While the science behind quantum computing might be esoteric to many of us, the idea is not just a fantastical notion in some sci-fi movie. IBM has been researching quantum computing for over 35 years1 and since 2016, had made quantum computers available publicly on the Internet. A Canadian company called D-Wave (which uses a different form of quantum computing from IBM2) demonstrated a working quantum computer in 2007 and has been selling quantum computers since 2011.3 Major vendors such as Google4, Microsoft5, and Intel6 have ongoing R&D efforts around quantum computing.
So, what’s the issue when it comes to encryption and quantum computing?
Today’s asymmetric encryption algorithms, which are primarily used for key exchanges and digital signatures, are considered vulnerable to quantum computers. For example, using today’s traditional, digital, transistor-based computers, it’s estimated it would take 6 quadrillion CPU years to crack a 2048-bit RSA decryption key.7 But, quantum computers are able to consider multiple possible solutions simultaneously, making them orders of magnitude faster than today’s traditional computers and thus potentially able to crack today’s encryption algorithms in a very short amount of time.
“If quantum computers are able to crack contemporary encryption algorithms, then they could decrypt every bit of data ever encrypted prior to quantum computers—whether that data is a day old or decades old,” says David Holmes, Principal Threat Research Evangelist at F5. How likely are people to care about decrypting information that’s decades old? “It depends entirely on what the information is!” says Holmes. “Imagine a database that contains detailed information about a country’s spies who are still active, other types of military or government secrets, or a corporation’s proprietary formula for some chemical compound. It might still be relevant.”
To solve the encryption problem, then, we need new encryption algorithms that are designed to protect against cryptoanalysis by quantum computers—and, to Holmes’ point, we need to be working on them now.
Fortunately, many mathematicians, researchers, and engineers are doing that already. Several quantum computing-resistant algorithm candidates have already been submitted to the National Institute of Standards (NIST) for consideration. In turn, NIST has issued a timeline by which they’d like to see such an algorithm that’s ready to replace today’s asymmetric algorithms. NIST’s timeline for having a new standard drafted is essentially 7 years from now.
When asked what security pros should be doing about this now, Holmes replied, “For those worried about long-lived data in transit, they should be moving to forward secrecy to protect their data from future quantum computers. The rest probably have time to prepare.”
You can read more about how quantum computing will affect Transport Layer Security (TLS) specifically, get details about some of the candidate algorithms under consideration, as well as speculation about which one will be the likely winner—and why—in Holmes’ full report, How Quantum Computing Will Change Browser Encryption.