A Chinese firm called SpinQ started selling quantum desktop computers for $50,000 in 2020. That machine weighed over 100 pounds, so it wouldn’t be very practical. But soon, they are rumored to release another device for around $5,000. So even though the cost has decreased significantly, those machines are still considerably more expensive than traditional computers. The caveat to the $5,000 quantum desktop computer is that it’s only capable of processing 2 qubits, which is far less powerful than the $50,000 option.
Of course, to get serious power (we’re talking 50 qubits), the price skyrockets to nearly 10 million dollars. In other words, to gain the true power of quantum computing, you’d have to shell out considerable money, the likes of which most hackers don’t have. On the other hand, a very large enterprise corporation could find the budget for such a machine.
Another issue with quantum computers (at least at the moment) is the lack of available applications. It’s not like you could purchase a quantum computer and run a traditional web browser or software stack on it. Any business (collective or individual) would either have to have a dedicated team of developers to build applications for the architecture or wait until third parties start making such apps available.
Conclusion
Right now, quantum computing is not exactly ready for prime time. Not only is it cost prohibitive but also their range of applications makes them less than viable. But as the industry continues to grow and businesses start employing these powerful machines, everything will change. But as long as quantum computers remain out of the hands of hackers, businesses should be able to get a leg up and stay a few steps ahead of the hackers—which is quite the opposite of how the landscape is now (with hackers always ahead of companies).
