CardLab Aps explores the risks of quantum computing and sustainable solutions that will help uphold online security

Quantum computing is no longer a distant possibility; it is rapidly evolving into a practical reality with the potential to revolutionise many sectors. One area of particular concern is the impact quantum computing will have on online security.

Quantum computing is rapidly becoming a reality, and its potential impact on various sectors, including online security, is a subject of great concern. Quantum computers, capable of solving complex problems exponentially faster than classical computers, could easily break existing cryptographic algorithms, rendering current digital infrastructure vulnerable.

In this article, CardLab explores the risks posed by quantum computing and discusses effective strategies to mitigate these threats. We will specifically highlight the role of offline biometric authentication devices in providing a convenient and sustainable solution for secure identity verification and data transmission.

The threat of quantum computing to current cryptography

Cryptography, the science of securing information, relies on the difficulty of certain mathematical problems, such as prime factorisation, to protect data. Today’s most common cryptographic algorithms, RSA and ECC (elliptic curve cryptography), assume that solving these problems would take any classical computer an impractically long time.

However, quantum algorithms, like Shor’s algorithm, could break these cryptosystems by drastically reducing the time required to solve these problems. In practical terms, this means that RSA encryption keys could be cracked by quantum computers in mere minutes or even seconds—potentially exposing sensitive information, such as financial transactions, classified data, and personal identities, or enabling account takeover or infrastructure control by malicious actors.

State actors and quantum computing

While private enterprises and academic institutions are largely responsible for quantum research, state actors pose the most significant threat when exploiting quantum technology for cyberwarfare. Once mature, quantum computers could give governments the ability to break virtually any encryption currently in use, exposing everything from military secrets to citizens’ sensitive personal information.

State-sponsored hacking campaigns have become more common in recent years, with governments targeting other nations’ infrastructure, intellectual property, and sensitive data. With the advent of quantum computing, the capabilities of state actors will be exponentially magnified.

These governments, with almost unlimited resources, will have the power to compromise communications, financial systems, and energy grids and even manipulate elections or launch misinformation campaigns. Any organisation still relying on traditional cryptographic methods will face severe vulnerabilities.

Post-quantum cryptography: Preparing for the threat

In response to this looming threat, researchers are actively working on post-quantum cryptography (PQC), which involves algorithms designed to resist quantum attacks. PQC operates on mathematical problems that even quantum computers cannot easily solve.

However, as cryptography is built on logic chains, it can also be broken by logic, and it will be a continuous race against hackers and machine learning tools.

Organisations such as the National Institute of Standards and Technology (NIST) have been in charge of standardising these algorithms.

Yet, widespread implementation of post-quantum cryptography is still years away, meaning organisations need solutions today to secure their systems while these technologies mature. As CardLab has assessed, this interim period will also mean hacker skills and tools get better and faster, which could create a status quo situation once quantum cryptography has matured.

The role of offline biometric authentication devices

At CardLab, we see a critical, sustainable solution to quantum threats in the use of offline biometric authentication devices and identity tokenisation.

These devices are designed to secure user identities and communications without relying on vulnerable network-based cryptographic protocols. They can provide offline tokenisation, adding an unknown element to the encrypted information, making hacking almost impossible.

How offline biometric devices work

An offline biometric authentication device operates in a secure, isolated environment, reducing the risk of network-based attacks, including those posed by quantum computers. Here’s a breakdown of how these devices work:

Advantages of biometric authentication in a quantum era

The importance of strong fingerprint verification

The best solution is only as strong as the weakest link, and it has taught CardLab and our partner Fingerprints AB that there are key concerns to consider when the biometric sensor for offline verification is selected. The following needs to be considered:

Biometric algorithms

The ANSI/ISO standards for fingerprint representation consist of features that were described in the late 19th century. These features are often referred to as ‘minutiae’, which can be located manually in a fingerprint and replicated. The density of these in a fingerprint is such that for achieving good matching performance, quite a large area of skin needs to be imaged, but it also makes it possible to extract these features from other objects the user has touched or shown their fingerprint to.

To enable sensors of suitable sizes that are both low in cost and can fit into all manner of devices, a much denser feature set is required. Therefore, the standardised minutiae-based feature set is augmented by complex, more mathematical features. This enables these small sensors to achieve outstanding performance that is well suited for 1:1 verification on offline objects such as biometric cards. ‘Minutia only’ based algorithms should never be used in small-size verification devices.

Presentation Attach Detection

Algorithms for protection against fake fingerprints or Presentation Attack Detection (PAD) leverage state-of-the-art machine learning methods to analyse the fingerprint image for evidence of it being of a fake finger rather than a real one. These classifiers have