From The Editor | January 11, 2024

It's No Secret, Q-Day Is Coming

John Headshot cropped 500 px wide

By John Oncea, Editor

Data Security GettyImages-1400359666

Q-Day poses a threat to infrastructure such as water, energy, electricity, health, safety, security, and national defense. The encryption schemes most susceptible to quantum attacks are those that rely on large prime numbers – or nearly all digital communication systems.

I was going to start with a quote from Buddha, “Three things cannot long stay hidden: the sun, the moon, and the truth.” But, after a little fact-checking, it turns out Buddha never said that.*

So, on to the next-best quote about secrets: “Nobody on this earth is perfect. Everybody has their flaws; everybody has their dark secrets and vices.” This, of course, is attributed to Juice Wrld.

Now, whether you seek inspiration from Buddha or Juice, one thing is clear: everybody has secrets, and keeping them is hard. Well, when Q-Day hits, nobody’s secrets will be safe. Not even those safeguarding our health, safety, security, and national defense.

* Chef’s kiss to whoever thought of the site’s tagline, “I Can't Believe It's Not Buddha!”

Q-Day: Coming To A Computer Near You In A Couple Of Years. Or Maybe 25.

Q-Day is predicted to be a global cybersecurity event that will expose all our secrets using quantum computers powerful enough to crack any security code. Business Insider writes, “It'll be a massive turning point for how the world thinks about digital privacy, as it could put confidential information at risk of exposure.”

Though experts don’t agree on when it will happen – some say 2025, others lean toward “the middle of the century” – it promises to crack “codes that encrypt data across our public networks and protect information in places like banks, government agencies, and major companies.”

The possibility of Q-Day was sprung on the world last February when Quantum Defen5e (QD5) executive vice president Tilo Kunz announced, “Machines vastly more powerful than today’s fastest supercomputers would be capable of cracking the codes that protect virtually all modern communication,” reports Reuters.

Since then, countries around the world have been plundering data “so that intercepted messages can be decoded after Q-day in what (Kunz) described as ‘harvest now, decrypt later’ attacks,” Reuters writes. “Militaries would see their long-term plans and intelligence gathering exposed to enemies. Businesses could have their intellectual property swiped. People’s health records would be laid bare.”

Kunz says the understanding that quantum computers will lead to Q-Day has incentivized countries around the world to begin harvesting data now with hopes of decrypting it in the future before adding, “Everything that gets sent over public networks is at risk.”

The Race Is On

We are currently in the initial phase of quantum computing which will result in machines significantly more potent than traditional computers as they rely on the characteristics of subatomic particles to perform complex calculations. They are capable of processing information at much higher speeds and performing calculations that are not feasible on current computers. However, only small quantum computers with limited processing power and susceptibility to errors have been produced so far.

Part of the reason quantum computers haven’t developed more rapidly “is that the key processing units of quantum computers, known as qubits, aren't stable for long enough to decrypt large amounts of data,” Business Insider writes.

“Conventional computers process information as bits – either 1 or 0, and just one number at a time,” adds Reuters. “Quantum computers process in quantum bits, or ‘qubits,’ which can be 1, 0, or any number in between, all at the same time, which physicists say is an approximate way of describing a complex mathematical concept.”

Quantum computers operate by utilizing a strange phenomenon in quantum mechanics called entanglement, wherein particles such as electrons or photons can become connected even when separated by vast distances. This allows changes in one particle to be immediately reflected in the other, rendering calculations that would be impractical to perform on traditional supercomputers possible. Physicists and computer scientists agree that qubits and entanglement are essential features of quantum computers.

This technology is radically different from what exists today but, when the technology catches up, Michael Biercuk, the founder and CEO of quantum tech company Q-CTRL, says it’s “likely to be as transformational in the 21st century as harnessing electricity as a resource was in the 19th century.”

With that in mind, global superpowers such as China and the U.S. are investing heavily in quantum research with the U.S. having spent $1.8 billion in 2022 alone. China President Xi Jinping has been touting the strategic value of quantum technology for years and China is spending more than $15 billion on quantum research by some estimates.

As the race to develop quantum computing intensifies, so does the race to protect critical data. According to Reuters, “Washington and its allies are working on new encryption standards known as post-quantum cryptography – essentially codes that are much harder to crack, even for a quantum computer. Beijing is trying to pioneer quantum communications networks, a technology theoretically impossible to hack, according to researchers.”

History Repeats Itself

While quantum technology is new, the “harvest now, decrypt later” frenzy its potential has set off isn’t. It was 60 years ago that the U.S. government engaged in the most successful harvest now/decrypt later operation ever: the Venona project.

“Launched in 1943, Venona was a 37-year U.S. effort to decipher Soviet diplomatic communications collected by the Americans during and after World War Two,” Reuters writes. “U.S. codebreakers, aided by allies, were able to decrypt more than 2,900 cables from thousands of messages sent by Soviet intelligence agencies between 1940 and 1948, according to CIA documents.”

The cracking of the cables’ code brought to light the extensive Communist intelligence operations that were conducted against the U.S. and its allies and led to the discovery of Soviet infiltration of the Manhattan Project. Furthermore, the existence of the Cambridge Five, a group of top British civil servants who spied for Moscow, also was revealed.

“The West’s breakthrough was the realization that the Soviets had misused so-called one-time pads: a time-tested form of encryption in which a secret key is used to encode a message sent between parties.” writes Reuters. “The method got its name because, in its earliest forms, keys were printed on a pad whose pages each contained a unique code; the top page was ripped off and destroyed after a single use. The Soviets blundered by printing and using duplicate pages in one-time pads for a limited time. This allowed allied analysts to painstakingly decrypt some of the messages years later.”

What was a “painstaking” project when the cables were finally decoded in the 1970s would be a cinch today with the help of quantum computers.

The Best Offense Is A Good Defense

Around the world, government security agencies and private companies are developing strategies to counter the looming threat posed by quantum computers. In August 2023, the U.S. National Security Agency called on the public and businesses to implement new security measures to protect their communications using post-quantum cryptography (PQC). The U.S. National Institute of Standards and Technology (NIST) chipped in, selecting four PQC algorithms – encryption standards that some cyber experts believe will provide long-term security.

“Not everyone agrees the new algorithms will offer reliable security,” writes Reuters. “Kunz told Reuters that eventually the new ciphers could be compromised as quantum computers improve. ‘The problem is that PQC is not unbreakable. It does not solve the harvest now, decrypt later problem.’”

IDQ’s Ribordy said that today’s classical computers also might be able to crack these new codes. The complex math problems at the heart of PQC are “so new” that they have not been studied very extensively, he noted.

NIST remains optimistic, however, with a spokesperson saying the agency “has confidence in the security of the PQC algorithms selected for standardization, (or) else we wouldn’t be standardizing them. The algorithms have been studied by experts and went through an intensive evaluation process.” The spokesperson went on to say it was not inevitable or even a “safe assumption” that they would be broken.

One additional challenge in defending against Q-Day is that when it arrives, the quantum codebreakers are unlikely to announce their success. Instead, they will probably remain silent to take advantage of their newfound ability for as long as possible. “We won’t necessarily know” when the codes are broken, Kunz said. “We will probably find out the hard way, but what we can expect is that they will be broken.”