The Quantum Computing Threat to 5G Security
Recently, in the science journal Nature, Google claimed ‘quantum supremacy’ saying that its quantum computer is the first to perform a calculation that would be practically impossible for a classical machine. This quantum computing breakthrough brings us closer to the arrival of functional quantum systems which will have a profound effect on today’s security infrastructure. How will quantum computing affect the security of 5G technologies currently being developed and deployed?
Last spring we suggested that the emergence of quantum internet connectivity and computation, expected sometime in the next decade, poses numerous new cryptography and cybersecurity challenges for 5G security.
MIT offers an explainer on the nascent status of powerful quantum computers, how they work, and where they might provide practical value first. While quantum computers are not expected to replace classical supercomputers for most tasks and problems, they will leverage the “almost-mystical” phenomena of quantum mechanics to produce amazing advances in fields such as materials science and pharmaceuticals.
The secret sauce of quantum computing, which even Einstein called “spooky,” is the ability to generate and manipulate quantum bits of data or qubits. Certain computational tasks can be executed exponentially faster on a quantum processor using qubits, than on a classical computer with 1s and 0s. A qubit can attain a third state of superimposition of 1s and 0s simultaneously, encode data into quantum mechanical properties by “entangling” pairs of qubits, manipulate that data and perform huge complex calculations very quickly. The fundamental challenge is to build a sufficiently high capacity processor capable of running quantum algorithms in an exponentially larger computational space.
The Breadth of the Quantum Threat to Cybersecurity and 5G Security
It is anticipated that quantum computers will be capable of breaking 99% of the encryptionused to protect today’s enterprises, financial systems and governments. Primarily this comes from the incredible multiple processing capabilities which enable quantum computers to use algorithm’s and mathematical formulae such as Shor’s algorithm to break down extant cryptographic protocols.
The security of hundreds of billions of dollars in e-commerce transactions is at stake. This security vulnerability also applies to data stored on a digital blockchain. Even more importantly, the integrity of communication controlling critical infrastructure cyber-physical systems could be threatened with resulting impacts potentially threatening lives, well-being and the environment. Encryption in wide use today is unbreakable only because of the massive amounts of time, measured in hundreds or thousands of years, that it would take existing supercomputers to break the underlying mathematical codes.
A May 2019 study by a Google researcher in California and one at the KTH Royal Institute of Technology in Sweden, shows that quantum technology will catch up with today’s encryption standards faster than expected and should greatly concern any public or private organization that needs to store data securely for 25 years or more.
The impending arrival of quantum code breaking capability means that nation states and their military operations, as well as business enterprises, will need to upgrade to quantum-resistant hardware and cryptography to safeguard their data before full-scale quantum computers become available.
Securing classical encryption protocols against quantum technology-equipped adversaries requires a whole new level of effort and care. At the same time, quantum devices already available can also be used to improve cybersecurity by achieving tasks such as very secure secret key expansion.
While quantum computing is likely within the next decade or so, deployment of 5G-network infrastructure is much more imminent and 5G equipment has a service life that extends well beyond the arrival of quantum computing putting 5G security at risk. Telecommunications companies now building 5G infrastructure, along with related mobile IoT systems, rail transit digitization projects, smart manufacturing processes, and smart cities, are all currently investing in technology with expected service lives measured in decades. So, all of that equipment must be quantum resistant to remain secure well into the future. The more insecurities are left in the foundational architecture of 5G the more expensive and time-consuming it will be to plug up the quantum-related security vulnerability gaps in the future.
Additionally, industrial and civic Internet of Things (IoT) networks, increasingly being connected through 5G, have exponentially larger attack vectors and will be highly vulnerable unless they are designed to be quantum safe. That means that civilian government agencies and IT and communications stakeholders need to address the risks now and upgrade to some form of quantum resistant encryption. Doug Finke, a quantum industry analyst, has warned of the need to upgrade 10-20 billion devices with quantum resistant encryption, given that most of today’s online encryption will be vulnerable to quantum enabled hacking. One example of a telco that’s proactive on post-quantum infrastructure is SKTelecom, South Korea’s largest mobile operator, which has already developed Quantum Key Distribution (QKD) technology for its 5G network. It has also partnered with Telefonica, BT, Toshiba and ID Quantique to create a global quantum key ecosystem. The fact that some of the most advanced competitors in the field such as SKTelecom have already developed such measures should be yet another serious warning sign to those who haven’t considered the issue yet.
Another challenge is that the security of historical data, and even data generated in 2019-2020 or later, could be broken retroactively whenever quantum computers power up. If somebody intercepts encrypted messages today, they could decrypt them using quantum computing down the road. In fact, unknown bad actors may be downloading encrypted data in a “harvest now, decrypt later” scheme that could compromise military weapons systems, and personally identifiable information (PII) like SSNs and personal health records. Secure private data storage is pretty cheap, so such schemes are totally realistic. Today’s harvesters in fact, could be stockpiling databases for sale in the future to the highest bidder among adversarial nation states and terrorists or other criminal organizations.
So if you are building infrastructure today, such as the 5G infrastructure, and promising secure messaging, quantum computing is another security threat to think about. You may want to consider using hybrid classical and quantum resistant encryption that would force hackers to break both types of cryptography before they could gain access to protected data.
Current Advances in Quantum Computing
These threats are becoming more real and urgent with breakthroughs happening in quantum laboratories. Recently, in the science journal Nature, Google claimed ‘quantum supremacy’as it showed off its Sycamore chip, that can work like a quantum computer should, performing a calculation in a few minutes that it says would take the fastest classical computer 10,000 years. Google’s Alphabet CEO Sundar Pichai boasted about the multiple layers of systems engineering that required, saying “its as complicated as it gets from an engineering perspective.” He’s excited about being ‘only one creative algorithm away’ as the Nature paper describes it, from valuable near term applications that will help us understand the chemistry and physics of nature better by simulating molecules and molecular processes. Potential uses cases include designing better batteries, more effective medicines and responses to climate change.
IBM, which has its own 53-qubit processor, disputed Google’s claim of quantum supremacyand asserts that a simulation of the task performed by Google can actually be done in 2.5 days on a classical computer such as the one at Oak Ridge National Laboratories in Tennessee, so technically that threshold of ‘supremacy’ has not yet been reached. IBM didn’t actually run simulations, but based its own estimate on a theoretical model. Irrespective of these claims from IBM, the practical reality is that lowering the time needed for a supercomputer from 2.5 days to a few minutes or hours doesn’t change the cryptographical security issue – it merely limits its scope to bigger and more important targets.
A computer science professor at the University of Texas, Austin published an editorial in the New York Times on October 30th explaining quantum supremacy, and characterizing the Google demonstration as ‘a critical milestone’ on the path to quantum computing.
The search giant’s progress in quantum computing is undeniable even though practical uses of it at this point may be limited to verifying randomness of numbers for crypto keys. IBM agrees that “building quantum systems is a feat of science and engineering, benchmarking them is a formidable challenge” and concedes, “Google’s experiment is an excellent demonstration of the progress in superconducting-based quantum computing.” IBM similarly predicts quantum breakthroughs that boost machine learning, simulation and optimization. These capabilities may enable design of new materials, innovative business models and transformation of global supply chains. IBM suggests that hybrid quantum-classical computer architecture will emerge to “outsource” portions of difficult problems to a quantum computer.
IBM also observes that the concept of quantum computing is inspiring a whole new generation of scientists, including physicists, engineers and computer scientists to transform information technology. It is collaborating with San Jose State University on providing students with the skills needed for high tech jobs of the future, including in quantum computing.
Meanwhile, David Poulin, co-director of the quantum information program at the Canadian Institute for Advanced Research says that Google’s recent progress “is not a technology milestone, it’s a scientific milestone.” Google’s quantum hardware researchers are talking with their company’s security experts about adapting the Sycamore experiment to create random numbers for encryption keys. They are also testing whether Sycamore-like chips might help machine-learning algorithms to generate useful virtual reality images of things like natural weather phenomena and manufacturing processes.
IBM, Intel, Google and start-ups Rigetti and in Canada, D-Wave already have developed processors with up to 53 qubits, and can envision scaling up to hundreds or thousands of qubits. But apparently it will take quantum computers with more like a million qubits to accomplish full error checking and practical usefulness. D-Wave announced last month that it will house its first Leap quantum cloud-based system outside North America in Julich, Germany to serve researchers and app developers in Europe. Chinese tech and internet firms like Alibaba Group Holding, are also ‘all-in’ on developing similar quantum machines. Meanwhile, the NEC Corp of Japan, though an early leader in quantum computing technology, long ago ceded the field to others.