Why Your Data Is Safe From Quantum Hacking for Now

Don't worry just yet about your online data getting hacked using quantum computers. 

Fujitsu reported that a new study on its quantum simulator shows it will be difficult for quantum computers to crack standard security for many years. Experts agree that your personal information isn't immediately at risk, but the hacking threat is real, especially for national security secrets. 

"With the costs of storage and processing power continuing to come down sharply and China and the United States pouring massive resources into quantum encryption and decryption, the future likely will be here sooner than we think regarding the quantum threat," Bryan Cunningham, an advisory council member at the cybersecurity firm Theon Technology told Lifewire in an email interview. 

Quantum Leap?

Fujitsu conducted trials last month using its 39-qubit quantum simulator to assess how difficult it would be for quantum computers to crack existing RSA cryptography, the standard protection for most users. Company researchers discovered a fault-tolerant quantum computer. They said a computer with a scale of 10,000 qubits and 2.23 trillion quantum gates would be required to crack RSA. They estimate that conducting quantum computation for about 104 days would be necessary to break RSA.

"Our research demonstrates that quantum computing doesn't pose an immediate threat to existing cryptographic methods," Tetsuya Izu, Senior Director of Data & Security Research at Fujitsu, said in the news release. "We cannot be complacent either, however. The world needs to begin preparing now for the possibility that one-day quantum computers could fundamentally transform the way we think about security."

As quantum computers get more capable, the fear is that they could be used to break standard encryption techniques. Mike Parkin, a senior technical engineer at the cybersecurity company Vulcan Cyber, explained in an email that encryption depends on how hard it is to work with large prime numbers. Quantum computing can make finding the prime numbers encryption relies on trivial. "What would have taken generations to compute on a conventional computer now comes up in moments," he added. 

But Parkin said it's hard to predict when quantum computing will make it into the mainstream and become a serious threat to our existing encryption schemes. "It's possible, if unlikely, that hidden away in a classified lab somewhere, there is already a quantum computer doing just that," he said. 

A Question of When, Not If

Despite the reassuring Fujitsu study, it's essential to remain vigilant about the quantum threat, Cunningham said. 

"More importantly, if you have to err on one side or the other, quantum decryption is such an existential threat to so much of economic and national security, any responsible person would be foolish not to err on the side of caution and aggressiveness in being able to fight the threat—whenever it fully arrives."

Sounil Yu, Chief Information Security Officer at the cybersecurity company JupiterOne said via email that it will be at least ten or more years before quantum computers are practical and affordable to break the strong encryption used today. 

The world needs to begin preparing now for the possibility that one-day quantum computers could fundamentally transform the way we think about security.

"Regardless of when quantum computers become capable of breaking today's encryption, crypto-agility is a capability that is needed today," he added. "It's something that CISOs can focus on now because we've already suffered failures of our cryptographic trust anchors, revealing how painful of an exercise it can be without a lifecycle view of our cryptographic components."

But there are things users can do to protect against the quantum decryption threat. Cunningham said you should take all "reasonable steps" to save your stored data from being snatched for future decryption. "If they can't steal it in the first place, they can't decrypt it in the future," he added. He suggested using multifactor authentication and being aware of potential phishing attacks (don't click on unknown links). 

"Companies with lots of sensitive stored data at risk also should begin to invest in emerging quantum-resistant data storage, key management, and multiple encryption technologies so that, if data is stolen, and China in the future is deciding which to decrypt first, they will skip yours and go to the next company's data," he added.