You are here

Is quantum computing the end of security as we know it?

public://pictures/lwmartin.jpg
Luther Martin, Distinguished Technologist, Micro Focus

Quantum computers may eventually make some types of encryption useless, but that is no reason to panic. There's plenty of time to move to quantum-safe encryption algorithms. In fact, you are probably already using quantum-safe encryption algorithms—in other words, those believed to be safe from hackers using quantum computers.

Here's why.

[ Data privacy regs GDPR and CCPA are the new norm. Learn best practices from top organizations for staying on the right side of the law. ]

Enter quantum computing

Quantum mechanics is behind many technologies that we take for granted today. The transistors in our cellphones, the LEDs in our flashlights, and the MRI machines that doctors use to look inside our bodies are all examples. All require quantum mechanics to work.

Another application of quantum mechanics may soon provide a way to do things that are not possible with other technologies. This is quantum computing, and it is based on a very different approach to storing and processing information.

A classical computing bit represents one of two values that we think of as representing a logical 0 or a 1. Quantum mechanics offers a more general way to store information by allowing a quantum bit (qubit) to store the probabilities that a particular qubit is either a 0 or a 1, with the precise value of the qubit unknown until it is measured.

This is much like the situation you get when flipping a coin. When a fair coin is spinning through the air, all you know is that the probability of it coming up heads is 0.5 and the probability of it coming up tails is also 0.5. But when you catch the coin and look at it, you know for sure which side came up. One way to interpret the state of the spinning coin is that it is both heads and tails at the same time.

This is similar to the mathematical formalism of quantum mechanics, where particles (electrons or photons, for example) are always oscillating and you cannot know the state of a particle until you measure its properties. And if you know the probabilities that a particle is in one of multiple states, you can think of that particle as simultaneously being in all of those states at the same time.

Storing qubits

By extending this idea to qubits, you can use N qubits to simultaneously store the probabilities that your system is in any of the possible 2N states. This is often interpreted as meaning that with N qubits, you can store all 2N possible N-bit values at once.

That is a dramatic increase over the capability of classical bits, where an N-bit register can only store a single one of the 2N possible values at a time. There are between 1078 to 1082 atoms in the visible universe, so a single register of just 265 qubits can simultaneously hold about as many values as there are atoms in the universe. 

[ View Webinar: Five Steps to Implement a Universal Policy Strategy ]

Quantum versus traditional encryption

That is a lot, so it should not be surprising that it is possible to do some very powerful calculations with that much computing power. And some of those calculations dramatically affect the security of some (but not all) encryption algorithms.

The security of encryption is quantified in terms of "bits of security." This provides an easy way to compare algorithms with different properties. It takes about 2,128 computational steps for an attacker to crack a 128-bit AES key, a 256-bit elliptic curve key, or a 3,072-bit RSA key. We say that each of these approaches to encryption provides 128 bits of security.

But the number of steps that it takes to crack a key depends on the computer you use. The fact that a 3,072-bit RSA key provides 128 bits of security assumes that an attacker is using a classical computer, not a quantum one. The nature of quantum computers—computers that use qubits instead of just traditional bits—makes it possible to implement algorithms that cannot be implemented on classical computers, and these dramatically affect the security of some encryption algorithms.

Reducing security

In particular, there is an algorithm that runs on a quantum computer that reduces the security of a 3,072-bit RSA key down to only about 26 bits. It is essentially impossible with the non-quantum technology that will be available in the foreseeable future to crack a key that provides 128 bits of security, but you can easily crack one that provides only 26 bits of security with the computing power of a cellphone.

If engineers figure out how to build large-scale quantum computers, the security provided by the RSA algorithm essentially disappears, as does the security provided by many other common public-key encryption algorithms, including those based on elliptic curves.

The security of essentially all of the public-key encryption algorithms that are widely used now will be reduced to essentially zero if attackers have access to large quantum computers.

It's not as bad as it sounds

But all is not lost. Many well-known public-key encryption algorithms are secure from attacks by quantum computers. Some have already been vetted by reputable standards organizations—IEEE Std 1363.1 and OASIS KMIP (PDF) already specify quantum-safe algorithms. So if progress in quantum computing ever threatens to make today's public-key algorithms crackable, it will be easy to move to quantum-safe alternatives. That is the caveat to becoming quantum-safe. 

The easy part is something that you are probably already doing. Attacks that can run on quantum computers simply divide the number of bits of security that an AES key provides by two—a 256-bit AES key will provide 128 bits of security, etc. So if you are already using AES-256, you are already using an encryption algorithm that will provide an adequate level of security against quantum computers. If you are using AES-128, just move to AES-256 and you will be using a quantum-safe algorithm. It is that easy. 

So the bottom line is that it will still be possible to communicate securely in the face of adversaries who have big quantum computers. Just switch to quantum-safe public key algorithms and move to AES-256. Make that your strategy for being secure in the future quantum world, and you'll be fine.

[ Get Report: Radicati Group: Information Archiving Market Quadrant Report 2019 ]