There was a time, not all that long ago, when quantum computers seemed like a pipe-dream. The stuff of science fiction, not science fact.
Why are quantum computers such big news? Well, the computational potential of a quantum computer poses a genuine threat to digital security as we know it. RSA, Diffie-Hellman and Elliptic Curve algorithms are the foundation of public key cryptography, which is used to protect most of the world’s websites and electronic communications.
Previously deemed “unbreakable” using existing technology, the exponential increase in processing capacity for a quantum computer will make integer factorisation of large prime numbers a reality; rendering current encryption methods vulnerable.
Although the idea of a quantum computer was first proposed back in 1980, the practical development of a working model seemed a long way off. The discovery of Shor’s algorithm in 1994 was heralded as a significant development, but it was another 10 years before the science really caught up.
The last 5 years have seen a significant acceleration in the rate of investment in, and development of, quantum computers. Experiments in quantum teleportation, entanglement, qubit development and the measurement of quantum error have brought us to the point where a working quantum computer is a realistic possibility.
The race to develop a working quantum computer is well and truly on. Google, D-Wave, IBM, Intel, Alibaba, Huawei and others announced significant investments in 2015, as the first to market with a viable device is set to achieve a significant advantage.
The private sector is not the only interested party. The US Department of Defense, the FBI, the UK GCHQ, China’s Ministry of State Security and Russia’s Foreign Intelligence Service have all made public their interest in quantum computers.
The Countdown to Quantum Computers
Two years ago, most experts were predicting 20-year development cycles. Now, almost everyone agrees we will see a working quantum computer within 10 years.
In a recent Security Innovation article entitled When Will Quantum Computers Arrive, the author compares predictions from ETSI, NSA, EU, Microsoft and Google.
10 years may seem like a long time away, but it is already having an impact on the long-term security implications for data. The harvest now, decrypt later approach of cyber criminals means that encrypted data can be stolen today and stored until a quantum computer arrives that is capable of decrypting it.
Back in June 2015, ETSI recognised this in its Quantum Safe Whitepaper “if [your] organisation has a need to archive certain information or protect the privacy of online transactions for more than 10 years, and currently uses encryption techniques, then these security methods should be upgraded to known quantum safe algorithms and techniques in order to protect long-term privacy.”
Later that summer, the NSA added weight to the argument when they announced they were recommending a move to quantum-safe cryptography. ““The Information Assurance Directorate (IAD) will initiate a transition to quantum resistant algorithms in the not too distant future. Based on experience in deploying Suite B, we have determined to start planning and communicating early about the upcoming transition to quantum resistant algorithms.”
Suite B is a public list of cryptographic algorithms approved by the NSA for government use and includes 3072bit RSA encryption, AES 256bit keys and Elliptic Curve P-384. The recent acceleration in the development of quantum computing means elliptic curve encryption does not represent the long-term solution it once did.
The quantum threat is of particular importance for government and defence applications as most use public key cryptography to ensure the confidentiality of national security information. Add to this the long lifecycle of equipment and intelligence data in the public sector and it is easy to see why they are taking quantum seriously.
Even the most quantum-sceptical observers have been forced to re-evaluate their predictions in recent months. With quantum computers likely to become a reality in 5-10 years, users of public key cryptography should sit up and pay attention. If you want to guarantee long-term protection of data in a post-quantum world, the time for change is now.
Further reading: Discover what quantum-safe cryptography looks like.