Quantum computers raise corporate encryption concerns

Next generation of computers capable of complex and near-instantaneous calculations – exactly what hackers need to breach network security systems 

Computer security consultant Rob Slade (left), who spoke at the March 17 BSides Vancouver tech security conference, believes quantum computers will hit the consumer market in the next 10 years | Photo: Tyler Orton

The idea goes that the simplest way to hack a computer is through a brute-force attack.

Given enough time, an algorithm plugs in every conceivable password and username before it gains access. While it’s the likely cause behind last year’s infamous Sony (NYSE:SNE) hack, depending on the password’s complexity, it could take too long before a security system detects and repels a brute-force attack.

But could a quantum computer – one that uses subatomic particles to process complex calculations almost instantly – like the one developed at Burnaby’s D-Wave Systems be used for decryption?

Computer security consultant Rob Slade, who was addressing the BSides Vancouver security tech conference March 17, said the issue comes up frequently as consumer-oriented quantum computing inches closer to reality.

“It feels like we’re on the brink,” Slade said, noting people once thought driverless cars were decades away.

“You can make fun of me if you like, but I’m willing to predict that within 10 years … most of you would now have quantum coprocessors in your laptops.”

While no company has built a full-scale quantum computer, D-Wave developed the world’s first “commercially viable” quantum coprocessor, which costs $15 million and mimics many of the functions of a quantum computer.

Traditional computers rely on two bits – ones and zeroes – to make calculations; quantum computing relies on qubits. Qubits possess a “superposition” that can be one and zero at the same time and calculate all possible values in a single operation. And that ability is what’s needed to make a brute-force attack successful.

But Slade said D-Wave’s quantum coprocessor wouldn’t be well suited for decryption when it comes to hacking systems at major companies.

While American mathematician Peter Shor developed a proven algorithm in the 1990s for a quantum computer that would make all possible calculations in one operation, Slade noted the algorithm needs a machine with 8,000 qubits.

The D-Wave Two has just 512 qubits.

In the absence of any “actual, full-scale quantum computers,” Slade said using D-Wave’s machines for decryption purposes isn’t viable – or even possible.

Furthermore, he added the theoretical margin of error in quantum cryptography is significant enough that it levels the playing field compared with traditional computers.

“All of this hugely expensive, supremely elegant, lovely quantum crypto is no better than what we’ve already got,” he said.

But even if major companies like Sony and Target (NYSE:TGT) aren’t vulnerable to a debilitating quantum computer attack, Robert Herjavec said security has yet to become part of corporate culture for many businesses.

“There is no sector in the economy that is not under potential threat,” the CEO of IT security firm the Herjavec Group told Business in Vancouver.

“It’s kind of like being an alcoholic. The first thing you have to do is accept that you have a problem. Everyone has a problem with security.”

Herjavec, who’s best known as a panellist on Dragons’ Den and Shark Tank, described the Sony hacking and Target’s 2013 breach as two “seminal” events that are changing how companies approach IT security.

“The CEO of Target was fired because of the breach,” said Herjavec, referring to Gregg Steinhafel’s forced resignation after information was exposed from as many as 110 million customers’ credit and debit cards.

“For the first time it showed security has an executive footprint.”

Ryan St Hilaire, vice-president of product management at Absolute Software, said these events are also accelerating the market for information security.

His Vancouver-based security software company announced a deal March 16 with Hewlett-Packard (NYSE:HPQ) that would install its technology in all the computer maker’s educational tablets and notebooks.

And even as Hewlett-Packard installs the security technology at the factories, St Hilaire said more companies must begin implementing multiple different internal processes to ensure they’re not vulnerable to a brute-force attack.

“It’s not just a one-time investment; it’s an ongoing thing.”