Experts say this vision is not a dystopian nightmare, but a fast-approaching reality due to recent advances in quantum computing. Computers that use quantum phenomena such as superposition and entanglement to perform computation have long been touted as both a distant promise and boogeyman. The truth is more nuanced, but no less frightening for those who value their privacy. “The nature of quantum computing allows it to solve certain problems in practical time, that a classical computer would take much longer to solve,” Chuck Easttom, an adjunct lecturer at Georgetown University, who studies cryptography and quantum computing, said in an email interview. “And it just happens that these mathematical problems that quantum computers are good at, also happen to be the mathematical problems that form the basis for the security of RSA, Diffie-Hellman, Elliptic Curve, and related algorithms.”
Encryption is Everywhere
We rely on encryption to safeguard devices and sensitive data. One major reason is because of how long it takes to break encryption using current hardware. “While possible to crack in theory, it’s very difficult in practice because to do so would take an incredibly long time with a standard computer—think timescales of trillions or even quadrillions of years,” Rodney Joffe, a senior vice president and fellow at technology company Neustar, said in an email interview. But quantum computers work differently than the systems we’re used to, and they’re more powerful and effective. Quantum computers allow a different class of algorithms that are impossible for classical computers to perform. “Because we use the power of nature’s computer—quantum level computation—we can find patterns in the math puzzle that will offer a few possible solutions to that difficult math puzzle,” Terrill Frantz, a professor at Harrisburg University of Science and Technology, who studies cybersecurity, said in an email interview. “Nature can compute an endless amount of variables at the same time—for example how nature decides which way the wind blows, or heat moving around in liquid.”
Coming Sooner Than You Think
The day when standard security algorithms can be broken is closer than many people think, according to Paul Lipman, CEO of cybersecurity firm BullGuard. “In practice, a quantum computer would require on the order of a million qubits to break RSA,” said Lipman. “The largest quantum computer is currently less than 100 qubits. Current roadmaps from the likes of IonQ and IBM suggest that we’ll hit the million mark by the end of this decade.” Some countries are already thinking ahead by soaking up lots of data guarded by passwords that can’t now be broken, but will be when high-powered quantum computers come online, Frantz said. “The threat is here now,” he added. “When quantum computers can break our encryption, then all of the collected data from the past can be read.” Quantum computers are getting faster at a rapid pace. Researchers at the University of Science and Technology of China in Hefei recently announced they’ve developed a quantum computer capable of performing 100 trillion times faster than the world’s fastest supercomputers. The news follows a string of recent milestones in quantum computing from companies like Google, IBM, and Microsoft, and government efforts in the U.S., China, and other countries. “These developments have led to many questioning what exactly the power of quantum computing means for the future of cybersecurity,” Joffe said. “Responding to these advances should be a top priority for the security industry. This ultimately involves beginning to lay the foundations for rebuilding the algorithms, strategies, and systems that form our current cybersecurity approach.”
Defending Against Our Quantum Overlords
Even if practical quantum computing isn’t quite here, researchers want to be ready. Recent research from the Neustar International Security Council (NISC) found that almost a quarter of security professionals are experimenting with quantum computing and developing strategies in response to concerns that quantum advances will outpace the development of other security technologies. There’s also the potential for quantum computing to be used for mischief beyond just reading emails, due to how quickly it can compute data. “Quantum computers will have the ability to compute in 3 minutes what would normally take supercomputers 10,000 years to achieve,” Jofee said. “The potential to radically shorten that timescale could, in the hands of a malicious actor, enable cyberattacks unlike anything previously seen.” The bad news is that the average user can’t do much to protect their data from quantum computers, experts say. However, the National Institute of Standards (NIST) has been working on developing a quantum-resistant cryptography standard since 2017, Easttom noted. “Also, many cryptography researchers, including myself, are working on analyzing algorithms to determine what the best quantum resistant algorithms will be,” he added. One step users can take to make themselves a little safer from quantum codebreakers now is to implement the new TLS 1.3 encryption in their browsers, Frantz said. “This will help, but not be perfect,” he added. “A second option, which is now commercially available, is to begin to use Quantum Random Number generators and Quantum Key Distribution in our data transport applications.” A juicy target for hackers with future access to quantum computers would be cryptocurrency, which relies on cryptography to keep it safe and private. One company, RAIDAtech, is working on technologies to transport and store data quantum-safe. “We have achieved quantum-safe storage by shredding the data so that only 1/25th of it is on any given cloud,” Sean Worthington, president of the cryptocurrency company CloudCoin Consortium, claimed in an email interview. “The servers are located in 20 different jurisdictions like Argentina, U.S.A., Switzerland, and Russia, just to name a few. You can’t decrypt something that is in shreds.” It’s good to know when quantum computing fully emerges that our cryptocurrency might be safe even if our emails won’t be. It might be a good time to invest or divest in crypto, or start being more careful about what you write in your online messages.
