News

Microsoft Says Prep Now for Quantum Computing Enabled Attacks

• By Kurt Mackie
• 11/03/2023

Organizations can prepare today for future attacks that could be enabled by breakthroughs in quantum computing, Microsoft suggested, in a Nov. 1 post.

To that end, Microsoft wants organizations to fill out a questionnaire that will help Microsoft "understand your status and priorities, and provide the necessary support, including access to experts." Microsoft also noted it is investing in a CodeQL "program code analysis tool" that promises to deliver "a cryptographic bill of materials and identify legacy cryptography that requires remediation."

Microsoft "recently launched the Crypto Experience for Azure Quantum Resource Estimator" as well, which is integrated with Copilot in Azure Quantum's generative artificial intelligence capabilities. The Estimator tool lets organizations inquire about the safety of currently used public keys.

The use of "symmetric algorithms" is currently deemed to be "resilient to quantum attacks," the announcement indicated:

Symmetric algorithms, such as Advanced Encryption Standard (AES), and hash functions, such as Secure Hash Algorithm (SHA), are resilient to quantum attacks, and can therefore still be used in deployed systems. At Microsoft, we are already using protocols based on symmetric encryption, such as Media Access Control Security (MACsec) point-to-point protocol.

Microsoft's announcement echoed a May 31 post by Charlie Bell, Microsoft's executive vice president for security, that explained "how quantum computing could upend encryption." It explained that current encryption is based on "the RSA algorithm that's been in use since the 1970s." RSA relies on computers having to find the factors of very large numbers to break encryption, which is "a task that would take traditional computers millions of years to solve." However, quantum computers, "using Shor's algorithm," could solve such problems "in mere minutes."

Bell explained that current quantum computers aren't quite up to the task, as they'd need to handle "more than a million stable qubits -- thousands of times more than today's quantum computers." However, such machines are "on the way" and could be used by "bad actors." While Microsoft plans to offer quantum computing services via its Azure datacenters, it also plans to have controls in place to avoid malicious use.

Both of Microsoft's announcements, though, warned that attackers may already preparing for such a coming quantum breakthrough. These attackers are said to be practicing "harvest now, decrypt later" activities.

"For these reasons, we must start preparing and acting now, because the transition to become quantum safe for most organizations will take time," Bell wrote.

Organizational efforts to avoid the risks posed by advances in quantum computing will be "a significant undertaking" for most organizations," and so "the sooner you start, the safer you'll be," Bell indicated. Organizations should begin by "creating an inventory of critical data and cryptography technologies," he added.

Microsoft has already been helping "several customers and partners, notably those in risk-sensitive industries" with their transition strategies to becoming quantum safe, Bell indicated.