The NSA’s Information Assurance Directorate1 left many people scratching their heads in the winter of 2015. The directive instructed those that follow its guidelines to postpone moving from RSA cryptography to elliptic curve cryptography (ECC)2 if they hadn’t already done so.
“For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum-resistant algorithm transition.”3
The timing of the announcement was curious. Many in the crypto community wondered if there had been a quantum computing breakthrough significant enough to warrant the NSA’s concern. A likely candidate for such a breakthrough came from the University of New South Wales, Australia, where researchers announced that they’d achieved quantum effects in silicon, which would be a massive jump forward for quantum computing.4
Since then, the crypto community has been trying to prepare for the transition to “quantum-resistant” algorithms—that is, algorithms that are secure against an attack by a quantum computer. Let’s look at some of the likely candidates for those algorithms and how they’ll be fitted into the Transport Layer Security (TLS) protocol that we all use today with HTTPS. But first, a bit of explanation.
Quantum Computing Versus Quantum Encryption
Quantum computing, in the context that we’re talking about here, is not to be confused with so-called quantum encryption.
The smallest “bit” of information a normal computer can store is a 0 or 1. A computer with quantum effects can store both values simultaneously in a quantum bit, called a qubit. An array of these qubits can store all possible values simultaneously, but the real significance is that answers to certain problems can be teased out of them at rates that are orders of magnitude faster than an array of conventional bits. A machine with such capability is called a quantum computer. Using conventional, non-quantum computer hardware, it would take 6 quadrillion CPU years5 to factor a 2048-bit RSA decryption key using the number field sieve.6 ;Crypto researchers suggest that it could be done quickly using a single quantum computer with as few as 4,000 qubits.7
When Can I Buy a Quantum Computer from NewEgg?
Up until the NSA missive in 2015, quantum computers were assumed to be decades away. But with the University of New South Wales announcements, and the fact that the NSA itself is spending $80 millionꬷ to develop its own quantum computer, Microsoftꬸ and Google both project that a workable quantum computer capable of decrypting RSA may be achievable by 2025.