President Biden recently signed a law pushing federal agencies to adopt technology protected from decryption by quantum computing. The move is a sign that quantum computers are getting closer to becoming useful for applications and nefarious purposes. 

“The security of public key cryptography is based on the fact that it is difficult for computers to factor prime numbers,” Duncan Miller, a cybersecurity expert at Tanium, told Lifewire in an email interview. “Quantum computing could break this assumption and allow much faster decryption of data. While the risk isn’t yet imminent, the impact is potentially very severe.”

Quantum Leap

The law signed by the president requires the Office of Management and Budget to prioritize post-quantum cryptography for federal agencies when they get new IT systems. The White House would also be required to create guidance for federal agencies to assess critical systems. 

“The rapid progress of quantum computing suggests the potential for adversaries of the United States to steal sensitive encrypted data today using classical computers and wait until sufficiently powerful quantum systems are available to decrypt it,” according to the text of the bill. 

Quantum computers are a new type of machine that uses the phenomena of quantum mechanics, such as superposition, to perform certain calculations more rapidly. Quantum computers have exponentially more computing power, so what would take years for a current conventional computer could take hours on a quantum computer, Scott Bledsoe, the CEO of the cybersecurity firm Theon Technology said in an email to Lifewire. 

“Given that the most valuable commodity in the world today is now digital data and has been under attack since the dawn of computing, the introduction of quantum computing will escalate the threats of data loss, damage, exposure, and or theft exponentially,” Bledsoe added. 

One of the main risks associated with quantum computing is the potential for quantum computers to break specific cryptographic algorithms currently used to protect data, Bryan Hornung, the CEO of Xact Cybersecurity, said in an email interview. Many algorithms used to safeguard communication and data storage are believed to be secure against attacks by classical computers, but they may not be protected against attacks by quantum computers. Hornung said that if quantum computers become powerful enough, they may be able to break these algorithms, which could allow hackers to access sensitive data.

“Another risk is that quantum computers could be used to perform other types of computation that could be useful in the context of hacking, such as simulations of complex physical systems or optimization of machine learning models,” he added. “It is not yet clear what the full range of potential uses of quantum computers for hacking might be, but it is possible that they could be used in ways that pose a threat to user data.”

Staying Safe

Many researchers and organizations, including government agencies and private companies, are developing new cryptographic algorithms specifically designed to be secure against attacks by quantum computers, Hornung said. “These algorithms may be based on different mathematical foundations than the algorithms that are currently in use, and they may be more computationally intensive, which means that they may be more difficult to break even with a quantum computer,” he added. 

However, making software resistant to hacks by quantum computers will be costly, warned Tim Morris, Chief Security Advisor, AMER, at Tanium, said in an email. 

“The ability to defeat existing protections, like cryptography, has been mostly in academic or in government/defense circles,” Morris said. “However, it will become more prevalent as nation-states begin to “invest” in quantum technologies.”

But experts say quantum computers have a long way to go before they are capable of hacking data. “In fact, it is not clear that quantum computers will ever be able to perform certain types of hacking attacks better than classical computers,” Hornung said. “Overall, the risks associated with quantum computing with regard to user data are largely theoretical at this point, as quantum computers are still in the early stages of development, and it is not yet clear how powerful they will eventually become.”