Quantum Cybersecurity – the interaction of quantum technologies and cybersecurity

Quantum cybersecurity explores the interaction of quantum technologies and information security. Quantum computing fundamentally redefines how information is processed. By leveraging quantum mechanical phenomena such as superposition (where a quantum bit (qubit) can be both 0 and 1 simultaneously) and entanglement (a puzzling link that makes two qubits behave as one system even when separated by great distances), quantum computers can perform calculations that are infeasible for classical systems to compute. This makes them a disruptive force across industries – including cybersecurity, where they threaten conventional encryption schemes while enabling new quantum-safe approaches.

How do Quantum Computers impact Cybersecurity?

Quantum computers pose both a challenge and an opportunity for cybersecurity. They threaten today’s cryptographic systems by potentially breaking widely used public key encryption algorithms. Also, quantum systems themselves must be protected against manipulation and exploitation. At the same time, quantum computing also opens the door to entirely new security mechanisms based on quantum principles.

A threefold approach to quantum cybersecurity ensures that quantum technologies become a driver of secure innovation – not a source of new risk.  

• Security despite quantum computers: Protecting today’s cryptographic infrastructure against future quantum attacks.
• Security for quantum computers: Ensuring that quantum systems themselves are secure against both classical and quantum-based threats.
• Security with quantum computers: Using quantum computing capabilities to develop new security technologies.

Why is Cybersecurity important? 

Quantum cybersecurity is becoming increasingly urgent for three key reasons.  

• First, quantum computers may eventually compromise widely used public key encryption algorithms such as RSA and ECC, which protect data and communication across the internet, critical infrastructure, and industry. This looming threat has led to the development of Post-Quantum Cryptography (PQC), which is resilient to quantum attacks.
   
• Second, as quantum hardware becomes available via cloud platforms, these systems present novel attack surfaces. The entire stack – from the quantum processing unit to classical control electronics and cloud-based interfaces – requires security analysis and robust protection measures.
   
• Third, quantum computers create new opportunities for defending digital systems. Hybrid quantum-classical algorithms may improve anomaly detection, formal verification, and other key cybersecurity tasks. Now is the time to consider both the risks and the opportunities.

How can Quantum Computing be secured? 

Securing the quantum future requires efforts across multiple domains:

Post-Quantum Cryptography (PQC)

• Developing cryptographic primitives resistant to quantum attacks
• Enabling crypto-agility and flexible migration paths
• Implementing secure PQC-based public key infrastructures (PKIs), virtual private networks (VPNs), and embedded applications

Security for Quantum Infrastructure and Algorithms

• Threat modelling of quantum computing workflows and attack surfaces
• Analysing vulnerabilities in cloud APIs, SDKs, transpilers, and job schedulers 
• Addressing side-channel attacks and supply-chain risks
• Ensuring confidentiality, integrity, and availability of quantum workloads

Leveraging Quantum Technologies for Security

• Applying quantum machine learning for cybersecurity applications such as fraud and anomaly detection

• Using hybrid quantum-classical approaches for formal software verification
• Evaluating the robustness of quantum machine learning models and developing defense strategies

Fraunhofer AISEC covers the full spectrum of IT security from hardware, operating system and application security to cloud security complemented by cross-cutting topics such as advanced cryptography and application of AI algorithms. The institute’s broad expertise across multiple specialized departments enables comprehensive coverage of this new technology stack. 

In the area of cryptography, Fraunhofer AISEC operates a Center of Post-Quantum Cryptography excellence (PQC), supporting industry partners transition to quantum-resistant cryptographic systems. Services include migration planning, crypto-agility strategies, and the validation of PQC implementations.

Beyond classical cryptography, we explore how to secure emerging quantum computing platforms. Our research addresses vulnerabilities in the quantum software stack, risks introduced by shared cloud platforms, and side-channel attacks on control hardware.

In addition, we harness quantum computing itself for security purposes. This includes software verification using QC-assisted satisfiability solvers and quantum kernel techniques for detecting cybersecurity-relevant anomalies.

The latter two research areas are also focus topics of the Bavarian Competence Center for Quantum Security and Data Science (BayQS), which is coordinated at Fraunhofer AISEC and is associated with the Munich Quantum Valley initiative.

Quantum-Powered Cryptanalysis: Fraunhofer AISEC bridges the gap between algorithm research and hands-on tooling 

BayQS pioneers quantum variants of classical cryptoanalysis that cover complete block and stream ciphers. The focus lies on provable polynomial speed-ups, letting threat analysts explore cipher structures that remain opaque to classical hardware. MQV’s (Munich Quantum Valley) QACI toolkit turns these ideas into practice. As highlight, a modular Correlation Extraction Algorithm – augmented by Quantum Amplitude Amplification – extracts exploitable biases with far fewer oracle calls. Custom, reversible two’s-complement and comparator circuits replace depth-heavy SDK gates, while an Exclusive-Product-of-Sums oracle keeps the design GPU-friendly. All circuits are validated on Qiskit-Aer with full GPU acceleration, enabling large-scale simulations today and seamless migration to real quantum devices tomorrow. Together, BayQS and QACI deliver a coherent workflow that lets industry and government quantify quantum risks early and harden their products long before fault-tolerant machines arrive.

BayQS – Bavarian Competence Center for Quantum Security and Data Science

Center of Post-Quantum Cryptography excellence 

Quantum computing advancements pose a threat to today’s IT security as a whole. This is because the established cryptographic processes can be cracked by quantum computers. Fraunhofer AISEC is pooling its expertise in the future technology of post-quantum cryptography (PQC) via the Center of Post-Quantum Cryptography excellence. Our goal as a neutral and manufacturer-independent center is to support companies and public research institutions in the switch to quantum-resistant cryptographic processes. To do so, we offer individual consultation and support for migrating to architecture with a quantum-secure design. Compatibility with existing solutions and crypto agility play a key role in this. Other services offered by the Center of PQC excellence include security analyses for PQC implementations as well as an information portal for post-quantum cryptography.

Selected research projects:

• KBLS: In the KBLS (BOTAN cryptographic library: long-lasting security for IT applications and services) project, Fraunhofer AISEC has coordinated the development and implementation of reliable, user-friendly cryptographic processes, which cannot be broken by quantum computers.
   
• FLOQI: The FLOQI (Full-lifecycle post-quantum PKI) project has developed a PKI that is resistant to quantum computers.
  
  
• QuaSiModO (German website): The QuaSiModO (Quantum-Secure VPN Modules and Operation Modes) project has developed quantum-secure virtual private networks (VPNs) at layers 2 and 3 of the TCP/IP reference model and has advanced the standardization of the network protocols required on an international scale.
  
  
• Aquorypt (German website): The Aquorypt project has investigated the application and practical implementation of cryptographic processes that are resistant to quantum computers.

Center of post-quantum cryptography excellence

PoQsiKom: Security chip enables acknowledgement of safety systems of machine tools via the Internet 

Advances in digitalization require new encryption technologies for industrial processes, which are becoming increasingly connected across international borders. One example is the acknowledgement of safety systems of machine tools via the Internet. Fraunhofer AISEC, Technical University of Munich, Siemens AG, and high-tech company TRUMPF have teamed up in a project called PoQsiKom to develop a way to securely release the protected areas of machine tools remotely. The new concept is based on a versatile chip with crypto-agile quantum security technology that will also stand up to future threats.

Industry 4.0: Security chip enables acknowledgement of safety systems of machine tools via the Internet - Fraunhofer AISEC

Advanced Cryptographic Primitives for Security and Privacy

Whereas common cryptographic applications like public key encryption and digital signatures have found viable post-quantum replacements based on a variety of assumptions, decades of research on RSA and elliptic curves have brought forth several algorithms with special properties, enabling advanced use cases. For instance, key blinding signature schemes allow to derive pseudonyms for one’s digital identity, so it becomes possible to sign and publish documents without leaking one's signing history. However, such features often rely on structural assumptions, like homomorphisms, which are hard to find and often a cause for vulnerabilities in post-quantum signature replacements. Our research focuses on removing such structural assumptions, providing conservative post-quantum alternatives.

Non-Homomorphic Key Blinding from Symmetric Primitives - Cryptology ePrint Archive

Serious Game: Charlie and the Quantum Factory

What makes quantum computers different from traditional computers? What are qubits? When do we talk about superposition? And to what temperature must quantum computer chips be cooled, in order to perform calculations? These and many other questions are explored through entertaining puzzles and mini-games in the web-based serious game »Charlie and the Quantum Factory«, developed by the AISEC-Learning Lab for Cybersecurity.

Charlie and the Quantum factory - Fraunhofer AISEC

QuantWorld: The fascinating world of second-generation quantum technologies  

The QuantWorld project is a gateway to the fascinating world of second-generation quantum technologies. The project’s mission is to make knowledge about quantum technologies accessible and relevant to people from all walks of life introducing citizens to the fields of medicine, banking, and mobility.

QuantWorld

Secure Quantum Platforms 

Quantum computing is becoming more accessible with increasing numbers of quantum platforms. The confidentiality and integrity of data and algorithms running on these systems are important assets that need to be protected from untrusted parties. To fully utilize and trust quantum computers, users need to have assurances about the confidentiality and integrity of quantum circuits that they execute on the quantum computers. Based on the classification of quantum algorithms at BayQS – Bavarian Competence Center for Quantum Security and Data Science we show the assets worth protecting, evolve the data flows on third-party quantum hardware and quantum computing platforms, and propose a concept architecture addressing confidentiality and integrity of processed data and code. 

BayQS – Bavarian Competence Center for Quantum Security and Data Science

Extended Security Analysis of Quantum Machine Learning  

In a research project for the German Federal Office for Information Security (BSI), and in partnership with d-fine and AQT, Fraunhofer AISEC analyzes the security of Quantum Machine Learning (QML) systems. Special emphasis is placed on multi-stage attacks, such as side-channel attacks that can reveal internal processes of QML circuits and enable the imitation of target models.

Read the news

Publication:

• Entangled Threats: A Unified Kill Chain Model for Quantum Machine Learning Security

Bridging Classical and Quantum Code Analysis: A New Approach to Detecting Security Flaws in Quantum Software 

Quantum computers not only offer revolutionary computing power but also pose new security risks. But how can programming errors – especially those relevant to security – be reliably detected in quantum code? Existing analysis tools fail because they cannot map the peculiarities of the quantum world. We are expanding classic code analysis tools to capture quantum-specific information. The code property graph, which can be flexibly supplemented with quantum data, is particularly promising in this regard. In a proof of concept, we have developed a tool that analyzes quantum and classical code together – tested with Qiskit (a popular framework for quantum programming) and OpenQASM (a kind of »assembly language« for quantum computers). The result is a comprehensive analysis platform that connects both worlds and helps to master future challenges in source code testing.

A Uniform Representation of Classical and Quantum Source Code for Static Code Analysis | IEEE Conference Publication | IEEE Xplore

Munich Quantum Valley: QC machine learning, programming & methods

At MQV researchers are developing QC-based machine learning for fraud detection, software libraries for QC programming and QC methods that comply with data protection regulations.

Quantum-Assisted Methods for Improving IT Security

Fraunhofer AISEC explores how quantum computing can enhance traditional cybersecurity measures. Our work includes developing quantum-assisted AI algorithms for anomaly detection, threat identification and system verification. Using quantum machine learning (QML, the combination of quantum computing and machine learning) and quantum optimization, we aim to reduce computational complexity and improve detection accuracy – even in challenging scenarios. These include high-dimensional data, where a large number of variables must be analyzed at once, or limited labeled datasets, where only a small amount of data has been pre-classified by experts. To ensure practical relevance, our methods are validated using both classical simulations and real quantum hardware. 

Website QST - Quantum Security Technologies group at Fraunhofer AISEC

Examples: 

• Anomaly Detection with Quantum Machine Learning: Identifying Cybersecurity Issues in Datasets
• Quantum and Classical AI Security: How to Build Robust Models Against Adversarial Attacks

SAP – Quantum Anomaly Detection for Cloud Monitoring

In a research cooperation with SAP, Fraunhofer AISEC investigates the potential of QC-assisted anomaly detection for time series data. Inspired by SAP’s HANA cloud, the use-case is cloud monitoring where sudden outages, and their root cause need to be identified quickly and reliably to restore normal operations.

Publication: Quantum Autoencoder for Multivariate Time Series Anomaly Detection

Research collaboration on security‑relevant applications of quantum computing: anomaly detection, cryptographic algorithms and quantum security

Fraunhofer AISEC is conducting joint research with the German Federal Printing Office (Bundesdruckerei) on security‑relevant applications of quantum computing, in particular QC‑assisted anomaly detection and tensor‑network methods for cryptographically relevant quantum algorithms. Tensor networks are mathematical models used to efficiently represent and manipulate high‑dimensional data. The goal is to realistically assess potential quantum advantages and to develop methods for current as well as future error‑corrected quantum computers. In addition, topics at the intersection of QKD and quantum computing – such as QML‑based attacks and corresponding countermeasures – are being evaluated.

Linking quantum computers and classical cryptography could revolutionize encryption analysis

In cryptography, linear cryptanalysis examines how vulnerabilities in encryption schemes can be uncovered. This requires linear approximations that simplify the relationships between plaintext, ciphertext, and key. The Correlation Extraction Algorithm (CEA), an approach from quantum information science, could significantly accelerate this search. Initial analyses show that CEA could greatly reduce computational effort (e.g., search time) and require less memory compared to classical methods.

QuaST

In the QuaST project (Quantum-enabling services and tools for industrial applications), researchers are developing solutions and tools based on quantum computing that can be used for conventional software verification.

• Quantum and Classical AI Security: How to Build Robust Models Against Adversarial Attacks https://www.cybersecurity.blog.aisec.fraunhofer.de/en/quantum-and-classical-ai-security-how-to-build-robust-models-against-adversarial-attacks/
• Multi-Party Computation in the Head: An Introduction https://www.cybersecurity.blog.aisec.fraunhofer.de/en/multi-party-computation-in-the-head-an-introduction/
• Fortifying Cryptography with Impeccable Circuits – Impeccable Keccak Explained https://www.cybersecurity.blog.aisec.fraunhofer.de/en/fortifying-cryptography-with-impeccable-circuits-impeccable-keccak-explained/
• Fraunhofer AISEC Commissioned by the German Federal Office for Information Security (BSI): New Study of Laser-Based Fault Attacks on XMSS https://www.cybersecurity.blog.aisec.fraunhofer.de/en/fraunhofer-aisec-commissioned-by-the-german-federal-office-for-information-security-bsi-new-study-of-laser-based-fault-attacks-on-xmss/
• Adversarial Attacks on Quantum Machine Learning (PennyLane Tutorial) https://pennylane.ai/qml/demos/tutorial_adversarial_attacks_QML