Cryptography is an extremely powerful tool in our current state of information security. That, I hope, we can all agree on. It is generally accepted that if you have followed cryptography standards correctly, the confidentiality and/or integrity of your data will be protected. But what would happen if, suddenly, this was no longer true?
In 1994, Peter Shor, a mathematics professor from the Massachusetts Institute of Technology, published a quantum algorithm that would give relatively quick solutions to the ‘hard’ mathematical problems that our current cryptosystems are based on. At the time, this algorithm was purely theoretical as there were still many challenges to overcome with the development of quantum computers. However, 23 years on, the threat seems a little more imminent. The general premise is: if quantum computers become efficient and scalable, almost all public key cryptosystems that are in place today will be rendered completely useless.
What are quantum computers?
Classical computing uses bits which are either on or off, 1 or 0. Quantum computing uses qubits which can have multiple states at once. Effectively, they can be both 1 and 0 at the same time. This allows for parallel processing of multiple cases at once, increasing the computation speed exponentially as the number of qubits are increased. The physical challenge with qubits is that they are extremely unstable. The slightest change in temperature or energy will cause decoherence; that is, it will cause the qubits to act in the same way as classical bits and thus lose their quantum properties.
Is this really going to happen?
Breaking cryptosystems is not the only thing quantum computers are useful for. Their quirky mechanics promise to offer a number of attractive benefits: improving database performance, accelerating research in medicine, and predicting financial and economic outcomes. There is plenty of positive motivation for research in quantum technology. Governments around the world, as well as many of the big industry players, have been investing heavily. The UK government has invested £270 million into the UK national quantum technologies programme over the last few years. Google is planning for its quantum computing chips to be able to perform a calculation that’s beyond the reach of any classical computer by the end of the year. IBM are bringing quantum computing to the masses, giving public access to their prototype quantum processors through their initiative IBM Q. The Chinese city of Jinan has begun trials of a secure quantum network running from Beijing to Shanghai, the first implementation of quantum technology for a real-life commercial purpose. Although some believe it is unlikely given the physical challenges with the instability of qubits, we cannot be sure that there is not an organisation somewhere around the world that is closer to quantum computing than we think.
How bad could it be?
Imagine the chaos that would ensue if public key cryptography was suddenly rendered useless in our current state of communications and connectivity; no encryption, no authentication, no data integrity, no control on repudiation, unless there is already an established trusted relationship. Whilst symmetric cryptography is likely to survive, our problem lies in the distribution of symmetric keys. In a worst case scenario, we would have to assume that anybody can see and modify everything we send over the internet. We would not be able to trust that anyone is who they claim to be unless we already know them. Any information we receive remotely could be tampered with: the balance in our bank account, results from the doctors, notes from our colleagues. Online business would cease. Depending on what the attacker decided to do with their newfound superpower, the consequences could be much worse. Everything and anything that uses secure communications is at risk: hospitals, power grids, military defence. The list goes on.
It is possible (and likely) that some groups are already collecting encrypted data in the hope that they will be able to decrypt it in the future using a quantum computer. If you have data that must remain confidential in the long term, you will need to think about protecting it against quantum attacks now, otherwise you may be unknowingly sharing your data with the criminals of the future.
What can we do?
Solution 1: Restrict access to quantum computers. It’s a specialist piece of technology and will not be widely available any time soon, so restricting access may be successful for a short time. However, as things stand, it would only take one quantum computer to get into the wrong hands and have its decrypting services contracted out via the dark web to cause pandemonium. It is unlikely that legislation will help us here.
Solution 2: Use quantum technology to protect against quantum threats. You may have heard of the promise of 100% secure quantum encryption or quantum key distribution. Given the properties of quantum mechanics, it does seem promising. The challenge of using this to protect against quantum attacks lies in the timing. As soon as we overcome the physical limitations of quantum physics to build practical quantum encryption solutions, it is likely that we will also have built the machine that can break our current cryptosystems. Implementation takes time, regardless of how secure the algorithm is, which means while we’re busy implementing quantum encryption, the attackers will be busy harvesting all the free information they can get their hands on, assuming they also have access to a quantum computer. We would need to ensure the good guys could build and implement quantum defensive solutions before the bad guys got their hands on the tech. Clearly, this is very unlikely. Quantum encryption may well be part of the long-term solution, but we need to find a way to protect ourselves now whilst we continue to develop quantum solutions.
Solution 3: Migrate all of our current cryptography over to a new form of cryptography, resistant to quantum attacks. This is not an easy option, however, based on current research, it may be the only option if we want to be confident about securing current and future communications. NIST is currently driving development of post-quantum cryptography, and some huge advances have been made, particularly in code-based and lattice based cryptosystems. There are now a number of algorithms which, despite not yet going through rigorous industry scrutiny, are believed to be a viable alternative. We may not yet be able to fully trust these algorithms, but by combining them with our current techniques, we can still keep hold of our current level of security and, in addition, give ourselves a strong chance of being secure against the quantum computers of the future. In an announcement made in January 2016, the US National Security Agency acknowledged the importance of addressing this concern, and has asked all organisations and suppliers that contribute to national security systems to prepare to implement quantum resistant cryptography as soon as acceptable public standards exist. They believe that standardisation of these quantum resistant algorithms will happen within the next few years.
There is a lot of research taking place in the cryptographic community to find an alternative to RSA, Diffie Hellman, and Elliptic Curve based cryptosystems, all of which are vulnerable to quantum attacks. However, it seems there is a lack of discussion on this topic in the commercial world. This is not a ‘we’ll cross that bridge when we come to it’ kind of situation. It will be too late. Preparing ourselves to be resilient to this threat is likely to be costly and painful, but the earlier we think about it, the easier we can make it. The more awareness we have of what might need doing in the future, the better we can plan our activities, budget, allocate resources and ensure our effort is used most efficiently. To address the quantum threat, we are forced to make uncomfortable predictions about the future that we cannot ever be sure of, but this is what we do best in information security. We build proportionate defences against a potential future threat. We may not know exactly when this particular threat will materialise, but given the size of the impact, it is our responsibility to do something about it.