Hackers could steal encrypted data now and crack it with quantum computers later, warn analysts
Beijing-backed hackers might soon start trying to steal encrypted data — such as biometric info, the identities of covert spies, and weapons designs — with a view to decrypting it with a future quantum computer, according to analysts at US tech consultancy Booz Allen Hamilton (BAH).
“In the 2020s, Chinese economic espionage will likely increasingly steal data that could be used to feed quantum simulations,” the analysts write in the report Chinese Threats in the Quantum Era.
At risk are data protected by the current algorithms underpinning public-key cryptography, which some fear may be rendered useless for protecting data once quantum computers become powerful enough.
The big question is when such a quantum computer might arrive. However, Booz Allen Hamilton’s analysts suggest it doesn’t matter that an encryption-breaking quantum computer could be years off because the type of data being targeted would still be valuable. Hence, there’s still an incentive for hackers to steal high-value encrypted data.
Recent studies suggest it would take a processor with about 20 million qubits to break the algorithms behind public-key cryptography, which is much larger than the quantum processors that exist today. But a quantum computer that threatens today’s algorithms for generating encryption keys could be built by 2030.
The report frames the threat from China around its past cyber-espionage campaigns and the nation’s ambitions to be a major quantum computing player by mid-2020, as major US tech firms such as Google, IBM, IONQ and others race towards ‘quantum supremacy’.
“China’s current capabilities and long-term goals related to quantum computing will very likely shape the near-term targets and objectives of its cyber-enabled espionage,” the report states.
It’s warning cybersecurity chiefs to be aware of China’s espionage targeting encrypted data as an emerging risk.
“By the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals, and chemicals,” the analysts warn.
However, they add that while China will remain a major player in quantum computing, it probably won’t surpass the US and Europe in quantum computing by the mid-2020s.
The consultancy notes that data decryption poses a “high risk” in the 2020s, but it reckons China’s chances to build a cryptography-breaking quantum computer before 2030 are “very small”. Nonetheless, they argue, the distant promise of quantum and the opportunities at stake will make encrypted data an enticing target in the years to come.
“Still, the outsized threat of a rival state possessing the ability to decrypt any data using current public-key encryption rapidly generates high risk,” the report states.
“Encrypted data with intelligence longevity, like biometric markers, covert intelligence officer and source identities, Social Security numbers, and weapons’ designs, may be increasingly stolen under the expectation that they can eventually be decrypted.”
BAH warns that it could take organizations a “decade or longer” to implement an organizational strategy for deploying post-quantum encryption.
However, the US Institute of Standards and Technology (NIST) is looking for answers to post-quantum cryptography and selected a shortlist of candidates for exchanging digital keys and adding digital signatures, as CNET’s Stephen Shankland reported.
As NIST notes, it took almost two decades to deploy our modern public key cryptography infrastructure.