Imagine you are in 1980, where the personal computers are only for the academicians and researchers and the only network was ARPA to share the research papers. In those days, it might have been sounded like a scene in Si-Fi movie if somebody says the computer with the huge amount of processing power, memory and storage space can be carried in a pocket and without any physical connectivity and you can use it for broadcasting or view a high-quality video in near real-time. The smartphones of today are much more powerful than the imagination of computing power in those days.
Today somebody tells you, around 2030 the quantum computing will be in the main line of business and you can break AES 256 (currently quantum unbreakable) encryption algorithm within hours it may not exactly sound like Si-Fi movie, but it will still raise eyebrows and need to stretch our imagination to believe it. Let us see what Quantum computing is.
What is Quantum Computing?
The easiest way to explain computing is first talking about digital computing. Digital computing is mathematical based and used 0 and 1 or ON and OFF states in the format of bits to perform computing. Quantum computing uses qubits or Quantum bits and computing is based on the physics rule than the mathematical rules. Qubits are made up of controlled particles and the means of control. Quantum physics states that qubits can be in several states simultaneously, these states are called as superposition. Qubits cannot maintain the state for a long time and hence they need entanglement to maintain the state.
These Qubits along with entanglement dramatically increase the power and options of numbers you are crunching.
To sum it up, Prime Minister of Canada famously put it:
“Normal computers work, either there’s power going through a wire or not. It’s 1 or a 0. They’re binary systems. What quantum states allow for is much more complex information to be encoded into a single bit. A regular computer bit is either a 1 or 0—on or off. A quantum state can be much more complex than that because as we know, things can be both particle and wave at the same time and the uncertainty around quantum states allows us to encode more information into a much smaller computer. That’s what exciting about quantum computing.”
Google showed a D-Wave quantum annealing computer could be 100 million times faster than classical computers at certain specialized tasks. And Google and IBM are working on their own quantum computers.
In this article, we will see how the quantum computing will affect encryption used in cybersecurity.
Current State of Encryption Technology
We use the encryption channels in the form of SSL, HTTPS, VPN, etc., to encrypted data everytime you use the credit card or share sensitive information. Encryption is an excellent way of protecting sensitive data from compromise. It is widely accepted by technology people as well as the regulatory compliance requirements that once information is securely encrypted, it is safe from prying eyes and sabotage both now and in the foreseeable future. The Integrity and confidentiality of the information is protected.
The best public key cryptography systems link public and private keys (Asymmetric Encryption) using the factors of a number that is the product of two incredibly large prime numbers. To determine the private key from the public key alone, one would have to figure out the factors of this product of primes. Because asymmetric encryption needs powerful computers to calculate the keys, it is rarely used.
It is assumed that breaking encryption is extremely challenging even after using the tremendous amount of computing power. It appears that future of encryption won’t be same as the quantum computing brings power and speed to crunch large prime numbers within short period.
Impact of Quantum Computing on Encryption Technology
With immense computing power driven by quantum mechanics, it offers the potential for breaking the public key encryption standards that protect all of the data, software updates, and technology we now safely store, share and use.
Improved approaches to factoring large numbers, such as Shor’s Algorithm running on a sufficiently large quantum computer, will improve the likelihood of breaking public-key cryptography. These algorithms are therefore deemed quantum-breakable because their protection decreases as quantum computers become more powerful
The following table provides which of these encryption algorithms are breakable using current quantum computing
|Encryption Algorithm||Security against Quantum Computing|
|Asymmetric or Public and Private Key Encryption|
|Symmetric Key Encryption|
|RSA 1024, RSA 2048, RSA 4096||Insecure|
|ECC -256 , ECC 512||Insecure|
|Elliptical curve Diffie Hellman||Insecure|
Man in the middle kind of attacks, specifically while exchanging the encryption key can be ruled out by use of quantum computing. Theoretically speaking, it’s impossible to eavesdrop on a connection if it’s based on a single micro-particles transmission – quantum physics laws say that to try to measure one parameter of a micro-particle will alter another parameter. Each attempt to spy on a communication will alter the transmitted message. In quantum communications, significant interference means that an unwanted third party monitors the connection.
However, we can observe from the above table, the long-term security offered by many encryption systems (also known as cryptosystems) is under severe threat.
This directly impacts the technology buying decisions of CISOs and CTOs today, because privacy legislation requires information like medical records to be kept confidential even after a person dies. (German law stipulates that medical and legal data remain confidential from third parties even after the death of a patient or client.)This means that a buyer of encryption products faces two choices :
- Purchase a cryptosystem that is secure for long-term but only a minority of systems currently meet this requirement. They can be easily identified by their name, either “quantum resistant” or “post-quantum” cryptography
- Purchase a cryptosystem that is not long-term secure, and accept that encrypted data will only remain confidential until about another decade or so.