Last week Microsoft became the latest tech giant to intensify the race towards developing a quantum computer – thus, making that (literal) quantum leap in technology even closer to becoming reality. Computers to whom the most complex mathematical problems of today are like child’s play could potentially render all contemporary encryption useless. Or do they really?
Computers getting faster all the time is no news – as per Moore’s Law, processing power doubles every two years. Which, if you present it as a graph, would look like a straight line going up. That same graphic would look like a hockey stick from the point quantum computers come into the picture. Classical computing relies on data recorded as bits – as either 0 or 1 – whereas in quantum computing it is in qubits, which could be both 1 and 0 at the same time, thus opening the door for infinite possibilities.
Give a regular computer the task to find the lowest value in a field. It’d go over the grid, collecting and returning data one place at a time, one by one. A quantum computer, in theory, would be able to scan all points on the grid at simultaneously and get the results simultaneously. And much faster. Doesn’t sound like much until you realize it could make such an easy job of the encryption protecting your data as well.
Is this closer to sci-fi or to reality?
The reality of this is on the horizon, but we are not there yet. D-Wave has been selling devices it calls quantum computers to the likes of Google and NASA for a decade now. But its computers are able to solve a very limited amount of problems and although they are super-fast at it, they are not the thing to render encryption obsolete yet. The real thing, scientists estimate, is probably a decade away. Some say real quantum computers are 30 years away. So why worry now?
There are two main things about the coming quantum-decryption age that worry cryptographers. One is that much of today’s encryption will indeed become easy to break. Whoever gets to develop a quantum computer first will be in an unprecedented position of power: everyone else’s old secrets will be basically theirs to know. The past 20-30 of encrypting information could be undone quite quickly with all the political, security and other kinds of implications.
Is quantum-resistant encryption also on the way?
The second thing is that the current encryption infrastructure took decades to build and building a new one isn’t going to be quick either. There are completely new approaches to public key exchanges that are being tested and seem to be resistant to quantum computing. And there are also ways to beef up already available encryption methods, so they’d be quantum-resistant – for example by extending the length of keys used for symmetric encryption.
What are those? Earlier this year the US National Security Agency (NSA) moved on to a new generation encryption standard: the Commercial National Security Algorithm Suite (CNSA). The agency noted that this is part of its buckling up for the coming quantum age. The suite includes algorithms such as Diffie-Hellman and RSA with 3072-bit keys or higher and AES 256. (By the way, Secure Group already uses these standards or higher for our encrypted apps suite, Secure Pack.)
The good news is that, like I already mentioned, there is time. And the process of bringing encryption standards up to the challenge has already started. What’s good encryption today will continue being such for the near future as well.