Post-QuantumQuantum ComputingQuantum Networks

Quantum Hacking: Cybersecurity of Quantum Systems

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email November 19, 2024
21 minutes read
Cybersecurity of Quantum Systems
Cybersecurity of Quantum Systems

Introduction

Quantum technologies – from quantum computers to quantum communication systems – promise unprecedented capabilities and security. Quantum key distribution (QKD) is often advertised as “unhackable” because any eavesdropping is supposed to be revealed by the laws of physics. Similarly, quantum computers are powerful but delicate devices, leading some to believe they are secure by their very nature. However, no system is truly unhackable; even quantum systems have vulnerabilities. In theory, quantum cryptography offers provable security, but in practice implementation flaws and side-channels can be exploited​​. This article explores how quantum computers and communication systems can be hacked, examining known attack vectors, real-world exploits, and the broader security risks facing emerging quantum technologies. I will also discuss mitigation strategies and future implications for securing quantum systems.

Hacking Quantum Computers

Quantum computers operate with qubits in fragile superposition and entangled states. They require ultra-stable environments and error correction to function. While these machines are not yet widespread, it is never too early to consider their cybersecurity​​. As quantum computing moves into cloud platforms and multi-user environments, attackers will undoubtedly seek ways to exploit them. Below I’ll outline key attack vectors on quantum computing hardware and software:

Attack Vectors on Quantum Hardware

Quantum hardware is highly sensitive to environmental disturbances. An attacker who can influence the physical environment of a quantum processor may induce decoherence or errors in qubits, disrupting computations or causing malfunction. For example, quantum devices are heat- and noise-sensitive, so an attacker could introduce excess heat or electromagnetic noise to force errors or even a shutdown – a form of denial-of-service (DoS) attack​. Researchers note that any system failure, even unintended, can provide an opening for exploitation​. In practice, this means a malicious actor could deliberately nudge a quantum computer out of its required operational parameters (e.g. by subtle vibration, temperature change, or electromagnetic interference), causing qubits to collapse and computations to fail. Because current quantum computers (in the NISQ era) have only rudimentary error correction, they are vulnerable to well-timed faults introduced from the environment.

Another attack vector is direct qubit manipulation. If an adversary has access (or insider presence) at the hardware level, they might tamper with control signals or qubit settings. For instance, superconducting qubits are controlled by microwave pulses – an attacker injecting their own signal at the right frequency could alter qubit states or gate operations. Similarly, in trapped-ion systems, perturbing the laser controls could encode wrong operations. Even without direct access, a skilled attacker might use devices that emit resonant frequencies to disturb qubits. These fault-injection attacks on quantum processors have begun to be classified in research literature​, highlighting scenarios where an attacker purposefully introduces errors into quantum operations. Such induced faults could corrupt the computation or even force the quantum program into an insecure state. In summary, while one cannot simply “install malware” on a quantum bit, one can physically or electronically manipulate the delicate analog parameters that qubits depend on.

Exploiting Quantum Error Correction Weaknesses

Fully fault-tolerant quantum computers are still theoretical, but early forms of quantum error correction are being implemented to stabilize qubits. These error-correcting codes assume certain error models (like random bit-flips or phase-flips). A savvy attacker could exploit this by introducing errors outside the expected model or at rates beyond the correction threshold. If the error correction thinks everything is within tolerance while an attacker has actually corrupted a logical qubit, the system could produce incorrect results or leak information without immediate detection. In classical cybersecurity, similarly, attackers often exploit corner cases that error-correcting codes or checksums don’t catch.

Researchers caution that as we design quantum error-correction and interface circuits, we must consider security from the start, not just functionality​. For example, quantum-classical interface chips (FPGAs, ASICs, etc.) that orchestrate error correction could have vulnerabilities. If an attacker compromises the classical control software or firmware that manages error syndrome measurements and corrections, they might intentionally feed bad correction data to the quantum hardware. Such an attack could flip logical qubits or subtly introduce biases. Fault-tolerant failures can also be induced by correlated errors: error correction assumes independent errors on different qubits, but an attacker who can simultaneously perturb many qubits (e.g. via a common power supply or control line) might cause a cascade of errors that overwhelm the code. In summary, while quantum error correction improves reliability, it is not a security silver bullet – a determined attacker may find ways around it, just as they do with classical error-correcting systems. Ongoing research is exploring how fault injection attacks could target quantum error-corrected systems​, underlining the need for robust monitoring and anomaly detection even in “corrected” quantum computations.

Side-Channel Attacks on Quantum Processors

Just like classical chips, quantum processors can inadvertently leak information through side-channels. These are indirect pathways such as timing, power consumption, electromagnetic emissions, or crosstalk between qubits that an attacker can measure to infer secrets. One recent study demonstrated power-based side-channel attacks on cloud quantum computers: by analyzing the power usage or the control pulses sent to a quantum machine, attackers could reverse-engineer the quantum circuit being executed. Essentially, the fluctuations in power or electromagnetic signals when certain quantum gates are applied can act as a fingerprint of the algorithm. In a cloud scenario, a malicious insider at the data center (or potentially a co-located user process) could capture such side-channel data. Researchers showed that by monitoring the patterns of control pulses, they could reconstruct the sequence of quantum gates and even glean the secret algorithm or input data being run​. This is analogous to classical CPU side-channel attacks (like power analysis on encryption algorithms), now extended to the quantum realm.

Another demonstrated side-channel involves readout crosstalk in multi-user quantum processors. In superconducting qubit systems, multiple qubits often share readout circuitry. If two users run programs on different qubits of the same device, imperfections can cause a form of crosstalk where the readout signals influence each other. A 2023 study found that such crosstalk-induced errors can be correlated and exploited: an attacker running a cleverly crafted circuit on their qubits could observe the error patterns and thereby predict the states of a victim user’s qubits​​. This means if quantum cloud providers ever allowed true simultaneous multi-tenant usage (to increase throughput), one user’s job might spy on another’s results through the analog side-channel. Currently most cloud platforms time-slice access (one user at a time) to avoid this, but as demand grows, pressure to multiplex might increase the risk. Other potential side-channels include electromagnetic radiation leaking from high-frequency control lines or even acoustic vibrations in ion trap systems – any unintended coupling that carries information. While no acoustic attack has been publicized yet, the history of classical computing suggests that if a signal exists, attackers will try to exploit it. In summary, quantum computers are not magically immune to side-channels: their hybrid classical-quantum control interfaces offer new side-channel surfaces that researchers are only beginning to explore​.

Security Risks in Quantum Cloud Computing

The advent of quantum cloud services (IBM Quantum, Amazon Braket, etc.) introduces classical cybersecurity issues into quantum tech. In a typical setup, users submit quantum programs over the internet to remote quantum hardware. This hybrid environment means a lot of classical infrastructure (APIs, software, servers) surrounds the quantum core. Attackers could target these classical components using familiar methods (malware, API exploitation, etc.) to gain unauthorized access to quantum jobs or data​. For instance, if an attacker penetrates the classical network of a quantum cloud, they might extract sensitive results of another user’s quantum computation (e.g. a proprietary algorithm output). The interface between classical and quantum is literally a gateway that could be hijacked​. A quantum computer might be secured in a cryogenic lab, but its job queue and control electronics could be just another IT system if not properly hardened.

Multi-user quantum cloud setups also raise concerns of compute theft. Quantum computing time is expensive and scarce; an attacker who gains access (through credential theft or cloud vulnerabilities) might hijack quantum computing resources, akin to how botnets hijack classical computers for illicit mining or spam​. There is national security concern that a hostile actor could steal quantum processing time to run their own algorithms (for cracking cryptography, for example) or deny service to legitimate users. Additionally, quantum cloud providers must guard against insiders – a malicious technician could conceivably alter the calibration of the machine or insert tapping devices on control lines, undermining the security of all users. Insider threats are not hypothetical: the NSA has pointed out that QKD networks, for example, add insider threat risks due to the need for specialized infrastructure and relay nodes​, and the same logic applies to quantum computing facilities.

Finally, consider the supply chain: Quantum hardware components are specialized and not widely audited for security. If an adversary sabotages a component (say, a control chip with a backdoor that introduces subtle errors), the quantum computer could be compromised at manufacture. Trusting hardware from potentially adversarial sources is a classical problem magnified in quantum tech due to the complexity and few suppliers. In summary, early-stage quantum computing carries many of the same security woes as classical cloud computing – and some new ones. Lax security on the classical side can completely undermine quantum computations​​, no matter how unhackable the quantum logic may seem. It’s critical that quantum cloud providers implement strong authentication, encryption, and monitoring to prevent traditional cyberattacks from giving hackers a foothold into quantum systems.

Hacking Quantum Communication Systems (QKD)

Quantum communication, particularly Quantum Key Distribution (QKD), is frequently touted as offering “unbreakable” encryption keys guaranteed by physics. In theory, any eavesdropper on a quantum key exchange (say between Alice and Bob) will disturb the quantum states (photons) and thus be detected. Indeed, researchers and media often claim quantum links are theoretically impossible to hack​. However, practical QKD systems have proven far from invincible. Real-world quantum links rely on physical devices – lasers, fiber optics, single-photon detectors – which have imperfections that clever attackers can exploit. Over the past two decades, scientists (acting as hackers) have demonstrated numerous attacks on QKD protocols and hardware. These “quantum hacks” do not break the underlying quantum physics; instead, they exploit gaps between the idealized theory and the actual implementation​​. Let’s examine major categories of attacks on quantum communications:

Attacks on QKD Protocols and Implementation

In a perfect quantum protocol like BB84, any attempt by Eve (an eavesdropper) to intercept the key would introduce errors alerting Alice and Bob. But if Eve can cheat the protocol by bending the rules, she may obtain information without leaving a trace. One example is the intercept-resend attack: Eve intercepts each quantum bit from Alice, measures it (this randomizes it), and then sends her own photon to Bob pretending to be Alice. Normally, the increased error rate would tip off Bob and Alice. However, variants of this idea, called faked-state attacks, try to fool Bob into accepting tampered photons. For instance, Eve can send specially prepared light pulses to Bob that mimic the statistics of what Bob expects from Alice, thus evading some security tests​. Researchers have also devised phase-remapping attacks, where Eve exploits how Alice encodes quantum states, to gain information without detection​. These are advanced protocol-level attacks requiring knowledge of the QKD system design.

Another classical avenue is attacking the random number generators (RNGs) that drive choices in QKD. QKD requires true random choices of basis and bit values. If the RNG is weak or biased, an attacker can predict or influence the key. In one case, a QKD network was compromised when researchers found the random number generator in use was flawed – it was reading from an entropy buffer faster than it was refilling, resulting in non-random patterns​​. This bug allowed the “unhackable” system to be hacked through a simple classical loophole. The fix was to patch the FPGA logic, but it illustrated that a single imperfect component can break the security of the entire quantum system​. The other fix, of course, is to use Quantum RNG.

In summary, QKD protocols assume certain ideal behaviors (truly random inputs, no information leakage except via the quantum channel, etc.). Attacks on the protocol often involve violating these assumptions: either by inserting an active device to impersonate a legitimate party or by exploiting a flaw in the system’s logic that isn’t covered by the quantum security proof.

Side-Channel Attacks on QKD Hardware

By far the most successful quantum hacks have been side-channel attacks on QKD hardware. As cryptographer Michele Mosca famously said, “You can’t attack the quantum code, but you can attack the setup.”​​ These attacks target the devices (detectors, lasers, optical components) used in QKD, finding ways to get information without triggering the built-in eavesdropper alarms. A textbook example is the detector blinding attack invented by Vadim Makarov and colleagues. In this attack, Eve exploits the vulnerability of single-photon detectors (often avalanche photodiodes). Makarov discovered that by shining a bright continuous laser into Bob’s photon detector, he could saturate and “blind” it so that it no longer detected single photons properly​. The detector is essentially forced out of its quantum-sensitive mode into a linear mode where it fails to notice the quantum bits. Eve then sends her own controlled light pulses to Bob timed to the original signals she intercepted from Alice. Bob’s blinded detector will click only when Eve wants it to – for example, Eve can tune it to register a “1” bit whenever Alice’s original bit was 1​. In this way, Eve intercepts Alice’s qubits, measures them, and forwards appropriate bright pulses to Bob to fool him. Crucially, because Bob’s detector is blinded, the normal quantum disturbance is bypassed, and Bob and Alice see no abnormal error rate​. Makarov’s team demonstrated this attack around 2010 on commercial QKD systems, fully stealing the key without detection​​. It was the first known complete QKD eavesdropping in practice, showing that “unhackable” claims were oversold.

Another ingenious hardware attack is the Trojan-horse attack (a term in QKD context for injecting light into the system to gather info). Here, Eve doesn’t just passively listen; she sends bright light into Alice’s or Bob’s device at times when the quantum signals aren’t being sent. For example, Eve can send a strong pulse into Alice’s transmitter in between the single-photon pulses. Some of that light will reflect off optics inside Alice’s setup and travel back to Eve. These reflections can carry information about the state of Alice’s preparation device (e.g. which basis setting Alice used)​​. By analyzing the returning light, Eve can glean the secret settings without directly intercepting the quantum key bits. Essentially, the Trojan-horse attack turns the QKD boxes into leaky objects – Eve “knocks” with a bright pulse and “listens” to the echoes. This attack does not require physical intrusion, only access to the fiber line, and it can go undetected unless countermeasures are in place. Countermeasures include isolating devices, using one-way isolators, or monitoring for unexpected incoming light at the transmitter. Indeed, one defense is for Alice to have a detector that checks for any incoming bright light and aborts if found​. Researchers demonstrated Trojan-horse attacks on real QKD hardware and showed they pose a serious threat if the equipment isn’t well shielded​.

Closely related are time-shift attacks and other timing-based side channels. One such attack, demonstrated by Hoi-Kwong Lo and colleagues, exploits how certain QKD systems use timing synchronization. In some protocols, Bob sends a timing signal to Alice so she knows when to send each photon. If Eve can slightly delay or advance this timing (for instance by adding extra fiber length or a timing offset), she can cause Alice’s quantum signal encoding to be off-sync​​. This time-shift attack effectively gives Eve information by making one basis measurement more likely to succeed than the other, without drastically raising the overall error rate. In Lo’s demonstration, Eve introduced small timing changes that caused biases in the key without alerting the users. Other attacks involve exploiting detector efficiency differences – e.g., making Bob’s detectors slightly more likely to click for one basis vs another, and using that bias to guess the key (a form of faked-state attack). These were shown in laboratory settings by several groups in the late 2000s​​.

Real-world case studies abound, underscoring that quantum comms are hackable if not carefully engineered. To highlight a few notable incidents and research demonstrations:

  • 2008: Researchers demonstrated a time-shift attack on a commercial ID Quantique QKD system, marking the first quantum hack on a non-laboratory system​. They managed to eavesdrop enough key bits by exploiting detector timing without triggering alarm thresholds.
  • 2010: Makarov et al. performed the bright-light blinding attack on two commercial QKD systems (one by ID Quantique and one by MagiQ Technologies), fully extracting the keys without detection​. This showed that the single-photon detectors could be remote-controlled by an attacker​. It generated widespread media coverage and forced QKD vendors to redesign their detectors.
  • 2015: A team executed a Trojan-horse attack on a quantum random number generator (QRNG) by shining light through a device’s ventilation openings. They biased the random output significantly. The same method was used on a QKD setup (ID Quantique Clavis2), where injected light leaked information about the secret key out through the vents​. This unconventional attack vector (through ventilation holes!) proved that even physical enclosures need to be scrutinized for light leaks.
  • 2020: Garcia-Escartin et al. published an attack injecting light via fiber maintenance ports or ventilation, managing to glean key information and disturb a QRNG​. They highlighted that any opening – even for cooling – can be abused by a “quantum burglar” with the right tools.
  • Ongoing: Side-channel attacks like monitoring the “backflash” light from detectors (tiny flashes emitted when a photon is detected) have been theorized​. If Eve can capture that backflash light, she might infer the photon’s state. Also, measuring the power consumption of the QKD devices during operation can reveal timing of bit generation, etc., giving additional clues​. These concepts are analogues of power side-channels in classical cryptography, now applied to quantum hardware.

In all these cases, the common theme is clear: the theoretical security of QKD holds only if the equipment adheres to the theoretical model. In practice, every hardware imperfection or oversight in design is a potential door for attackers. If real devices behave even slightly differently than the ideal models, it could leave them vulnerable to hackers​. Thus, quantum comm systems must be engineered with extreme care, and even then, continuous testing is needed to stay ahead of new attack techniques.

General Security Risks in Quantum Technologies

Beyond the specific attacks on quantum computers and QKD, there are broader security considerations as quantum tech matures. Quantum networks (which might carry entangled states between multiple nodes) will likely inherit many vulnerabilities that classical networks have, from denial-of-service to insider tampering​​. For instance, a quantum network still has classical control messages (for coordination and error checking) – if those are hacked, the quantum channel’s security can be undermined. A hacker who cannot break the quantum physics might simply target the endpoints or the nodes connecting the network. In essence, the entire chain is only as secure as its weakest link, which might be a classical computer or an unwary user. If a quantum-encrypted network connects two military sites, an adversary might find it easier to hack the classical authentication server or even bribe an insider than to directly attack the quantum channel. Human factors and operational security remain critical, even in a quantum future​​ – as one expert quipped, if someone writes the key on a Post-it note, quantum physics won’t save you​.

Early-stage risks are particularly high because quantum tech is still developing and not standardized. Many current quantum devices are prototypes with minimal security hardening. They often prioritize performance (e.g., maximizing qubit coherence or key rate) over security measures. This is similar to the early days of the internet, when protocols were open and trusting. As a result, we might see scenarios like quantum computing testbeds being hit by ransomware (locking the classical control systems), or quantum communication trials being disrupted by laser jammers. In fact, the NSA has warned that QKD’s reliance on sensitive physics makes it especially prone to denial-of-service – an attacker can easily force a QKD link to drop by introducing noise, since the system will shut down if it suspects eavesdropping​. A nation-state adversary could exploit this in a crisis: rather than breaking the quantum encryption, simply blind the communications with saturating noise, denying the enemy secure communication. Thus, availability is a concern; a system that’s secure when working but easy to knock offline is problematic for critical use.

On the flip side, state-sponsored quantum hacking is a growing geopolitical issue. Nations are investing heavily in quantum tech for both offense and defense. The United States and China, for example, accuse each other of stockpiling encrypted intercepts now to decrypt later when quantum computers arrive​​. While that’s about using quantum to hack classical encryption (a separate threat vector), there is also likely covert research into hacking quantum systems themselves. Government labs have “quantum hacking” programs – for instance, the Russian Quantum Center in Moscow hosts a Quantum Hacking Lab led by Makarov​. These groups look for weaknesses in rival quantum crypto implementations, and we can expect intelligence agencies worldwide to do the same. A national security concern is that if one country deploys a quantum communication network (believing it secure), adversaries might secretly already know how to break it via side-channels. The Reuters investigation noted that China portrays its quantum communication network as theoretically unhackable​, with the famous satellite experiments enabling secure video calls. But if another nation has developed better quantum hacking techniques (or if the equipment has hidden flaws), that confidence could be misplaced. This cat-and-mouse resembles the traditional cyber espionage race, now in the quantum domain.

Finally, consider future quantum tech like quantum sensors, quantum IoT devices, etc. A quantum sensor (say for GPS or timekeeping) could be tricked by feeding it fabricated quantum signals if not authenticated. Quantum random number generators could be subtly biased by environmental manipulation (as shown with light injection​). Even quantum algorithms themselves might need verification – a malicious provider could give you a quantum-simulated output that is incorrect. As quantum computing integrates with AI and big data (quantum AI), the attack surface widens: one could imagine tampering with the training data of a quantum machine learning model to produce wrong predictions, which is a kind of indirect attack on a quantum system’s utility.

In summary, quantum technologies inherit many classic security issues and introduce new twists. They require a holistic security approach: not only securing the quantum mechanics, but also the classical software, hardware, and humans around them. No part of the stack can be ignored. The mantra emerging from experts is that “Nothing is unbreakable”​ – claiming any system (even quantum-based) is absolutely secure is inviting trouble​. As history shows, attackers will use any available means, whether it’s physics, software bugs, or social engineering, to achieve their aims.

Future Security Implications and Mitigation Strategies

The arms race between quantum technology developers and attackers is well underway, even at this nascent stage. The good news is that awareness is growing, and researchers are actively developing countermeasures to quantum hacking techniques. Going forward, several strategies and developments are critical to secure quantum systems:

  • Device-Independent and Measurement-Independent QKD: One promising mitigation for QKD vulnerabilities is moving to quantum cryptography protocols that do not trust the devices. Device-Independent QKD (DI-QKD) involves setups where security is guaranteed by quantum entanglement correlations and doesn’t require assumptions about the inner workings of Alice’s and Bob’s devices​. In theory, even if the hardware is malicious or lossy, as long as it produces the expected statistical outcomes (violating a Bell inequality, for example), the key is secure. DI-QKD is currently impractical (very low rates, difficult to implement), but it represents the ultimate solution to closing side-channels. A more practical approach in the near term is Measurement-Device-Independent QKD (MDI-QKD). MDI-QKD removes all trust from the detection side (which is where most hacks like blinding occur) by having Alice and Bob send quantum states to a central node and only requiring that Alice/Bob’s sources are trusted​. Even if the detectors at the untrusted node are compromised, security is not broken. Several companies have already built early MDI-QKD systems that significantly reduce vulnerabilities at only a modest cost in key rate​. As these technologies mature, deploying them in place of standard QKD could nullify many known attacks. Essentially, they put the quantum security back on a firm theoretical footing by design.
  • Hardware Security Improvements: The straightforward way to stop many quantum attacks is to harden the hardware. Manufacturers of QKD devices have, for instance, updated their single-photon detectors with patches to prevent blinding (adding monitoring of the detector current, dual detection schemes, etc., so an out-of-spec bright light triggers an alarm). They also install optical isolators and narrowband filters to thwart Trojan-horse pulses​​. Future devices might include integrated intrusion detection – tiny sensors that detect if an unexpected signal is coming in or if the device is being physically tampered with. Quantum random number generators can be built with self-health checks to detect bias. On quantum computers, shielding the equipment and carefully partitioning resources will mitigate side-channels. For example, to counter the crosstalk attack, one could implement circuit sandboxing or mapping isolation where no two users’ qubits are read out on the same resonator or at overlapping times​. Engineers are also looking at scrambling techniques: randomly permuting qubit assignments and timeslots so that any leaked side-channel information becomes meaningless to an attacker​. Additionally, improving cryogenic isolation and electromagnetic shielding in quantum hardware will reduce emissions that could be intercepted.
  • Secure Quantum-Classical Interfaces: A recurring theme is that the interface between quantum and classical is a security weak point. Going forward, designers must bake in security at this juncture. This means strong authentication and encryption for control signals (so an outsider can’t inject fake commands or read out data). It also means segmentation: the classical control systems for a quantum computer should be treated like sensitive infrastructure, walled off from general enterprise IT. Administrators should apply the principle of least privilege, so that even if one part is compromised, an attacker cannot easily gain full control of the quantum processor. The workshop on quantum computing cybersecurity noted that monitoring quantum computations is challenging since you can’t peek at qubits without disturbing them​. One idea is to use verifiable quantum computation protocols, where the quantum computer itself produces a proof of correct execution that can be checked classically (a sort of quantum checksum). Research in this area (sometimes called blind or verified quantum computing) may allow clients to detect if a computation was tampered with or if a purported quantum result is fake. These techniques will be vital once quantum computers are used for critical computations – clients will want assurance that the remote quantum server hasn’t been subverted.
  • Post-Quantum Cryptography and Redundancy: From a broader perspective, organizations should not rely solely on quantum cryptography for security. The NSA and other agencies recommend post-quantum cryptography (PQC) – classical algorithms resistant to quantum attacks – as a more cost-effective and straightforward defense in many cases​. PQC can provide a backup layer of encryption in case quantum channels are compromised, and it doesn’t require new physics or hardware. In practice, a defense-in-depth approach makes sense: use QKD for an extra level of security if available, but also encrypt the data with PQC algorithms. Similarly, classical authentication of quantum sessions (using strong digital signatures that are quantum-safe) is necessary to prevent man-in-the-middle attacks on quantum exchanges (e.g., one problem with QKD is the lack of built-in authentication​). Future standards will likely combine quantum and classical techniques to balance strengths and weaknesses. For example, one might authenticate the quantum channel with a classical key, distribute a quantum key, then use that for bulk encryption alongside a post-quantum scheme. This way, an attacker has to break multiple things in different domains.
  • Education and Workforce: As quantum tech spreads, there is a need to train a new class of security experts versed in quantum mechanics. The attacks we discussed were largely developed by physicists and engineers working together; similarly, defending these systems requires cross-disciplinary knowledge. Initiatives in quantum cybersecurity research (like the NSF/DARPA workshops​) and academic programs will produce professionals who can rigorously test quantum devices for vulnerabilities. An important cultural point is to maintain healthy skepticism. Overconfidence in “unhackable” claims can be dangerous; instead, teams should assume determined adversaries will test every assumption. By fostering a community of quantum hackers (in the white-hat sense), the industry can stay a step ahead of malicious hackers. This includes organizing contests or challenges to break quantum implementations, similar to how classical crypto is vetted. The more battle-tested a system, the safer it is to deploy in the real world.
  • Policy and National Security Measures: Governments are beginning to treat quantum technologies as part of critical infrastructure. This means investing in securing these systems against espionage and sabotage. For instance, national labs might develop highly secure quantum communication links for government use, with classified countermeasures not publicly disclosed. Agencies may also institute certification standards for quantum devices (similar to Common Criteria for traditional hardware) to ensure a certified QKD box meets certain security baseline (no obvious side-channels, proper shielding, etc.). International cooperation could be beneficial too – sharing information on quantum vulnerabilities so that patches can be widely applied (much like CERT advisories in cybersecurity). However, given the high stakes, it’s likely some discoveries will be kept secret by agencies hoping to exploit them against adversaries. This dynamic means the offense-defense balance in quantum security will be an ongoing tug-of-war, just as in conventional cybersecurity.

In conclusion, quantum systems are not magically unhackable – they are complex machines and protocols built by humans, and thus fallible. We have seen that everything from faulty random number generators to luminous loopholes can undermine the promises of quantum security. Yet, with diligent engineering and a proactive security mindset, these challenges are surmountable. Quantum technology is still young, which is an opportunity to build security in from the ground up rather than retrofitting it later. The future will likely bring more hybrid solutions: quantum physics to detect eavesdroppers, coupled with classical cryptography to shore up any cracks, and robust hardware design to eliminate side-channels. By acknowledging that “nothing is unbreakable”​ and continuously testing our quantum systems, we can ensure that they live up to their potential in enhancing – not inadvertently weakening – our security. Quantum systems offer new and powerful tools, but they exist in the same reality as everything else, where creativity and caution determine who prevails in the endless contest of code-maker vs code-breaker​​. With the right investments in security, we can enjoy the benefits of the quantum revolution without falling victim to quantum hacks.

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email November 19, 2024
21 minutes read
Photo of Marin Ivezic

Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven professional services firm dedicated to helping organizations unlock the transformative power of quantum technologies. Alongside leading its specialized service, Secure Quantum (SecureQuantum.com)—focused on quantum resilience and post-quantum cryptography—I also invest in cutting-edge quantum ventures through Quantum.Partners. Currently, I’m completing a PhD in Quantum Computing and authoring an upcoming book “Practical Quantum Resistance” (QuantumResistance.com) while regularly sharing news and insights on quantum computing and quantum security at PostQuantum.com. I’m primarily a cybersecurity and tech risk expert with more than three decades of experience, particularly in critical infrastructure cyber protection. That focus drew me into quantum computing in the early 2000s, and I’ve been captivated by its opportunities and risks ever since. So my experience in quantum tech stretches back decades, having previously founded Boston Photonics and PQ Defense where I engaged in quantum-related R&D well before the field’s mainstream emergence. Today, with quantum computing finally on the horizon, I’ve returned to a 100% focus on quantum technology and its associated risks—drawing on my quantum and AI background, decades of cybersecurity expertise, and experience overseeing major technology transformations—all to help organizations and nations safeguard themselves against quantum threats and capitalize on quantum-driven opportunities.
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap