Dangers of quantum hacking
|Richard Harris in Security Tuesday, February 11, 2020|
Active Cypher has built a password-hacking quantum computer to demonstrate the dangers of quantum hacking. Processor-heavy brute force hacking techniques can, unfortunately, be accomplished much faster and with readily available hardware paired with new software.
Active Cypher has built a password-hacking quantum computer to demonstrate the dangers of quantum hacking.
Using $600 worth of hardware parts easily purchased online or at a local electronics store, Active Cypher’s founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs recently open-sourced quantum algorithms capable of executing within a quantum emulator that can perform cryptographic cracking algorithms. Calculations that would have otherwise taken years on conventional computers are now performed in seconds on QUBY.
With recent quantum computing advances such as QUBY, processor-heavy brute force hacking techniques can, unfortunately, be accomplished much faster and with readily available hardware paired with new software.
Gleason explains, “After years of foreseeing this danger and trying to warn the cybersecurity community that current cybersecurity protocols were not up to par, I decided to take a week and move my theory to prototype. I hope that QUBY can increase awareness of how the cyberthreats of quantum computing are not reserved to billion-dollar state-sponsored projects, but can be seen on much a smaller, localized scale.”
Cybersecurity experts are increasingly fearing that quantum computing will lead to the sunset of AES-256 (the current encryption standard), meaning all encrypted files could one day be decrypted. “The disruption that will come about from that will be on an unprecedented, global scale. It's going to be massive”, says Gleason. Modelled after the SADM, a man-portable nuclear weapon deployed in the 1960s, QUBY was downsized so that it also fits in a backpack and is therefore untraceable. Low-level 'neighbourhood hackers' have already been using portable devices that can surreptitiously swipe credit card information from an unsuspecting passerby. Quantum compute emulating devices will open the door for significantly more cyberthreats.
“The power of QUBY highlights the inherent vulnerabilities of most IT security infrastructures. The benefits of quantum computing will undoubtedly be numerous. Perhaps one-day quantum computing will find the cure for cancer, or even help develop solutions for world hunger. Yet it would be negligent to not fully appreciate the dangers of such technology falling into the hands of malicious actors,” says Mike Quinn, Active Cypher’s Chief Strategy Officer.
Active Cypher believes quantum-optimized algorithms and artificial intelligence will increasingly be used together in cracking the mathematically based cryptographic algorithms such as AES-256. While executing a massive superposition of possible outcomes to these algorithms requires a quantum device in the millions of qubits—the largest quantum computer today has a mere 72 qubits—similar results can be derived with quantum-optimized algorithms executing within a computer emulator running on consumer gaming video cards (same as crypto mining rigs). Quantum emulators like QUBY, running highly optimized cracking algorithms will computationally accelerate the cracking of contemporary encryption algorithms.
“The sanctity of conventional encryption is dead. QUBY represents the probable threat to our data in the future. We are already seeing hackers store stolen encrypted data, waiting for the day that they can use quantum computers to decrypt those files. From healthcare records to financial statements to diplomatic cables, everything is vulnerable. Governments, businesses, and consumers alike need to take action today to protect their data tomorrow,” says Caspian Tavallali, Active Cypher’s COO.
In response to the dark reality of quantum hacking, Active Cypher has developed advanced dynamic cyphering encryption that is built to be quantum resilient. Gleason explains that "our encryption is not based on solving a mathematical problem. It’s based on a very large, random key which is used in creating the obfuscated cyphertext, without any key information within the cyphertext, and is thus impossible to be derived through prime factorization—traditional brute force attempts which use the cyphertext to extract key information from patterns derived from the key material.
Active Cypher's completely random cyphertext cannot be deciphered using even incomprehensibly large quantum computers since the only solution to cracking the key is to try every possible combination of the key, which will produce every known possible output of the text, without knowledge of which version might be the correct one. In other words, you’ll find a greater chance of finding a specific grain of sand in a desert than cracking this open”, says Gleason.