Your data may be safe from a quantum attack… for now. When quantum computers develop the ability to crack present-day encryption mechanisms, will you be ready?
Currently, lots of data is encrypted based on public key cryptography, which relies on a simple principle: Some math problems, like factoring large numbers into primes, are hard for a computer to solve. But there’s an algorithm, called Shor’s algorithm, that would be able to complete this task quite easily with the help of a quantum computer. We’ve been talking about it forever, but scientists and others are working really hard to figure out how to supplant present-day public key cryptography strategies so they’re immune from a quantum attack.
“For public key cryptography, the damage from quantum computer will be catastrophic,” Lily Chen, mathematician and leader of the National Institute of Standards and Technology’s Cryptographic Technology Group, said in a session at the American Association for the Advancement of Science’s 2018 annual meeting in Austin, Texas. “We must look for quantum resistant counterparts for these cryptosystems.”
Quantum computers are processors whose bits operate and interact with one another based on the rules of quantum mechanics. While this technology is nascent, quantum computers have a lot of potential to solve problems that classical computers can’t. Computing with Shor’s algorithm is a little further on the horizon than other applications. But adapting to a new post-quantum landscape isn’t just a quick patch download.
“In the previous generations, it’s taken around 20 years between public key cryptography being published as a paper to people using it,” said Chen. “We can do better, but it will still take time.”
NIST maintains present-day cryptographic standards, and is working to replace them with standards resistant to a quantum attack. After a call for proposals, they received 69 algorithms that could potentially be resistant to such an attack. Now, they must evaluate each one against both classical and quantum attacks to ensure that the problems are still difficult to solve, with the hopes of drafting updated standards by 2022 to 2023.
There are still many questions, though. Implementing these new methods could be difficult, expensive, or time and data consuming, explained Roberta Faux, representing the private company Envieta Systems. And companies will still need to take the time and effort to make the transition.
Then there’s the human element, said Jeremy Blackthorne of Boston Cybernetics Institute at the AAAS conference. Blackthorne essentially hacks computers for the good guys to test security, as he explains it. Lots of present-day attacks don’t require breaking codes at all, he pointed out—you can just ask people for a password, and they will give it to you. He alluded to all of the recent data breaches as evidence (like Equifax, Yahoo, etc). “If I had a quantum computer… I’d use it where I could, but it wouldn’t necessarily change everything for some targets.”
But how could you be sure that a quantum encryption strategy works, given the potential for new, undiscovered quantum algorithms? People are working to solve these quandaries of post-quantum cryptography. We hope that the new encryption strategies are ready before a Shor’s algorithm-breaking computer is.
image: Christiaan Colen/Flickr