Intelligence services may intercept encrypted messages and store them in the hope that they can eventually develop a practical quantum computer to crack them, a security researcher working with the UK government warned. Quantum computers cannot crack encrypted networks – yet, but such a possibility exists in the not too distant future.
Although dozens of research groups are currently trying to create a practical quantum computer, none of them has yet achieved public success. Such a machine could quickly find prime factors that serve as the multiplicative building blocks of a number – for example, 3 and 7 are prime factors of 21.
Cybersecurity researchers and analysts are rightly concerned that a new type of computer based on quantum physics rather than more standard electronics could crack most modern cryptographic systems. As a result, the communication becomes as insecure as if it were not encrypted at all.
The threat is still hypothetical. Quantum computers existing today are not capable of breaking any widely used encryption methods. According to a 2018 report from the National Academies of Science, Engineering, and Medicine, significant technological advances are required before they can crack the trusted codes widely used on the Internet.
However, there is cause for concern. Cryptography, which is at the heart of modern Internet communications and e-commerce, may someday succumb to a quantum attack.
Future quantum computers will need 100,000 times more processing power to crack code and have an error rate 100 times higher than today’s best quantum computers.
Until now, public key encryption has resisted cracking with very long key pairs: for example, 2,048 bits, which equates to a number of 617 decimal places long. But fairly advanced quantum computers could crack even 4,096-bit key pairs in just a few hours, using a technique called Shor’s algorithm.
However, this is for the ideal quantum computers of the future. The largest number recorded so far on a quantum computer is 15 – only 4 bits in length.
However, the potential for harm is enormous. If these encryption methods are broken, people will not be able to trust the data they send or receive over the internet, even if it is encrypted. Attackers will be able to create fake certificates, questioning the validity of any digital identity online.
Researchers are working to develop public-key algorithms that could resist attempts to break code by quantum computers, while maintaining and restoring trust in CAs, digital signatures, and encrypted messages.
Notably, the US National Institute of Standards and Technology is already evaluating 69 potential new methods for what it calls “post-quantum cryptography.” The organization expects that by 2024, if not sooner, there will be a draft standard that will then be added to web browsers and other Internet applications and systems.
In principle, symmetric cryptography can be used for key exchange. But this approach relies on the security of trusted third parties to protect private keys, and it cannot implement digital signatures, so it would be difficult to apply over the internet. However, it is used throughout the Global System for Mobile Communications (GSM) cellular standard for encryption and authentication.
For example, Microsoft recently identified two applications that inadvertently exposed their private encryption keys to the public, making their communication insecure.
If or when powerful quantum computing comes along, it poses a greater security threat. Since the process of adopting new standards can take years, it makes sense to start planning for quantum-resistant cryptography now.