See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/340439482

Quantum Computing in Data Security: A Critical Assessment

Article  in  SSRN Electronic Journal · January 2020

DOI: 10.2139/ssrn.3565438

CITATIONS READS

0 103

2 authors, including:

Sunita Patil
K J Somaiya Institute of Engineering and Information Technology Sion
20 PUBLICATIONS   25 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Robotic Process Automation- Review View project

All content following this page was uploaded by Sunita Patil on 08 August 2021.

The user has requested enhancement of the downloaded file.

 Quantum Computing in Data Security: A Critical
Assessment
Mr. Prashant Nair,
PG Student,
Department of Computer Engineering
K.J. Somaiya Institute of Engineering and Information
Technology
Sion, Mumbai, India
University of Mumbai
prashant.pn@somaiya.edu
Abstract— Inception of “quantum supremacy” officially
announced by Google has given rise to future threats to data
security and privacy. One of the areas that we must focus on is
the future threats to all applications dependent on IT, not just
restricted to military applications, power distribution, smart
cities but all automated infrastructures (especially critical
infrastructure). The objective of the study is to make the
community aware of the current and future threats to data
security and privacy using future quantum applications. The
paper mainly demonstrates how PKI and its key exchange
method can be compromised easily with the help of quantum
computers and also proposes a solution to make our key
exchange protocol secured, using QKD which ensures a hack-
proof exchange of keys between the sender and intended
receiver. The paper also explores the research observation
areas that can be focused on, for protecting against future
threats emerging due to quantum evolution.
Keywords—quantum computing, data security, hacking
encryption, threat, post-quantum cryptography, PQC algorithms,
quantum computers, Shor’s algorithm, Grover’s algorithm,
symmetric cryptography, asymmetric cryptography
I. INTRODUCTION
Quantum Computing is inspired by the laws of Quantum
Physics [1]. The chief goal of quantum computing is to
perform fast processing in less amount of time. It’s like
getting computing power of lakhs of computer server
systems combined in a single chip. Quantum computing
represent the data in the form of states. In a typical
computing paradigm, the data in each physical state is
represented as binary “0” or “1”. However, in quantum
computing paradigm, each quantum state can maintain both
binary “0” and “1” simultaneously, officially called Qubits
(quantum bits). The concept and implementation of Qubits
opened a new horizon in the field of data processing and AI
enabling fastest computing operations till date.
Quantum computing is the niche approach people are
discussing since the official declaration of quantum
supremacy [2] by Google. Though this is a major break-
through which can change the way how we can perform
bigdata processing, artificial intelligence, and many more;
there exists adverse effects of the same which need to be
mitigated proactively. One of the major threats that is
Electronic copy available at: https://ssrn.com/abstract=3565438
Dr. Sunita Patil,
Professor,
Department of Computer Engineering
K.J. Somaiya Institute of Engineering and Information
Technology
Sion, Mumbai, India
University of Mumbai
spatil@somaiya.edu
predicted by many computer scientists is breaking encryption
systems. Most of the encryption systems are considered safe
assuming the fact that the time required to crack into the
same is more and impossible for the conventional computing
techniques to speed up the process. In this paper we will
discover some of the methods which can be perceived as a
threat to our current data security architecture.
In this paper, Section II gives the background on present
encryption algorithms and systems, explaining its power and
time required to get compromised in terms of time in a
traditional computing environment. Section III discusses the
comparison between quantum computing and traditional
computing approach. Whereas, Section IV introduces Post-
Quantum Cryptography. Section V talks about the corporate
involvements in making a quantum computer. Section VI
discusses the threats posed to the critical infrastructure.
Section VII concludes with wide-research areas and
inspiration to make our community, quantum threat-proof.
II. PRESENT CRYPTOGRAPHIC ALGORITHMS AND SYSTEMS
This section will explain briefly the role of some of the
cryptographic algorithms in modern cryptography.
A. Symmetric Key Algorithm
Symmetric Key Algorithms are the algorithms that use
one key for encryption and decryption of the electronic
information. In this approach whenever a sender sends
encrypted electronic data, only the intended receiver can
decrypt the encrypted electronic data. Some of the symmetric
key algorithm are included but not limited to AES Advanced
Encryption Standard [3] [AES], Data Encryption Standard
[4] [DES], International Data Encryption Algorithm [5]
[IDEA], Rivest Cipher 4 [6] [RC4], Rivest Cipher 5 [7]
[RC5], Rivest Cipher 6 [8] [RC6] where RC4 is stream
cipher and others are block ciphers.
Symmetric Key Algorithm is ideally used for bulk
encryption which includes encrypting Bigdata or for
encrypting a column data in database. Currently the most
preferred algorithm used by tech-giants is AES and IDEA.
B. Asymmetric Key Algorithm more than one information at given time interval. This in-
Asymmetric Key algorithm involves ciphers with a turn leads to true massive parallel processing power.
public key and a private key, also called as Public Key
Cryptography. As compared to Symmetric Key algorithm, There exist two kinds of quantum computers; universal
Asymmetric key algorithm is slower in nature due to which quantum computers and non-universal quantum computers.
the same is ideally used only to establish a secure connection Universal Quantum computers are developed to perform any
which in-turn protects the communication using an encrypted kind of processing tasks whereas Non-universal quantum
channel. Some of the asymmetric algorithms includes Diffie- computers are ideally developed for specific tasks. For
Hellman protocol [9], Rivest, Shamir, Adleman algorithm example, Quantum computer for Weather Prediction.
[10] [RSA].
TABLE I describes the time required to ideally decrypt IV. POST QUANTUM CRYPTOGRAPHY (PQC)
the encrypted data using the brute-force technique. Quantum computing could be used to crack the existing
cryptographic schemes such as the widely used RSA, Diffie-
TABLE I. IDEAL TIME REQUIRED TO DECRYPT EACH ALGORITHM Hellman and Elliptic Curve Cryptography [ECC]. These
USING BRUTE FORCE ATTACK METHOD schemes protect government’s classified data, businesses’
intellectual property and citizen’s privacy as well as all
communications across these entities.[12]
Key Algorit Number Time Required Time Required at
Size hm of (109 1013 There is a degree of urgency in the drive towards creating
(bits) alternati decryption/sec) decryption/sec) a cryptography that is resistant to quantum computing. Such
ve keys schemes are commonly referred to as “quantum-proof
cryptography”. There is a need to begin the transition
56 DES 256 255ns=1.125 1 hr
towards acquiring these techniques as soon as possible,
years
especially since it will take over a decade to make existing
128 AES 2128 2127ns= 5.3 x 5.3 x 1017 years Web standards obsolete. Asymmetric cryptographic
1021 years algorithms used in key exchange protocols appear to be the
most vulnerable to compromise by known quantum
168 3DES 2168 2167ns = 5.8 x 5.8 x 1029 years algorithms, specifically by Shor’s algorithm.
1033 years
192 AES 2192 2191ns = 9.8 x 9.8 x1036 years
1040 years From strategic perspective, the countries which will be
able to achieve the post quantum cryptography, will enjoy an
256 AES 2256 2255ns = 1.8 x 1.8x1056 years asymmetric advantage in terms of not only securing their
1060 years critical infrastructure, military communication but also
acquiring the capability to breach the security of the
adversaries.
III. COMPARING TRADITIONAL COMPUTING AND QUANTUM Based on the National Institute of Standards and
COMPUTING Technology [NIST] guidelines [13] and results of
competition, researchers are developing cryptographic
Physicist Richard Feynman introduced the idea of algorithms to counter most of the types of attacks by a
quantum computer in the year 1982 with an argument of traditional computer and a quantum computer. Some of the
whether the computers can use the effects of quantum PQC types are as listed below:
mechanics and superposition. Though the same possibility
was initially declined, it later became one of the interesting 1. Code-based Cryptography includes all
concepts and topic for research [11]. cryptosystems, symmetric or asymmetric, whose
security relies, either partially or totally, on the
Ideally quantum mechanics talks about the microscopic rigidity of decoding in a linear error correcting code,
behaviour of states whereas the current traditional possibly chosen with some particular structure or in
computation talks about Boolean Algebra in which the states a specific family (for instance, quasi-cyclic codes, or
are discrete i.e. either Logic 1 or Logic 0. Goppa codes)[14][15].
In quantum computing, the data is represented using 2. Hash-based Digital Signatures [16] which uses
QuBits or Quantum Bits. A qubit is the unit of quantum cryptographic hash functions.
mechanical system that under some suitable circumstances
can be treated as having only two quantum levels and once 3. Isogeny-Based Cryptography [17] is based on the
we have that, we can use it to encode quantum information in hard problem to find an isogeny between two given
a similar way as that of a classical computer where you super-singular elliptic curves E and (E).
encode information in the two possible states of a transistor Cryptography based on isogenies between Super-
viz. on or off. But with a qubit you can use the quantum singular Elliptic Curves is a promising candidate for
properties of it being a quantum two-level system so that you Post Quantum Cryptography. The NIST is actively
can have conditions like quantum superpositions of states, running a competition in search for a secure Post
you can entangle multiple qubits and this gives you access to Quantum Cryptographic Algorithm. Recently, in the
an exponentially larger computational space than that of a second round of the NIST competition, an algorithm
classical computer. Due to this property, a qubit can hold called Super-singular Isogeny Key Encapsulation

Electronic copy available at: https://ssrn.com/abstract=3565438

 [SIKE] that focuses on walks in a Super-singular
Isogeny Graph.
4. Lattice-based cryptography [18] is the generic term
for constructions of cryptographic primitives that
involve lattices, either in the construction itself
or in the security proof. Lattice-based constructions
are currently important components of post-
quantum cryptography.
5. Multivariate polynomial cryptography [19]
Multivariate cryptography is the generic term for
asymmetric cryptographic primitives based
V. QUANTUM CRYPTOGRAPHY AND ITS APPLICATIONS
A Public Key Infrastructure [PKI] [20] enables users to
transmit and receive confidential data in a secured manner
in an unsecure network like Internet. PKI basically uses two
keys viz. public key and private key where the public key is
Fig 1 – Public Key Cryptography in Action (Bob sending secure private message to Alice in an insecure network)
In short, grabbing public key alone will not help the attacker
to perform decryption of ciphered message as its incomplete
without a private key. This is where hackers tried to identify
whether using public key, can we extract private key. Due to
Electronic copy available at: https://ssrn.com/abstract=3565438
on multivariate polynomials over a finite field. In
certain cases, those polynomials could
be defined over both a ground and an extension field.
If the polynomials have the degree two, we talk
about multivariate quadratics. Since solving multi-
variate polynomial problems is a NP problem, it can
be best used in Digital Signature implementations,
where NP is a complexity class used to classify
decision problems in computational complexity
theory.
an exposed key which the user (Bob) will use to encrypt the
data using the Receiver’s (Alice) Public Key and the same
will be decrypted by the destination by Alice via her private
key as shown in Fig 1. [21]
complex math required to discover private key using the
public key, it’s currently impossible to perform the same
due to lack of computation power in our classical computers
as shown in Fig 2.
 Fig 2 – Hacker attempting to crack the private key out of public key

However, the same can be made possible using Quantum

Computers due to its powerful computation speed using
Shor’s Algorithm[22] as shown in fig 3.

Fig 3 – Hacker attempting to retrieve the private key using Quantum Computing Setup with Shor’s Algorithm

The solution to handle such a situation is to use Quantum receiver as shown in Fig 4. In this example, we are using
Key Distribution [QKD] [23,24]. QKD can be clubbed with BB84 key distribution scheme developed by Charles
classical communication techniques since the goal of QKD Bennett and Gilles Brassard in 1984 which is considered as
is to just generate and distribute keys to the sender and the first quantum cryptography protocol.

Electronic copy available at: https://ssrn.com/abstract=3565438

 Fig 4 – Quantum Key Distribution Server Setup (Using BB84 Key Distribution Protocol)

Once the sender and receiver receive the key, he/she can use
the key for encrypting/decrypting the cipher text
respectively as shown in Fig 5.
The reason why this quantum cryptography protocol is an
un-hackable key distribution protocol is because quantum
state can never be regenerated based on No-cloning
Theorem which states that it is impossible to create an
identical copy of an arbitrary unknown quantum states. This
ensure that if there is any Man in the middle [MiTM] attack
being carried out, the quantum state the sender and receiver
may receive will be different, resulting in the failure of
decryption thus warning the sender and receiver that the
channel is unsecure.

Fig 5 – Entire Communication process using QKD and Classical Protocols

released previously with its cloud service. Coders can run

VI. CORPORATE COMPETITIONS TOWARDS QUANTUM
COMPUTING
Apart from Google, Microsoft is another corporate which
has been ambitiously conducting the research in quantum
computing. Microsoft service, named Azure Quantum,
integrates quantum programming tools, the company
quantum code on a simulated quantum hardware, or real
quantum hardware from conglomerates like Honeywell, and
start-ups such as IonQ, or QCI. Though they haven’t
claimed the quantum computer hardware being ready,
Microsoft Azure Quantum aspires to provide various cloud-
based services with the quantum computing capabilities and

Electronic copy available at: https://ssrn.com/abstract=3565438

also provides an open-source Quantum Development Kit for
the developers [20].
Though not participating in the race of building a
computing hardware, Amazon has announced that it will
partner with three firms to offer online access to prototype
quantum processors. The firm has come up with a new
service called Amazon Braket,where customers will be able
to test algorithms and calculations on quantum processors
from D-Wave Systems, IonQ and Rigetti Computing, in
addition to the classically-powered simulation environment
and will allow them to get some hands-on experience with
qubits and quantum circuits, through a notebook-style
interface. Amazon also recently introduced a Quantum
Ledger Database [21], that would record a log of
transactions and be able to automatically scale and execute
two to three times more transactions than already existing
products.
VII. THREATS POSED TO CRITICAL INFRASTRUCTURE AND
MECHANISMS
Brute-forcing was considered one of the effective
techniques for password cracking and to perform
cryptanalysis. A typical brute-force algorithm tries all
possible combinations to figure out the correct combination
to crack into the system or software. However, brute-force is
one of the slowest methods of hacking since our
conventional processors or cluster computing techniques are
not capable of speeding up the operations. Whereas, now
due to quantum processor, brute-force can now be one of the
most effective methods when it comes to cracking critical
information systems. Some of the possible future threats that
can be introduced due to quantum computing to critical
infrastructures and communication channels are as listed
below:
1. Breach of existing Secure Communication
Channel: Compromising secure end-to-end data
encryption channels used by military or financial
institutions for transferring critical data would be
very easy if the hacker has access to quantum
processing engines which has the capability to
process 10 million bits in a second. The current
encryption mechanism was termed secure based on
the time required to get compromised. Some of the
common algorithms used is RSA and AES
algorithms which claim the fact that if the same
needs to be compromised using brute-force
technique, will take several years to crack the code
using the traditional supercomputers. However,
using systems having quantum capabilities, the
same can be cracked in a few seconds. So, if an
intruder is capable to perform “Man in the Middle”
attack on a secure channel, he can sniff and collect
the data and can decrypt the same, at the same time
resulting in data confidentiality breach.
2. Decrypting Encrypted Drives using Quantum
Cryptanalysis: Many companies archive the data
in offshore data premises and its security is
Electronic copy available at: https://ssrn.com/abstract=3565438
maintained using “data-at-rest” encryption
algorithms. Compromising encrypted data stored in
overseas servers containing critical information
would become an easy task if quantum capabilities
are used for decrypting the same.
3. Autonomous Unmanned Explosives based on AI
Object Detection, Real-time Trajectories
Recognition and Object Tracking mechanisms:
With the evolution of AI and its capabilities to
identify real-time trajectories, object detection and
recognition, there is a fair possibility of developing
Unmanned Bombs which can easily bypass most of
the existing security mechanisms like
RADAR/SONAR sensors, motion detectors,
thermal sensors, etc.
VIII. CONCLUSION/WAY AHEAD
As mentioned in the application, PKI and its key
exchange method can be compromised easily with the help
of quantum computers. The proposed solution to make our
key exchange protocol secured, using QKD which ensures a
hack-proof exchange of keys between the sender and
intended receiver.
Based on the current technological advances, some of the
research observation areas we can focus on, for protecting
against future threats emerging due to quantum evolution,
though not limited to, are as follows:
1. Focus on each PQC algorithms.
2. Making all the applications enforced to use AES
256 as symmetric algorithm for data encryption at
rest.
3. Awareness on the scope and capability of quantum
computing.
REFERENCES
[1] S. Aaronson, "The Polynomial Method in Quantum and Classical
Computing," 2008 49th Annual IEEE Symposium on Foundations of
Computer Science, Philadelphia, PA, 2008, pp. 1-3.
[2] “Quantum Supremacy Using a Programmable Superconducting
Processor,” Google AI Blog, 23-Oct-2019. [Online]. Available:
https://ai.googleblog.com/2019/10/quantum-supremacy-using-
programmable.html. [Accessed: 15-Feb-2020].
[3] J. Daemen and V. Rijmen, "The First 10 Years of Advanced
Encryption," in IEEE Security & Privacy, vol. 8, no. 6, pp. 72-74,
Nov.-Dec. 2010.
[4] T. Nie and T. Zhang, "A study of DES and Blowfish encryption
algorithm," TENCON 2009 - 2009 IEEE Region 10 Conference,
Singapore, 2009, pp. 1-4.
[5] S. L. C. Salomao, J. M. S. de Alcantara, V. C. Alves and F. M. G.
Franca, "Improved IDEA," Proceedings 13th Symposium on
Integrated Circuits and Systems Design (Cat. No.PR00843), Manaus,
Brazil, 2000, pp. 47-52.
[6] Hammood M.M., Yoshigoe K., Sagheer A.M. (2013) RC4-2S: RC4
Stream Cipher with Two State Tables. In: Park J., Barolli L., Xhafa
F., Jeong HY. (eds) Information Technology Convergence. Lecture
Notes in Electrical Engineering, vol 253. Springer, Dordrecht
[7] J. Liang, Q. Wang, Y. Qi and F. Yu, "An Area Optimized
Implementation of Cryptographic Algorithm RC5," 2009 5th
International Conference on Wireless Communications, Networking
and Mobile Computing, Beijing, 2009, pp. 1-4.
[8] H. K. Verma and R. K. Singh, "Enhancement of RC6 block cipher
algorithm and comparison with RC5 & RC6," 2013 3rd IEEE
International Advance Computing Conference (IACC), Ghaziabad,
2013, pp. 556-561.
[9] I. R. Jeong, J. O. Kwon and D. H. Lee, "Strong Diffie-Hellman-DSA
Key Exchange," in IEEE Communications Letters, vol. 11, no. 5, pp.
432-433, May 2007.
[10] Xin Zhou and Xiaofei Tang, "Research and implementation of RSA
algorithm for encryption and decryption," Proceedings of 2011 6th
International Forum on Strategic Technology, Harbin, Heilongjiang,
2011, pp. 1118-1121.
[11] L. Ojala, E. Parviainen, O. -. Penttinen, H. Beaver and T. Tynjala,
"Modeling Feynman's quantum computer using stochastic high level
Petri nets," 2001 IEEE International Conference on Systems, Man and
Cybernetics. e-Systems and e-Man for Cybernetics in Cyberspace
(Cat.No.01CH37236), Tucson, AZ, USA, 2001, pp. 2735-2741 vol.4.
[12] Chen, L., Chen, L., Jordan, S., Liu, Y. K., Moody, D., Peralta, R., ...
& Smith-Tone, D. (2016). Report on post-quantum
cryptography (Vol. 12). US Department of Commerce, National
Institute of Standards and Technology.
[13] Cryptology ePrint Archive: Report 2019/047 - NIST Post-Quantum
Cryptography- A Hardware Evaluation Study. [Online]. Available:
https://eprint.iacr.org/2019/047. [Accessed: 15-Feb-2020].
[14] N. Sendrier, “Code-Based Cryptography,” SpringerLink, 01-Jan-
1970. [Online]. Available:
https://link.springer.com/referenceworkentry/10.1007/978-1-4419-
5906-5_378. [Accessed: 15-Feb-2020].
[15] N. Sendrier, "Code-Based Cryptography: State of the Art and
Perspectives," in IEEE Security & Privacy, vol. 15, no. 4, pp. 44-50,
2017.
[16] Buchmann J., Dahmen E., Szydlo M. (2009) Hash-based Digital
Signature Schemes. In: Bernstein D.J., Buchmann J., Dahmen E. (eds)
Post-Quantum Cryptography. Springer, Berlin, Heidelberg.
[17] C. Peng, J. Chen, S. Zeadally and D. He, "Isogeny-Based
Cryptography: A Promising Post-Quantum Technique," in IT
Professional, vol. 21, no. 6, pp. 27-32, 1 Nov.-Dec. 2019.
[18] A. W. Mohsen, A. M. Bahaa-Eldin and M. A. Sobh, "Lattice-based
cryptography," 2017 12th International Conference on Computer
Engineering and Systems (ICCES), Cairo, 2017, pp. 462-467.
[19] A. Doegar and Sivasankar M, "On-demand digital signature schemes
using Multivariate Polynomial systems," 2015 International
Conference on Control, Instrumentation, Communication and
Computational Technologies (ICCICCT), Kumaracoil, 2015, pp. 393-
395.
[20] Russ Housley and Tim Polk. 2001. Planning for PKI: Best Practices
Guide for Deploying Public Key Infrastructure (1st. ed.). John Wiley
& Sons, Inc., USA.
[21] “NIST Special Publication 800-63,” 3. [Online]. Available:
https://pages.nist.gov/800-63-3/sp800-63-3.html. [Accessed: 09-Mar-
2020].
[22] P. W. Shor, "Algorithms for quantum computation: discrete
logarithms and factoring," Proceedings 35th Annual Symposium on
Foundations of Computer Science, Santa Fe, NM, USA, 1994, pp.
124-134.
[23] W.-Y. Hwang, K. Matsumoto, H. Imai, J. Kim, and H.-W. Lee,
“Shor-Preskill-type security proof for concatenated Bennett-Brassard
1984 quantum-key-distribution protocol,” Physical Review A, vol. 67,
no. 2, Oct. 2003.
[24] Y. Wang, H. Wang, Z. Li and J. Huang, "Man-in-the-middle attack on
BB84 protocol and its defence," 2009 2nd IEEE International
Conference on Computer Science and Information Technology,
Beijing, 2009, pp. 438-439.
[25] “Quantum computing,” Microsoft. [Online]. Available:
https://www.microsoft.com/en-us/quantum. [Accessed: 10-Feb-2020].
[26] “AWS Announces General Availability of Amazon Quantum Ledger
Database (QLDB),” Amazon.com, Inc. - Press Room. [Online].
Available: https://press.aboutamazon.com/news-releases/news-
release-details/aws-announces-general-availability-amazon-quantum-
ledger. [Accessed: 10-Feb-2020].

Electronic copy available at: https://ssrn.com/abstract=3565438

View publication stats