Quantum Computers, End of Cybersecurity?
Quantum computers have been making news over the last few years, particularly around how they can break encryption, but how serious is the threat and what is going to happen once a quantum computer is built?
What is a quantum computer?
In physics, quantum mechanics is a branch that investigates subatomic particles and the laws of nature that govern them. In the realm of quantum mechanics, particles can exhibit strange behavior; they can be in two different states or even different locations at the same time. Quantum computers work in a similar manner. These computers can take advantage of the strange behavior of particles of quantum mechanics to perform some calculations faster than a “classical” computer would.
Prime factorization is a particular calculation that a quantum computer can perform faster than a classical computer. A prime number is a number that is only divisible by itself and one, and to factor a number is to determine which prime numbers multiply to be that given number. For example, 9 factors into three times three (9 = 3×3), and fifteen factors into three times five. Although, being able to factor numbers fast does not seem to have a major impact on information security, the most commonly used encryption algorithm, RSA, derives its security from the incompetence of computers to factor large numbers.
The RSA algorithm belongs to a class of cryptography known as asymmetric cryptography. This is a form of cryptography that enables secure websites, digital signatures and is a staple of modern information security. While RSA is not the only asymmetric cipher used today, all the others have the same pitfall- quantum computers would be able to break them.
So does this mean the end of information security?
Is it true that cryptography will be fundamentally useless once a quantum computer is built? The answer is “probably no”. Nonetheless, there’s still a long road ahead before the qualms are dispelled. To armor against the evolving threat of cybersecurity posed by quantum computers, there is a new field of cryptography emerging which is called “post-quantum” cryptography. This field deals with cryptographic algorithms that are resistant to quantum computers with improved processing power. In fact, even today there are some working algorithms which are thought to be resistant to quantum computers.
In April 2016 the National Institute of Standards and Technology (NIST) issued the Report on Post-Quantum Cryptography, where it called for more research into these algorithms, developing the IT standards for implementing them and using them in communication protocols. While many of the post-quantum algorithms are promising, there are still a lot of missing pieces in the puzzle. Most of the current post-quantum algorithms are inefficient since they require more time and memory to perform them. Predominantly, the algorithms require much more research to ensure they have no vulnerabilities to quantum or even classical computers.
— Echoworx (@Echoworx) December 23, 2016
The threat of quantum computers is real.
Tomorrow, if a sufficient power quantum computer were to be built, it would undermine much of the security we rely on. Luckily, it is very unlikely for such a machine to be made in the next few years. But by the time one is created, the new post-quantum algorithms should be ubiquitous, allowing the secure infrastructures and technologies that have been constructed over the past decades to continue to be secure with only minor changes.
As a stop-gap measure, the NSA has recommended the CNSA (Commercial National Security Algorithm Suite), a set of cryptographic algorithms that are resistant against large quantum computers. Following the CNSA standard, Echoworx has been upgrading the crypto in its products to be quantum-resistant.
By John Fleming, Senior Architect, Echoworx