Whether it’s our credit card details or our private communications, almost every bit of sensitive digital data in the modern world is protected by encryption.
These cryptographic systems that scramble our data so it’s useless to a would-be attacker rely on underlying mathematical problems that are typically too complex to be cracked by computers.
That relatively strong guarantee of security may be coming to an end, according to Michael Brown, CTO at the security specialist ISARA Corporation, curtailed by the arrival of quantum computers.
“The assumptions that we’ve made in a lot of our internet-based systems, that this is safe because of the fact that classical computers can’t solve it, that doesn’t hold anymore in the context of quantum computers,” he told the CW Tec conference in Cambridge.
Quantum computing is still a largely theoretical field, which studies how to exploit the bizarre and counter-intuitive way that matter behaves at an atomic level to develop hugely powerful machines. For certain tasks, quantum computers have the potential to be exponentially faster than existing systems, as well as being vastly more energy efficient.
While universal quantum computers don’t exist today, and there are predictions they won’t until the 2030s, some progress is being made. Canadian firm D-Wave makes a system that, while not a universal computer, utilises various atomic behaviors, such as entanglement and state superposition, to help solve a range of difficult computational problems. There are also reports that Google could be on track to create a basic 50 qubit quantum computer by the end of 2017 – enough by some estimates to solve certain problems that conventional computers would find almost impossible.
Why these developments matter to the world of cryptography is that a universal quantum computer could be capable of unpicking many of the encryption systems used today, according to Brown.
Vulnerable systems, he said, include the Transport Layer Security (TLS) cryptographic protocols, which are used by websites and web services to secure communications and transactions with users. A quantum computer running Shor’s algorithm could potentially break the current public-key algorithms used by TLS, he said.
Harvesting secrets today to crack them tomorrow
Even if it proves to be decades before quantum computers are created, Brown said the threat could still apply to information being transmitted online today.
He pointed out that the world’s security services are engaged in harvesting internet traffic as it passes through fiber optic cables, under programs such as the GCHQ/NSA operation Tempora, and that there was a possibility of traffic being stored until such a time that quantum computers are available to decrypt it.
“If I’m a company and I have trade secrets underlying how my business will be successful, my core intellectual property, that has to live for a long period of time,” said Brown.
“If that information is out there encrypted on the internet, then you need to worry,” he said, adding the same threat might apply to other long-lived, sensitive information, such as medical data.
Decryption of these stored communications could again be achieved by running Shor’s algorithm on a quantum computer and using the machine to attack the stored key establishment algorithm and obtain the symmetric encryption keys, he said.
Firms also need to think about how the products they rely upon use encryption and whether the security they offer would hold in a post-quantum world.
“If you think about something like OpenSSL, OpenSSL is used widely across the internet in countless numbers of products,” said Brown.
“That means if you use a product that uses OpenSSL, you could be then evaluating your product to say ‘How am I using cryptography? Am I using it in a safe way? Do I need to use it in a different way?’. There are an ever larger number of items this affects,” he said.
Beyond decrypting sensitive data, quantum computers could also be used to interfere with the digital signing process that guarantees software updates or digital documents as authentic, he said.
With these threats in mind, companies needed to start thinking about what data they own that could be at risk, he said, and those that have control over encryption systems need to start preparing to replace cryptographic algorithms with alternatives that would be secure in a “post-quantum world”.
“As a company, if you think about how you update the cryptography that you use, this is not something you do over a weekend. This isn’t a new version of [Microsoft] Exchange that you’re rolling out.
“You really have a two, three or four year type of transition for most organizations,” he said.
One example of a “quantum resistant” cryptographic algorithm is Google’s New Hope, a “post-quantum key-exchange algorithm” that Google uses on a small fraction of connections between desktop Chrome and its servers.
Given universal quantum computers don’t yet exist, Google says that New Hope is an experiment, and that the algorithm may or may not prove secure against such an an attack in future.
It is possible to overstate the threat posed by the advent of quantum computing, however, according to Ross Anderson, professor of security and engineering at Cambridge University.
“I don’t really share the doom and gloom about cryptography,” he said, pointing out that a range of cryptography in use today, for example that used to protect bank account information stored on EMV payment cards, is not at imminent risk of being broken.
“First, most of the cryptography we actually use is shared key stuff. The 256-bit AES keys in EMV will continue to work for the foreseeable future.”
Even where quantum computers might pose a risk to encryption, such as to the cryptographic protocols that secure internet comms, online infrastructure is set up in a way that makes it feasible to drop in replacement, “quantum-resistant” protocols, he said.
Ross argues that the TLS protocol used to encrypt comms online is now typically applied at centralised front-ends, such as those run by CloudFlare and Akamai. “Most of that we could pull out and replace with Kerberos if we had to,” he said.
Crucially, he said he doesn’t see the potential existence of quantum computers as a fundamental threat to the encryption used to protect data today.
“I fail to see where there is anywhere in the world out there now that would break catastrophically if somehow the dreams of the quantum computing community came true and we had a serviceable 4,000-bit quantum computer. I don’t see that as being the end of civilization.”