Taking the Quantum Leap in Cybersecurity

Today marks the one-year anniversary of the Executive Order on Enhancing the National Quantum Initiative Advisory Committee, which was issued on May 4th, 2022. The U.S. government demonstrated their seriousness in advancing quantum computing and cybersecurity through this order. It establishes the National Quantum Initiative Advisory Committee, which aims to advise the President, the Subcommittee on Quantum Information Science, and the Subcommittee on Economic and Security Implications of Quantum Science.


As the field of quantum computing advances, cybersecurity professionals, including red team members and ethical hackers, need to adapt to new challenges and opportunities. This blog post provides a technical overview of quantum computing, its implications for encryption, and the challenges and opportunities for cybersecurity professionals in the quantum era.



Quantum Computing: A Technical Primer

Quantum computing leverages the principles of quantum mechanics to perform computations that are exponentially faster than classical computers. Instead of using bits, quantum computers operate with qubits, which can exist in multiple states simultaneously due to the phenomenon of superposition. Furthermore, qubits can be entangled, allowing for a higher degree of correlation between qubits and enabling faster and more efficient computations.



Impact on Encryption

Quantum computing poses a significant threat to traditional encryption methods—particularly public key cryptography, which relies on the computational complexity of factoring large numbers or solving discrete logarithm problems. Quantum algorithms like Shor's algorithm can break these cryptographic schemes in polynomial time, rendering them insecure. Symmetric encryption algorithms like AES, are also affected, but to a lesser extent, as quantum computers can only achieve a quadratic speedup using Grover's algorithm.



Preparing for Post-Quantum Cryptography

To address the potential threats posed by quantum computing, researchers are developing post-quantum cryptographic algorithms that are resistant to quantum attacks. The National Institute of Standards and Technology (NIST) has initiated a standardization process to identify and evaluate quantum-resistant cryptographic algorithms. Some of the proposed post-quantum cryptography approaches include:


  1. Lattice-based cryptography: This approach relies on the hardness of problems, such as the Shortest Vector Problem (SVP) and Learning With Errors (LWE) problem, which are believed to be resistant to both classical and quantum attacks.
  2. Code-based cryptography: This method is based on error-correcting codes and their associated decoding problems, such as the McEliece and Niederreiter cryptosystems.
  3. Multivariate cryptography: These schemes rely on the difficulty of solving systems of multivariate polynomial equations over finite fields.



Challenges and Opportunities for Cybersecurity Professionals in the Quantum Era

As quantum computing advances, cybersecurity professionals must adapt to new challenges and opportunities. These include:


  1. Acquiring a deep understanding of quantum computing principles and algorithms: Cybersecurity professionals should invest time and effort in learning quantum computing concepts to anticipate potential threats and vulnerabilities. This includes understanding the fundamentals of qubits, superposition, and entanglement, as well as quantum algorithms like Shor's and Grover's algorithms.
  2. Gaining familiarity with post-quantum cryptographic algorithms: Cybersecurity professionals need to stay updated on the latest developments in post-quantum cryptography. This involves assessing the security properties and practical applications of various post-quantum cryptographic algorithms, such as lattice-based, code-based, and multivariate cryptography, as well as understanding their strengths and weaknesses.
  3. Developing and implementing quantum-resistant security protocols: Professionals should focus on integrating quantum-resistant encryption and security protocols into existing and future systems. This may involve replacing vulnerable public-key cryptosystems with quantum-resistant alternatives and increasing the key lengths of symmetric encryption algorithms to mitigate the risks posed by quantum computing.
  4. Collaborating with industry, academia, and government agencies: It is important to engage in partnerships and collaborations to foster research, development, and standardization efforts in post-quantum cryptography. This includes participating in industry conferences, workshops, and working groups, as well as contributing to open-source projects and initiatives focused on quantum-resistant cryptography.
  5. Training and education: As quantum computing becomes more prevalent, it is crucial for cybersecurity professionals to invest in continuous learning and professional development. It may be valuable to participate in training programs, obtain relevant certifications, and attend workshops and conferences focused on quantum computing and post-quantum cryptography.


Quantum computing has the potential to revolutionize the cybersecurity landscape by challenging traditional encryption methods. By expanding their knowledge of quantum computing, embracing new encryption techniques, and collaborating across sectors, cybersecurity professionals can ensure they are well-prepared to face the challenges and opportunities presented by this emerging technology. Staying proactive and adaptive is crucial in the ever-evolving cybersecurity landscape, and quantum computing is no exception.

Consultant II | Optiv
Preet Patel is a seasoned professional with over five years of comprehensive experience in the domains of application and penetration testing. He has worked with a diverse range of industries, including the banking sector and Fortune 500 corporations, where he has developed and honed his skills. As a subject matter expert (SME), Preet possesses extensive expertise in designing and implementing phishing campaigns, conducting network and physical security assessments, and integrating IoT devices into variable assessments. He excels in various areas of specialization, including but not limited to Penetration Testing, Network Security, Read Team Exercises, Web Application Testing, Web and Interactive Design, and Project Management. Fun Fact: Preet is also a licensed pilot.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.