Cryptography in Danger in the Quantum Computing Era

Nov. 13, 2017, 5:33 a.m.
Michela Menting, Research Director


Quantum computing and information theory could therefore create powerful computers, capable of staggering processing speeds and incredibly accurate measurements, as well as enabling the foundation of a highly secure communication infrastructure. However, this same type of power presents dangers as well in that it could just as easily break many of the cryptographic technologies in use today.

Quantum developments of the last half century, including Shor and Grover's algorithms, pose a critical threat to modern cybersecurity technologies and are of grave concern to the confidentiality, integrity, and privacy of personal information, business interests, and national security.

Quantum computing remains a largely theoretical concept today. However, it is widely believed that the creation of a quantum computer is possible with the development of quantum error correcting codes and threshold theorems in the late 1990s. Most experts agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application is possible, with optimistic estimates by the private sector varying between 5 and 15 years for commercialization, while more conservative estimates by academics put this at 15 to 25 years.

Research currently focuses on how to move present-day lab-based demos with computers using just a few qubits, to large-scale quantum computers handling hundreds of thousands of qubits. Estimates suggest that RSA 2048-bit could be broken using anything between 4,000 and 10,000 qubits (depending on the number of quantum gates). The U.S. National Institute of Standards and Technology (NIST) estimates that an attack-capable quantum computer will be a reality by 2030, at a price tag of US$1 billion and would be able to break a 2000-bit RSA key in a matter of hours.

Some features of quantum computing are already commercially available, although they do not represent “true” quantum computers as envisaged by theory. Canadian firm D-Wave Systems, for example, designs and manufactures the D-Wave 2000Q computer (which boasts 2,048 qubits), which is a type of analog quantum computer.

Microsoft, Google, IBM, Intel, HP, Toshiba, Mitsubishi, Nokia Bell Labs, and a few of the large defense contractors (Booz Allen Hamilton, Lockheed Martin, Raytheon) have publicly announced efforts to develop general-purpose digital quantum computers, investing heavily in research and development (R&D) and in startups. Initiatives such as IBMQ, for example, have tens of qubits available for public experimentation.

Venture capital (VC) funding in quantum companies has been growing steadily. Since 2012, more than US$334 million has been invested in total, although more than 80% has been in funding. Alongside the private sector, governmental R&D is accelerating the crystallization of the quantum computer. The United States, China, Canada, Australia, the United Kingdom, Germany, and several other European Union countries are investing millions in quantum research, both internally and through public-private partnerships. Globally, government funding for quantum research is estimated at US$1.7 billion.

The drive to create the first quantum computer has been viewed as the new arms race. The milestone to reach is that of quantum supremacy, essentially the performance of computation that goes beyond the capability of the latest and best supercomputers in existence today. But this drive is underpinning another, more pressing race.

The potentially drastic repercussions on cybersecurity by the commercial availability of quantum computers have led apprehensive researchers to focus on the development of quantum-safe cryptography. Also known as post-quantum cryptography, such research looks to the development of new cryptographic algorithms that could withstand breaking by quantum computers.

The U.S. National Security Agency (NSA), NIST, and the European Telecommunications Standards Institute (ETSI) have made it a top priority, not least because the development of such standards needs to be completed before the first attack-capable quantum computer becomes a reality, and standards development takes time.

The race to develop and standardize quantum-safe encryption algorithms must conclude before quantum computers become a reality if cybersecurity is to remain a stalwart of confidentially, integrity, non-repudiation, and authentication of modern information and communication systems.

Beyond quantum computers, the use of the theory can also aid in developing new cryptographic techniques. In the quantum cryptography space, a few companies (such as ID Quantique, Quintessence Labs, and MagiQ Technologies) have managed to develop and successfully test quantum key distribution (QKD) and are in the process of commercializing them. The use of quantum in next-generation encryption technology might well aid in creating quantum-resistant security.

In the interim, the concept of crypto-agility has begun to take hold. Crypto-agility refers to the ability to transition smoothly from pre- to post-quantum security. This can be achieved through hybrid cryptographic solutions. This type of technology encapsulates current existing standards (such as RSA and ECC) into new quantum-resistant ones (like New Hope). Google’s New Hope-based solution for Chrome does exactly this, as does the IETF’s proposal for a Quantum-Safe Hybrid Technique (SWZ02). The idea is that if one or the other of the schemes fail (or is corrupted), then the other remains in place to provide a dual protection mechanism.

For organizations, whether public or private, post-quantum computing is a topic that should be discussed in risk management strategies today. Executives should follow closely both research and standardization development efforts so that they may be prepared when the quantum computing era comes of age.


For more information on the topic, please see our research report: Cryptography in the Quantum Computing Era and Press Release.