When qubits gossip (security nightmares)¶

Security in quantum computing is what happens when you take the already nightmarish landscape of classical cybersecurity and add the fundamental weirdness of quantum mechanics. Every principle that made security comprehensible gets replaced with something from theoretical physics, and every solution comes with footnotes that begin with “assuming perfect implementation” or “in the absence of side channels.”

Quantum systems promise unbreakable encryption through quantum key distribution, which would be marvellous if it worked reliably outside laboratories and didn’t cost the GDP of a medium-sized nation to implement. They also threaten to break all existing public-key cryptography once quantum computers become powerful enough, which has sparked a frantic scramble to invent post-quantum algorithms before that particular disaster arrives.

Meanwhile, the actual security of quantum systems involves problems that classical security never had to consider. How do you audit computations that collapse when observed? What’s the data retention policy for information that exists in superposition? If qubits are entangled across your infrastructure, does compromising one automatically compromise its entangled partners? These questions keep security researchers awake at unfortunate hours, staring at whiteboards covered in equations and wondering if perhaps a career in accountancy might have been simpler.

Quantum key distribution or unbreakable, theoretically¶

Quantum key distribution, or QKD, is cryptography’s answer to the question “what if we made security depend on the laws of physics instead of the difficulty of mathematics?” The theory is beautiful. Two parties share quantum states, typically photons, and use their quantum properties to establish a shared secret key. Any eavesdropper trying to intercept these quantum states inevitably disturbs them due to the measurement problem, alerting the legitimate parties to the intrusion.

This is security through quantum mechanics rather than computational complexity. It doesn’t matter how powerful your adversary’s computers are because the laws of physics prevent undetected eavesdropping. No amount of quantum computing can break QKD because the security comes from quantum mechanics itself. It’s elegant, theoretically sound, and has been demonstrated successfully in numerous laboratory conditions.

The practical reality is less inspiring. QKD requires specialised quantum communication channels, typically optical fibres or free-space laser links, that must maintain quantum coherence over their entire length. Any loss, noise, or interference degrades the quantum signal until it’s unusable. Current systems work over distances of a few hundred kilometres in ideal conditions, which is impressive for quantum technology but less impressive when you consider that the internet spans the globe.

The equipment is expensive, temperamental, and requires careful calibration. The key generation rates are limited by the fragility of quantum states and the difficulty of single-photon detection. Side-channel attacks targeting the implementation rather than the quantum protocol remain possible. A slightly misaligned detector, a poorly characterised photon source, or even acoustic vibrations in the laboratory can undermine the theoretical guarantees.

Several companies offer commercial QKD systems, mostly for high-security applications like banking and government communications. These systems work, within their limitations, but they haven’t replaced classical key distribution for the same reason the Watch hasn’t replaced all its officers with trained attack dogs. The specialised solution is impressive but not practical for general deployment, and the classical alternatives are considerably cheaper while providing adequate security for most purposes.

The other challenge is that QKD only handles key distribution. Once you’ve established a quantum-secure key, you still need classical encryption, classical authentication, and classical security practices. If your endpoint is compromised by malware, no amount of quantum security helps. QKD protects one specific attack vector while leaving everything else vulnerable, which is useful but not a comprehensive solution.

Post-quantum cryptography or preparing for when quantum computers break everything¶

Most modern encryption relies on mathematical problems that classical computers find intractably difficult. RSA depends on the difficulty of factoring large numbers. Elliptic curve cryptography depends on the discrete logarithm problem. These provide adequate security against classical attacks because breaking them requires computational resources that exceed what any classical computer can provide within a reasonable timeframe.

Quantum computers, once they’re powerful enough, will break these schemes efficiently using Shor’s algorithm. A sufficiently large quantum computer could factorise the numbers protecting RSA encryption in hours rather than millennia. Everything currently secured by public-key cryptography becomes immediately vulnerable. Bank transactions, encrypted communications, digital signatures, and most of the security infrastructure of modern civilisation would need replacement.

This hasn’t happened yet because current quantum computers are nowhere near powerful enough. Breaking 2048-bit RSA requires millions of stable, error-corrected qubits performing trillions of gate operations. We currently have dozens of noisy qubits performing thousands of operations before errors overwhelm the computation. The timeline for cryptographically relevant quantum computers is uncertain, with estimates ranging from “never” through “twenty years away” to “maybe sooner than we’d like.”

Given the uncertainty and the catastrophic consequences of being wrong, the cryptographic community is developing post-quantum cryptography. These are classical algorithms designed to resist attacks from both classical and quantum computers. They rely on mathematical problems like lattice-based cryptography, code-based cryptography, and multivariate polynomial equations that remain difficult even for quantum algorithms.

NIST has been running a standardisation process for post-quantum algorithms, evaluating candidates for key exchange, digital signatures, and encryption. Several algorithms have been selected and are being integrated into standards and implementations. The migration is happening now, while quantum computers remain theoretical threats, because transitioning global cryptographic infrastructure takes years and waiting until the threat is imminent would be catastrophic.

The challenge is that post-quantum algorithms tend to have larger key sizes, slower operations, or both compared to current standards. They’re workable but not as elegant or efficient. Some algorithms have been broken during the evaluation process when researchers found unexpected vulnerabilities, which is exactly why we’re doing this now rather than under emergency conditions when quantum computers arrive.

There’s also the question of “harvest now, decrypt later” attacks. Adversaries with sufficient resources might be recording encrypted communications now, storing them until quantum computers become available, then decrypting everything retrospectively. Any sensitive information with long-term value needs protection against future quantum attacks, not just current classical ones. This makes the timeline for post-quantum adoption rather urgent despite the theoretical nature of the quantum threat.

Data leakage through entanglement¶

Entanglement is quantum mechanics being peculiar about correlations. When qubits are entangled, measuring one instantaneously affects the other regardless of distance. This is useful for quantum algorithms and quantum communication, and it’s a security nightmare when you start thinking about information leakage.

If your sensitive data is processed using entangled qubits, and some of those qubits are accessible to an adversary, what information can they extract? The answer depends on the specific entanglement structure and what measurements are performed, but “possibly quite a lot” is the general concern. Entanglement creates correlations that don’t have classical analogues, and securing systems against information leakage through these correlations requires understanding quantum information theory.

Consider a quantum cloud computing scenario where multiple users share access to the same quantum processor. Their qubits might become inadvertently entangled through imperfect isolation or crosstalk between quantum operations. An adversary running computations on the same hardware might extract information about your quantum states through carefully designed measurements of their own qubits. Classical side-channel attacks are well-understood. Quantum side-channels involving entanglement are still being characterised.

The difficulty is that entanglement isn’t something you can simply prevent. It’s fundamental to how quantum systems work and essential for many quantum algorithms. Isolating qubits perfectly would eliminate useful entanglement along with dangerous entanglement. You need quantum firewalls that can distinguish between legitimate entanglement within your computation and illegitimate entanglement with external systems, which is considerably harder than it sounds.

Research into quantum isolation, secure multi-party quantum computation, and quantum access control is ongoing. The solutions involve quantum error correction, authenticated quantum channels, and protocols for verifying that entanglement is confined to intended participants. None of this is straightforward, all of it requires quantum resources and expertise, and the practical implementations remain distant.

Until then, quantum computing platforms implement classical security measures and hope that quantum isolation is sufficient. They physically separate different users’ qubits, they carefully control what operations are permitted, and they monitor for anomalous behaviour. Whether this provides adequate security against determined adversaries with quantum expertise remains an open question that security researchers would very much like answered before it becomes urgent.

The measurement problem or observing equals interfering¶

Classical auditing is straightforward in principle. You record what the system did, you check those records against policies and expectations, and you can do this without affecting the computation. Observing a classical bit doesn’t change its value. Reading classical logs doesn’t alter what happened.

Quantum auditing encounters the measurement problem. Observing a quantum state collapses it, irreversibly destroying the quantum information. You cannot audit a quantum computation in progress without disrupting it. You cannot log intermediate quantum states without measuring them, which prevents the computation from continuing coherently. Any attempt to verify what the quantum computer is doing interferes with it doing that thing.

This creates fundamental difficulties for security auditing, debugging, and verification. How do you verify that a quantum computation was performed correctly if observing it prevents it from being performed at all? How do you detect unauthorised access to quantum states when checking for such access destroys the states? How do you maintain audit trails when the act of creating comprehensive logs undermines the computation you’re trying to audit?

The partial solutions involve measuring only certain qubits, using quantum error correction to create redundancy that allows some measurements without complete state collapse, or designing quantum circuits that include built-in verification steps. None of these provide the comprehensive observability that classical security auditing expects.

You can audit the classical control systems that drive the quantum computation. You can verify that the correct quantum gates were requested and that the measurement results match expectations. You can use cryptographic protocols to prove that quantum computations were performed correctly without revealing the quantum states themselves. But you cannot simply watch what the quantum computer is doing in the way you’d monitor classical computations.

This limitation affects incident response as well. If you suspect a quantum system has been compromised, investigating thoroughly might require measurements that destroy evidence or disrupt ongoing computations. You’re forced to choose between preserving the quantum states for their intended purpose and observing them to verify security. Classical forensics doesn’t face this trade-off because observation is passive.

The measurement problem isn’t a bug in quantum mechanics that might be fixed with better technology. It’s fundamental to how quantum systems work. Security practices for quantum computing must accept that perfect observability is impossible and develop approaches that work despite this limitation. Progress is being made, but the solutions are considerably more complicated than “just log everything,” which is already complicated enough in classical systems.

Audit trails that look like mystical runes¶

Suppose you’ve managed to extract some audit information from your quantum system without completely disrupting it. Congratulations. You now have logs that look like measurements of quantum observables, recorded in the language of linear algebra and quantum information theory. The audit trail exists, but interpreting it requires a PhD in quantum mechanics and considerable patience.

Classical audit logs are readable by security professionals with appropriate training. They record events like “user X accessed resource Y at time Z” in formats that humans and analysis tools can interpret. Quantum audit logs record things like “measurement of observable Ô yielded eigenvalue λ₃ with probability 0.73” and require translation into security-relevant events.

What does a particular pattern of measurement outcomes indicate about security? Was that unexpected correlation evidence of entanglement-based data leakage or just quantum noise? Did that sequence of gates represent normal computation or an attempted attack on quantum error correction? The answers require understanding both the quantum algorithms being executed and the quantum mechanical principles underlying them.

Automated analysis tools for quantum audit trails barely exist because quantum computing itself barely exists. The field hasn’t established standard formats for quantum security logs, best practices for quantum forensics, or training programmes for quantum security analysts. Classical security operations centres have decades of accumulated knowledge about normal versus suspicious behaviour. Quantum security is still figuring out what questions to ask.

The practical approach is to audit the classical infrastructure surrounding quantum computations. Monitor access to quantum resources, log which quantum circuits were submitted for execution, verify that outputs match expected probability distributions, and alert on anomalies. This provides indirect evidence of quantum security without requiring deep quantum mechanical analysis of every qubit operation.

Some quantum platforms are developing higher-level abstractions that present security information in more digestible formats. Instead of raw measurement outcomes, you get summaries like “quantum key distribution completed successfully” or “entanglement verification failed for qubits 7 and 12.” These abstractions hide the quantum details while providing actionable security information.

The long-term solution requires training security professionals in quantum information theory, developing automated tools that can interpret quantum measurements in security contexts, and establishing standards for quantum security logging. Until then, quantum audit trails remain cryptic to most security teams, readable only by specialists and not particularly useful for real-time security monitoring.

GDPR provides individuals with rights over their personal data, including the right to access, correct, and delete information. These rights assume data exists in a defined state that can be located, examined, and modified. Quantum computing introduces complications when data might exist in superposition, entangled with other data, or distributed across quantum registers in ways that don’t have classical analogues.

Consider the right to erasure, where individuals can request deletion of their personal data. Deleting classical data is straightforward in principle. Deleting quantum data requires measuring and resetting qubits, which destroys any superposition but might leave information in entangled qubits elsewhere. If your personal data is entangled with someone else’s data in a quantum machine learning model, can it be deleted without affecting other individuals’ data? The quantum mechanics suggests this is difficult or impossible.

The right to data portability requires providing individuals with their personal data in a structured, commonly used, and machine-readable format. What format does that take for data existing in quantum superposition? You could measure the quantum state and provide classical bits, but that measurement destroys the quantum information and might not represent what the data “was” before observation. Quantum states aren’t directly observable in their entirety, only through measurements that collapse them.

The right to rectification becomes peculiar when data exists in superposition. If your personal data is in a state that’s simultaneously multiple values until measured, which value should be corrected? Do you correct all branches of the superposition? Does correction require measurement first, which collapses the state?

The practical answer is that most quantum ML systems process classical data with quantum computers, not quantum data directly. Your personal information exists as classical bits that get encoded into quantum states temporarily, processed, then measured back into classical bits. The quantum intermediate states might be technically in superposition, but the input and output are classical, and GDPR compliance operates at those classical boundaries.

For genuine quantum data, like quantum keys from QKD or quantum states in quantum communication, GDPR compliance requires additional consideration. The data protection authorities haven’t provided specific guidance because quantum computing isn’t yet widespread enough to demand it. Early adopters are navigating this uncertainty with legal advice, abundant caution, and the hope that clearer regulations will emerge before quantum computing becomes commonplace.

The safest approach is treating quantum processing as a black box transformation. Classical personal data enters, undergoes quantum processing that temporarily creates quantum states, and classical results emerge. GDPR rights apply to the classical inputs and outputs. The quantum intermediate states, existing for microseconds in isolated quantum computers, aren’t persistent records subject to data protection law. Whether this interpretation holds up under legal scrutiny remains untested, but it’s the working assumption for now.

Security in quantum computing remains in its adolescence, full of theoretical understanding and practical uncertainty. The principles are clear but the implementations are challenging, expensive, and not yet proven at scale. Classical security took decades to mature and still suffers regular catastrophic failures. Quantum security is starting from scratch with additional complications from quantum mechanics. Optimism should be tempered with realism, and any deployment should be approached with the healthy paranoia that characterises good security practice, possibly augmented with knowledge of quantum information theory and access to several aspirin.