Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon.
Today’s computers – which are obviously the tools that we use to encrypt and decrypt data – carry out all of their activities by representing both commands and information using bits – with a single physical “bit” element either having an electrical charge (and, logically, being considered, therefore, a 1) or lacking such a charge (and, as such, indicating a 0).
While modern computers may be able to perform calculations quite fast as compared with humans, their reliance on classic bits renders them highly inefficient when performing complex mathematical analysis and simulations as compared with the mature quantum-based computing devices expected to emerge in the not-so-distant future.
What are quantum computers?
At their core, quantum computers are devices that leverage advanced physics to perform computing functions in ways that are simply unachievable with classic computers; quantum physics is not a simple matter, and, as such, this article cannot possibly explain in detail how quantum computers physically work. From a layman’s perspective, however, one can think of quantum computers as being able to create immense multi-dimensional representations of data that can be analyzed simultaneously using physics in order to find desired values within the representations, rather than by evaluating possible options one by one as today’s computers do. If one wants to think in terms of bits, instead of being either a 1 or a 0, a quantum bit (Qubit) can be thought of at a high level to be either 0, 1, both, or any of the infinite values in between.
In short, quantum computers can perform simultaneously what today’s computers would have to do in a potentially extremely long series of calculations; while a computer without the relevant decryption key seeking to decrypt properly-encrypted data today, must, for example, try every possible decryption key one by one, quantum computers face no such bottleneck, instead they can look at a potentially astronomical number of possibilities, all at one time.
To illustrate just how much the speed of complex calculations may change with the arrival of mature quantum computers, consider that a couple years ago, Google’s early-generation quantum computer, Sycamore, performed a calculation in 200 seconds that many experts believe would have taken the world’s then most powerful classic supercomputer, IBM Summit, over 10,000 years to complete. That’s 200 seconds for an early version of a quantum computer versus 100 centuries for the world’s most powerful supercomputer.
Even those experts who dispute the accuracy of the aforementioned estimate of the time that it would have taken the supercomputer to complete the calculation, still accept that it would have taken Summit days — not minutes or hours – to do what Sycamore did in just over 3 minutes. And, since the Sycamore performance, IBM has itself released a quantum computer that is believed to be exponentially more powerful than Sycamore.
From a security perspective, quantum’s capabilities mean that computers will eventually be able to rapidly (if not instantly) crack the standard asymmetric and symmetric encryption used today to protect nearly all databases and web traffic.
Personally, I believe that the leap to quantum is so significant that I do not even like the name “quantum computers” – a name that implies that quantum computers are somehow regular computers that are quantum enabled. In fact, quantum computers are entirely different than today’s computers – relative to today’s computers, quantum computers are improved computers in the same vein that cars are improved horses, light bulbs are improved candles, and modern medicine is improved witchcraft.
While quantum computers already exist, no devices are believed to yet exist that are anywhere near powerful enough to crack modern encryption in short order. That said, there is little doubt that the day will arrive when such devices are available. And, that day may not be as far away as some folks might think or want to believe; we do not know what advanced technologies governments and militaries around the world already have within their possession, and, even when it comes to civilian systems, there are experts predicting that by 2025 we may see some of today’s encryption at risk for compromise by parties with the cutting-edge quantum computers available at the time.
Either way, however, we have a problem NOW for multiple reasons:
1. Unlike systems that can be replaced when they become obsolete, data often lives on in its original form for many years, if not for decades. As such, one cannot simply address encryption algorithm obsolescence on a forward-thinking basis – all of today’s sensitive encrypted data must be decrypted and re-encrypted with quantum-safe encryption, and original data stores properly destroyed.
2. Performing a transition to new, quantum-safe encryption is complex, timely, and expensive. We are already so late in addressing the quantum risk that it may now take longer for the world to replace its existing encryption than it will take for quantum computers capable of cracking that encryption to arrive on the scene.
3. Failure to act now can result in serious problems – besides the potential compromise of sensitive data even before the world is aware that such a compromise is achievable, legal problems could emerge. Organizations that have utilized encryption to protect healthcare information within their possession, for example, could become flagrant violators of HIPAA standards if they simply allow their existing backups to remain in storage facilities.
4. The fact is that a tremendous amount of sensitive information that is relayed and stored today will remain sensitive for years to come – including after quantum computers have rendered today’s encryption obsolete and impotent. In 2021, for example, we may rely on TLS to secure sensitive information and transactions as they are transmitted across the web, but if someone is recording today’s encrypted sessions as they pass over the Internet, that party may be able to decrypt such sessions a few years down the line, exposing all of the contents. With storage so inexpensive, huge amounts of data can be stored for long periods of time. As such, if data is going to remain sensitive for years to come, we really need to already be using quantum safe encryption to protect it.
5. While it is difficult and expensive to build quantum computers, it is also true that while adding additional transistors to today’s classic CPUs can grow their power only linearly, the power of quantum computers expands exponentially with physical system growth. As such, as governments and various large technology companies continue improving their quantum devices, the power of such devices could grow far faster than did any computing systems have in the past. Many people will likely be shocked at how much quantum computers will advance in relatively little time.
6. Today’s encryption will be obsolete before quantum computers that can undermine it actually arrive – at some point in the near future experts will consider it gross negligence to encrypt data with algorithms known to be vulnerable to quantum compromise. As such, organizations will need to properly address quantum risks well before quantum computers capable of undermining standard encryption actually arrive on scene; can you imagine otherwise? What would be the reaction if IBM announced that it would deliver an encryption-breaking quantum computer in 3 months and cyber security professionals working at a bank announced that they would wait until after the device arrived on the scene to upgrade their encryption mechanisms?
Ironically, perhaps, we already know of several methods of encrypting that we believe will remain safe from quantum cryptanalysis for the foreseeable future – yet such technologies are barely leveraged anywhere in the commercial sector. Rather than trying to scramble once we have an unsolvable problem, let’s start augmenting our encryption today.
This post is sponsored by IronCAP. Please click the link to learn more about IronCAP’s patent protected methods of keeping data safe against not only against today’s cyberattacks, but also against future attacks from quantum computers.