Whether you realize or not, the modern world is built upon a bedrock of encryption. Your mobile phone conversations are encrypted so that no-one can listen in. Your credit cards are encrypted so that your details and identity cannot be stolen and used elsewhere when you're shopping online. Banking also relies heavily on cryptographic algorithms to ensure that data is kept secret by turning it into completely unreadable nonsense. Cryptography also ensures that your online accounts don't suddenly belong to everyone else.
I went to the Black Hat Europe conference last week, and speaking there was Jennifer Fernick, a researcher at the Centre for Applied Cryptographic Research at the University of Waterloo (Canada). There aren't many presentations that really make me sit up and listen, but this one did. The presentation really hit home regarding the potential of quantum computers to break the encryption that underpins modern life. But to understand quantum computers pose this threat, it is first necessary to understand what makes these computers so powerful.
Quantum computers use quantum mechanical phenomena (this science of the very small) and concepts such as entanglement and superposition of individual atoms to perform computational tasks. The basic building block of a quantum computer is a qubit, which can be used to represent a one and a zero at the same time. Classical computers on the other hand, such as your laptop or desktop use bits to represent and store information, but they can only represent a one or a zero, not both at the same time. When these qubits work together and scale, what you get an exponential rise in computational power.
Due to this immense power, quantum computers have the power to change a lot of things. They will dramatically improve things such as artificial intelligence and machine learning, allow us to have really accurate weather forecasts, speed up drug discovery, accelerate space exploration and more. But among the great things that quantum computers can bring, quantum computers also have the ability to break things. They have the ability to break the internet.
This was brought up in the presentation. Fernick said: "What would it mean if all public key crypto was broken? You could no longer authenticate users, no longer keep private information confidential and the financial system would come to a halt."
"Everything would be public information and revealed by absence of activities, as participating as a democracy requires technology."
Fernick also displayed a slide that claimed that "everything that ever has been – or will be – sent over the internet using a quantum vulnerable algorithm could be subject to later adversarial decryption once a large-scale quantum computer becomes available".
So as you can imagine, I was taken back by these bold statements, but there is definitely some truth behind it. You see, the main reason why quantum computers are a threat to encryption is because of their potential ability to factor very large numbers into their component primes. This is significant because almost all public key cryptography on the internet today (such as RSA) depends on this being a very difficult problem for classical computers to solve (it would take thousands of years and/or require unlimited resources).
To address this issue, during the presentation, Fernick announced the OpenQuantumSafe Software Project to the Security community at Black Hat. This is a collaborative project – funded by Canadian Cryptoworks21 which is taking a step towards secure communications for quantum computing. In other words, it is a response to the posed threat of quantum computing. Fernick announced that she has been working on the project for two years and the project is still ongoing. She said that there are many questions still to be answered around benchmarking and said that "we have algorithms and we don’t know what works best or how they perform".
The project is very ambitious in that they are attempting to quantum proof all cryptographic algorithms. They then look at each one and assess which ones are likely to be contenders to replace RSA. She said the algorithms also have to be compatible with the infrastructure that we have today which includes Internet of Things (IoT), IPSec, TOR and SSH protocols.
Fernick also pointed out the need to standardize the algorithms and also the need for them to be standardized before the arrival of the first quantum computer. The open source nature of the project will go along way to towards this, ensuring that the algorithms are secure by allowing the security community a chance to break and find pitfalls in the algorithms at an early stage.
Fernick said, "The arrival of a quantum computer will not necessarily be front page news, so we must make and intensive and ongoing effort to improve the security of all of our systems. The best way to do this is with transparency, openness, and diverse critiques of the resulting algorithms, software, and standards."
The presentation concluded by saying that the arrival of quantum computers is inevitable but allowing them to do good things will help protect against the bad things.
The most alarming thing for me is that the encryption researchers are literally in a race against time to develop quantum safe algorithms before the arrival of quantum computers which will be capable of cracking algorithms such as RSA, which we all rely on to keep our information safe and secure. But not only do we need quantum safe algorithms, they need to be classically safe too. So we need the algorithms to be computationally complex enough to be a struggle for quantum AND classical computers. They need to be standardized too and the entire infrastructure of the internet will need upgrading as a result, which will be a massive undertaking.
To say that the presenter was worried was a understatement, and rightly so, as its only a matter of time before a quantum computer arrives that can break current crypto. But with highly competent researchers such as Fernick and the security community working together on these difficult problems, I think we're in a good place. Who do you think will win the race? Let me know your thoughts in the comments below.
