Breaking of strong cryptography algorithms by quantum computers is a debate that’s going on from several years. Read on to know more…
When the world famous Nobel Prize winning physicist Richard Feynmann came up with the concept of quantum computers in 1982 in his speech and paper Simulating Physics with Computers, he probably wasn’t thinking about the effects it would have on cryptography. Today, we face the real possibility of quantum computers overturning the apple-cart of classical encryption and the promise of nigh-unto-unbreakable quantum encryption.
Relevance to IT Security
Several key aspects of cyber security rely on encryption and public key cryptography, which are essential for protecting secret electronic information. Modern cryptographic algorithms like AES-128, RSA-2048, ECDSA-256, etc. with suitable key lengths are not susceptible to brute force attack — even with massive amounts of computing power, they would take centuries or, in some cases, even longer than the lifetime of the universe to break.
However, it is possible to create unique algorithms for quantum computers (e.g. “Shor’s algorithm”) that dramatically reduce the time it takes to break these algorithms. Symmetric algorithms used for encryption, like AES, are still thought to be safe (with sufficient key length — e.g. AES-256 or larger); however, current asymmetric algorithms like RSA and ECDSA will be rendered essentially useless once quantum computers reach a certain scale.
In such instances, there is a possibility that the super-speed number crunching quantum computing may break nearly every practical application of cryptography in use today, making businesses and security applications totally insecure.
The Challenging Factor
For cryptographers, the development of super-speed quantum computers will be a rather scary one. The heart of the problem is public key encryption — the protocol that’s used to encode a piece of data when it is sent from one person to another, in a way that only the person on the receiving end of the message can decode. The security of the system is based on the difficulty of figuring out a person’s private key based on their public one, because solving that problem involves factoring huge amounts of numbers.
Inconveniently, if there’s one thing that quantum computers will be good at, it’s crunching numbers. Leveraging the quasi-supernatural behaviour of particles in their smallest state, quantum devices are expected to one day breeze through problems that would take current supercomputers years to resolve.
In other words, a quantum attack on public-key cryptography systems requires a powerful quantum computer, and such a device is not on any researcher’s near-term horizon. Companies involved in the field are currently sitting on computers of the order of less than 100 qubits; in comparison, recent studies have shown that it would take about 20 million qubits to break the algorithms behind public-key cryptography.
The Road Ahead
At the end of the day, the threat of quantum computing reduces to an economic problem. Viable quantum computers will initially be very expensive and have limited power, so initially only governments will be able to afford them and will only have enough capacity to attack the most valuable secrets of other nation states.
Gradually this capability will trickle down to organized criminals, but again they will only have the capacity able to attack the most lucrative targets (e.g. falsifying financial transactions, blackmailing large companies or selling their sensitive data to the highest bidder). By the time quantum computing is generally available (if ever), hopefully the old, vulnerable algorithms will have all but disappeared.