Why post-quantum encryption will be critical to protect current classical computers
Commonly-used data encryption protocols rely principally on the computational difficulty of integer factorization-breaking down a composite number into a product of smaller integers. Presently, no algorithm is known to be capable of integer factorization on classical computers, though Shor's algorithm has been demonstrated on quantum computers. Quantum computers available now are not advanced enough to run Shor's algorithm for encryption protocols like RSA-2048, which uses 617 decimal digits (2,048 bits).
To date, the largest integer factorized on a quantum computer was 4088459, on a 5-qubit IBM quantum computer in 2018. Experts disagree on when quantum computers will be sufficiently powerful to run Shor's algorithm for RSA numbers, though there is consensus that this is a question of when, not if. Because of this, a transition to post-quantum cryptography-that is, encryption protocols that do not rely on the use of discrete logarithms-will be necessary to maintain security.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
Current quantum computers are pushing 72 qubits (see note below), such as Google's Bristlecone design. However, these are noisy qubits-imperfect qubits subject to environmental noise, which are operable for a short time before reaching decoherence. It is possible to combine noisy qubits to simulate one perfect qubit, though this is theorized to require 1,000 noisy qubits for a perfect qubit. Thousands of perfect qubits are needed to potentially break RSA, equating to millions of present-day noisy qubits.
While it is impossible to state with any certainty when quantum computers will be sufficiently capable, advances in quantum computers are coming-significant research in noise reduction and qubit connectivity will be applied to newer systems in the coming years. But when the day comes that RSA encryption is broken by quantum computers, it will not open the floodgates.
"It still may take quite a few months of effort to break a single key," Sandy Carielli, director of security technologies at Entrust Datacard, told TechRepublic. "It's not that everything that's been encrypted ever suddenly becomes immediately visible."
That said, current, commonly-used encryption protocols are vulnerable, and a migration to post-quantum cryptography is needed-and this transition must start as soon as possible. "Migration from the hashing algorithm SHA-1 to SHA-256... took many organizations years to make that move," Carielli said. Fortunately, post-quantum encryption does not require a quantum computer-or even a new computer-to use.
"There are many different post-quantum algorithms out there under review. Some have larger or smaller performance or size characteristics. In general, the processing intensity would be doable by most laptops that are running today or that were running five years ago," Carielli said. "The concern may be more about have the applications been updated? Has the infrastructure been updated to support new types of cryptography, new types of keys, new processes. It may be less about whether it has the computational viability and more about whether it's actually been updated to understand what this new key and algorithm actually means and what they have to do."
Likewise, trust in new encryption standards is paramount, as the NSA was accused of paying $10 to security firm RSA to insert weaknesses in a random number generator, which was subsequently formally withdrawn by NIST.
"When NIST selects a set of algorithms-and it's not only going to be one, it's likely to be maybe three or four or five or six for different use cases-they will have been reviewed already, and they're going to continue to be reviewed," Carielli said. "I don't think that the review and scrutiny is going to stop once algorithms are selected, there's always going to be that analysis. The thing that is critical to understand here is that this is a public process. The proposed algorithms were often recommended by public entities, such as universities, companies, or research institutions-it is those entities, as well as NIST, that are doing the analysis to understand whether these algorithms are viable."
For more, learn why quantum computing is not a cure-all for business computing challenges, and check out Encrypting communication: Why it's critical to do it well on TechRepublic.
Note: D-Wave quantum computers measure their ability in qubits, though are designed for a specific calculation, not general-purpose computing.