Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Is Quantum Computing This Generation's Y2K?
I have a clear memory of December 31, 1999, when the world held its collective breath as the clock ticked down to the new millennium. Were we prepared, or would the doomsday predictions of chaos following a worldwide breakdown of computer infrastructures come to pass? As we now know, midnight came and went and as the sun rose in the east, all was well. Twenty-plus years on from the millennium bug, could developments in quantum computing be this generation's Y2K event? At least with Y2K, we knew when it would happen.
The computer hardware and software we use today operate on a binary number system, combinations of ones and zeroes used in programing code and mathematical formulas ranging from the simple to complex. These binary digits, known as bits, form the basis of digital data. To protect digital data from being manipulated in unauthorized ways, various levels of encryption are employed for data storage and transmission, with 2048-bit RSA cryptography being one of the most common formats. RSA cryptography uses a combination of a public encryption key to transmit data and a private decryption key held by the receiver. (RSA stands for Rivest, Shamir, Adleman—the names of the creators.)
"Man in the middle" attacks occur when cybercriminals intercept secure data transmissions and private decryption keys, often through phishing, malware, and Wi-Fi eavesdropping. While not unbreakable, 2048-bit RSA encryption is considered nearly impenetrable because traditional computers have limitations in their processing capabilities. Estimates for the time it would take for a computer using today's most robust processing capabilities to decrypt a 2048-bit algorithm run from several hundred million to several hundred billion years.
However, quantum computing has the theoretical ability to perform this same calculation in a matter of seconds, minutes, or hours. For this reason, quantum computing has the potential to create significant disruption in data security across all public and private industries.
Unlike traditional computing's use of a binary system, quantum computing uses quantum bits, or qubits, as the basic unit of quantum data. Often compared to the physics theory of Schrödinger's cat, where the cat can be simultaneously alive and dead, qubits can have more than one value at the same time, referred to as superposition, where the qubit travels all possible paths at once. In traditional computing, a bit is either a one or a zero. In quantum computing, a qubit can be both a one and a zero at the same time. Qubits and superposition form the foundation of quantum computing and are the source of its never-before-seen processing power.
In the next 20 years, quantum computing capabilities may likely reach the point that 2048-bit RSA encryption is no longer secure, leaving public and private industries exposed. In 2016, the Computer Security Resource Center of the National Institute of Standards and Technology, a division of the U.S. Department of Commerce, initiated work to develop post-quantum cryptography standards. The goal of this work is to develop encryption algorithms that protect systems against attacks from both traditional and quantum computers. Interoperability with existing communications protocols and networks is an additional goal of the Computer Security Resource Center's work.
The potential risks of quantum computing touch all industries, businesses, and consumers, underscoring the need to be informed and risk-aware. Is quantum computing on your organization's information security radar? Are steps being taken to determine your organization's quantum computing risks? Or are we all just holding our collective breath?