Search on the phrase "quantum computing," and you'll find a furious debate. On the one hand, you'll read breathless articles predicting groundbreaking advances in artificial intelligence, genomics, economics, and pretty much every field under the sun. On the other, you'll find the naysayers: It's all hype. Large-scale quantum computers are still decades away — if they're possible at all. Even if they arrive, they won't be much faster than standard computers except for a tiny subset of problems.
There's one area, however, where you'll find all sides agree: Quantum computing will break most of the encryption schemes on which we rely today. If you're responsible for your organization's IT or security systems, and that sentence made the hair on the back of your neck stand up, good. To get ready for a post-quantum world, you should be thinking about the problem now.
So Long, Encryption
Much of the debate around what quantum computers can do remains speculative, but there are a few areas where we know they'll excel. Back in 1994, mathematician Peter Shor developed a quantum algorithm that can perform certain types of calculations, such as finding the prime factors of huge numbers, far more quickly than classical computers. Well, today's most widely used encryption systems rely on those types of calculations.
According to the Cloud Security Alliance's Quantum Safe Security Working Group (emphasis added):
Large-scale quantum computers will be able to use Shor's algorithm to break all public key systems that employ RSA (integer factorization-based), Diffie—Hellman (finite field discrete log-based), and Elliptic Curve (elliptic curve discrete log-based) Cryptography. These algorithms underpin essentially all of the key exchange and digital signature systems in use today. Once reasonably sized quantum computers capable of operating on tens of thousands of logic quantum bits (qubits) exist, these public key algorithms will become useless.
For the moment, quantum computing at those scales is still hypothetical. Current quantum computers, like those being developed by IBM and Google, can process a limited number of qubits. But researchers are pushing those limits every day.
"It might still cost an enormous amount of money to build," says one of those researchers, MIT's Isaac Chuang. "But now it's much more an engineering effort, and not a basic physics question."
Time Is Not on Your Side
So, breaking RSA and other common encryption schemes sounds pretty bad. But if large-scale quantum computers are still 10 to 15 years away, as even optimistic researchers believe, we have plenty of time to develop post-quantum cryptography solutions, right? Not really. There are two issues.
First, if you accept that 10- to 15-year window, products shipping right now will still be in the field when the first large-scale quantum computers come online. Consider Internet of Things (IoT) devices like connected cars, smart power and water meters, control systems for major power, and transportation infrastructure. Many of those devices are designed to operate for a decade or longer. Almost all of them use RSA.
Second, while some of the world's brightest minds are working on "quantum-safe" encryption mechanisms, the process will take time. Implementing the new standards they ultimately recommend will take even longer.
Think about every process and device in your organization that relies on public key systems: Email. Authentication. Every online financial transaction. How long will it take to change and update those systems? Years, most likely. If you're in a heavily regulated industry like financial services, with complex and specific compliance requirements, expect the process to take even longer.
"It has taken almost 20 years to deploy our modern public key cryptography infrastructure," notes the National Institute of Standards and Technology (NIST) in its "Report on Post-Quantum Cryptography." "It will take significant effort to ensure a smooth and secure migration from the current widely used cryptosystems to their quantum computing resistant counterparts. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing."
It may take a while for industry groups to settle on the best approaches to post-quantum encryption and authentication, but you don't have to wait. There are steps you can take now to prepare:
- Keep an eye out: Monitor the development of both quantum computers and post-quantum standards and protocols, especially when designing IoT devices with a 10-year-plus lifespan.
- Double key sizes: If you think your current systems will still be around when quantum computing debuts, double your key sizes for symmetric algorithms. A good place to start is AES-256, which is not much less efficient than the shorter key versions. For collision-resistant hash functions, use SHA-512.
- Embrace the hash: Hash-based signatures are a viable quantum-safe trust mechanism you can use in the near future, with NIST expected to standardize them in 2019. These signatures can also be used to securely deploy more advanced quantum-safe technologies in the future.
- Mix and match crypto: Some in the financial industry are exploring hybrid cryptography, which combines conventional RSA or elliptic-curve cryptography with one or more of the new "quantum-resistant" algorithms. In this model, cracking a key exchange would require an attacker to break multiple encryption schemes at once.
- Talk to your provider: Make sure you're talking to your cryptography provider about their plans for quantum-resistant computing, particularly if you're producing IoT-enabled products with long operating lives. An experienced provider should be able to help you build quantum-resistant crypto into your deployments, such as certificate-based authentication using public key infrastructure.
The debate around quantum computing will likely rage on, and we may not have clear answers to the biggest questions for several years. But smart IT and cybersecurity professionals are taking a proactive approach. By starting to prepare now for a post-quantum world, you can make sure that when the wave comes, you're able to ride it — instead of getting crushed.