Experts split on how soon quantum computing is coming
Source: Maria Korolov |
IBM Four Qubit Square Circuit. Credit: IBM Research
Whether quantum computing is 10 years away -- or is already here -- it promises to make current encryption methods obsolete, so enterprises need to start laying the groundwork for new encryption methods.
A quantum computer uses qubits instead of bits. A bit can be a zero or a one, but a qubit can be both simultaneously, which is weird and hard to program but once folks get it working, it has the potential to be significantly more powerful than any of today's computers.
And it will make many of today's public key algorithms obsolete, said Kevin Curran, IEEE senior member and a professor at the University of Ulster, where he heads up the Ambient Intelligence Research Group.
That includes today's most popular algorithms, he said. For example, one common encryption method is based on the fact that it is extremely difficult to find the factors of very large numbers.
"All of these problems can be solved on a powerful quantum computer," he said.
He added that the problems are mostly like with public key systems, where the information is encoded and decoded by different people. Symmetric algorithms, commonly used to encrypt local files and databases, don't have the same weaknesses and will survive a bit longer. And increasing the length of the encryption keys will make those algorithms more secure.
For public key encryption, such as that used for online communications and financial transactions, possible post-quantum alternatives include lattice-based, hash-based, and multivariate cryptographic algorithms as well as those that update today's Diffie-Hellman algorithm with supersingular elliptic curves.
Google is already experimenting with some of these, Curran said.
"Google is working with the Lattice-based public-key New Hope algorithm," he said. "They are deploying it in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm. By adding a post-quantum algorithm on top of the existing one, they are able to experiment without affecting user security."
Flexibility is key
Some future-proof encryption algorithms have already been developed and are now being tested, but enterprises need to start checking now whether their systems, both those that they have developed themselves and those provided by vendors, are flexible enough to allow old, obsolete algorithms to be early replaced by new ones.
Fortunately, according to Curran, there are already algorithms out there that seem to be workable replacements, and that can run on existing computers.
One company that is paying very close attention to this is Echoworx, which provides on-premises and cloud-based enterprise encryption software.
Quantum computing will break all of today's commonly used encryption algorithms, said Sam Elsharif, vice president of software development at Echoworx. Encryption that today's most sophisticated computer can break only after thousands of years of work will be beaten by a quantum computer in minutes.
[ RELATED: Does quantum cryptology offer hack-proof security? ]
"This is obviously very troubling, since it's the core of our business," he said. "Echoworx will be in trouble -- but so will all of today's infrastructure."
Since longer keys won't work for public key encryption and companies will need to replace their algorithms, the encryption technology needs to be modular.
"It's called cryptographic agility," he said. "It means that you don't hard-wire encryption algorithms into your software, but make them more like pluggable modules. This is how software should be designed, and this is what we do at Echoworx ."
Once post-quantum algorithms have been tested and become standards, Echoworx will be able swap out the old ones with the new ones, he said.
"You will still have a problem with old data," he said. "That data will either have to be destroyed or re-encrypted."
Hardware-based encryption appliances will also need to be replaced if they can't be upgraded, he said.
Don't worry, it's still a long way off
How soon is this going to be needed? Not right away, some experts say.
"The threat is real," said Elsharif. "The theory is proven, it's just a matter of engineering."
But that engineering could take 10, 15 or 20 years, he said.
Ulster University's Curran says that quantum computers need to have at least 500 qubits before they can start breaking current encryption, and the biggest current quantum computer has less than 15 qubits.
"So there is no immediate worry," said Curran.
However, research organizations should be working on the problem now, he said. "We may very well find that we do not actually need post-quantum cryptography but that risk is perhaps too large to take and if we do not conduct the research now, then we may lose years of critical research in this area."
Meanwhile, there's no reason for an attacker to try to break encryption by brute force if they can simply hack into users' email accounts or use stolen credentials to access databases and key files.
ALSO ON CSO: The Illustrated Guide to Security
Companies still have lots of work to do on improving authentication, fixing bugs, and patching outdated, vulnerable software.
"Many steps need to be taken to tighten up a company’s vulnerability footprint before even discussing encryption," said Justin Fier, director of cyber intelligence and analysis at Darktrace.
In addition, when attackers are able to bypass encryption, they usually do it because the technology is not implemented correctly, or uses weak algorithms.
"We still have not employed proper protection of our data using current cryptography, let alone a future form," he said.
"Quantum computing is still very much theoretical," he added. "Additionally, even if a prototype had been designed, the sheer cost required to build and operate the device within the extreme temperature constraints would make it difficult to immediately enter the mainstream marketplace."
No, go right ahead and panic
Sure, the typical criminal gang might not have a quantum computer right now with which to do encryption.
But that's not necessarily true for all attackers, Mike Stute, chief scientist at security firm Masergy Communications.
There have already been public announcements from China about breakthroughs in both quantum computing and in unbreakable quantum communications.
"It's probably safe to say that nation states are not on the first generation of the technology but are probably on the second," he said.
There are even some signs that nation states are able to break encryption, Stute added. It might not be a fast process, but it's usable.
"They have to focus on what they really want," he said. "And bigger quantum computer will do more."
That means that companies with particularly sensitive data might want to start looking at upgrading their encryption algorithms sooner rather than later.
Plus, there are already some quantum computers already on the market, he added.
The first commercial quantum computer was released by D-Wave Systems more than a year ago, and Google was one of its first customers.
"Most everyone was skeptical, but they seem to have passed the test," said Stute.
The D-Wave computer claims to have 1,000 qubits -- and the company has announced a 2,000-qubit computer that will be coming out in 2017.
But they're talking about a different kind of qubit, Stute said. It has a very limited set of uses, he said, unlike a general-purpose quantum computer like IBM's which would be well suited for cracking encryption.
IBM's quantum computer has five qubits, and is commercially available.
"You can pay them to do your calculations," he said. "I was able to do some testing, and it all seems on the up and up. It's coming faster than we think."
This story, "Experts split on how soon quantum computing is coming, but say we should start preparing now" was originally published by CSO.