quantum safety ⚛️

In South Ah’, the words “quantum” and “safety” are not typically used within the same sentence 😅, but as you probably guessed, we’re not referring to that Quantum. Rather, we’re talking about quantum computing and the implications it could have on cryptography and the safety of our communication channels and data.

According to the European Telecommunications Standards Institute (ETSI), “quantum-safe cryptography refers to efforts to identify algorithms that are resistant to attacks by both classical and quantum computers, to keep information assets secure even after a large-scale quantum computer has been built”.

Cryptography, the basics ⛹🏽‍♀️

Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behaviour. When you send a text message or make a purchase online, information such as the content of the message or card details are kept safe in transit via encryption.

Traditionally cryptography refers to a sender (Alice 👩🏾‍⚕️) applying “encryption” to convert legible information (plaintext) into an unintelligible form (cipher-text), and the intended recipient (Bob 👷🏼‍♂️) applying “decryption” to convert the cipher-text back to plaintext.

Any unintended recipient (Eve 🦹🏾‍♀️) cannot decrypt the cipher-text because they do not have the required decryption key.

There are two types of encryption:

• 👬  Symmetric encryption: In this flavour of encryption, one key (a secret key) is used to both encrypt and decrypt data.

• 👨‍👦 Asymmetric encryption: In this case two different, but mathematically related keys are used.

Irrespective of the type, the security of cryptography rests upon “hard” mathematical problems that are practical to solve with the right cryptographic key, but impractical to solve without it given current available computational power.

A hard problem in this context means that it would take a modern (classical) computer millions of years to solve… at which time the information that you are trying to encrypt is likely no longer relevant.

Enter quantum computers 💻

Quantum computing is a largely (for now) theoretical paradigm of computing that uses phenomena in quantum physics to create new ways of computing.

While in classical computing, data is stored as sequences of bits which can each store either a binary 0 or 1, quantum computing makes use of quantum bits (qubits) which have the property that they can be in a superposition of 0 and 1 simultaneously until its state is measured, effectively storing multiple values at once.

While this is all very abstract, the main take home is that this property theoretically gives them a huge speed advantage over classical computers and algorithms for certain problems. This so-called “quantum advantage” means that quantum computers can perform some tasks exponentially faster than classical computers.

The threat of quantum computing on cryptography ☣️

The issue of quantum safety arises because many of the “hard” mathematical problems on which current day cryptography relies are “easy” problems to a theoretical quantum computer.

Where it takes a classical computer millions of years to solve, a quantum computer could solve the problems in a matter of hours or days. Therefore, anyone in possession of a sufficiently powerful quantum computer would effectively be able to decrypt all the current information being transmitted and stored with non  “post-quantum resistant” encryption methods. 😱

What needs to be upgraded? 🏗️

As Andreas Baumhof from Quantum technologies points out, pretty much everything. 😮 In the information age, we use encryption for most everything. 

To list but a few:

• All connections of devices to the internet are facilitated using cryptography via protocols such as HTTPS, OpenVPN = vulnerable. 

• All encrypted data stored in databases = vulnerable.

• All applications that communicate with the cloud via protocols like SSL/TLS that rely on asymmetric cryptography = vulnerable. 

• Cryptocurrencies also rely on cryptography = vulnerable. 

How long do we have? ⏳

In a 2020 report titled: “The Next Tech Revolution: Quantum Computing”, McKinsey highlights that quantum computing is just starting, but predicted that quantum machines will not be able to factor significant prime numbers (in the hundreds of thousands of digits long - like those used in today’s “hard” encryption problems) until the very late 2020s at the earliest.

What is being done? 🩹

Some good news is that standards bodies as well as researchers are working to mitigate the threat.

Since 2015, the US National Institute of Technology (NIST) has been researching new encryption algorithms to replace the current ones that can be broken by quantum computers. In July 2022, they announced the first four quantum-resistant cryptographic algorithms for standardisation.

The NIST hopes to publish the standardisation documents by 2024, but may speed up the process if there are major breakthroughs in quantum computing.

The outlook 🔭

After the release of the new standards, companies within the industry need to be pushed to implement these new post-quantum resistant encryption algorithms. This will likely require huge technical, operational and social work, making for a very open-ended scenario.

• Protocols and companies that are not upgraded to post-quantum resistant algorithms will be vulnerable and we will likely see data theft and leaks from this new attack vector.

• The new algorithms might vary with how performant they are, which could significantly change the user experience of the internet.

Ultimately, the consensus is that quantum computing is going to be a reality. Research and Big Tech investment is ramping up quickly, with IBM, Google, Microsoft and Amazon (to name a few) all having ambitious roadmaps in the space. And while general-purpose quantum computers are not yet a reality, we still have some time to brace ourselves.

claude

if you’re a football fan, sash recommends watching “fifa uncovered” - a new documentary series on netflix

matt was interested to read about amazon’s new telehealth service