Quantum computers that can do things that classical computers can’t are still a few years away. But experts are warning that if encryption technology doesn’t adapt now to the quantum future, there could be serious security concerns for governments, businesses and ordinary people.
Quantum concerns
The words “quantum” and “encryption” normally appear in the same sentence when people talk about the far-off idea that quantum-based technologies could be used to create uncrackable encryption through the quantum effect of entanglement.
This is called quantum cryptography.
But there’s another area of research called post-quantum cryptography. This deals with how current digital encryption technologies can be developed that won’t be decryptable by quantum devices.
“They are 2 very disjointed fields,” says cryptographer Craig Costello in an interview with Cosmos. Costello is a professor at Australia’s Queensland University of Technology.
“One distinction that you could draw between the 2 is that post-quantum cryptography is for the now, whereas quantum cryptography is kind of a lot more futuristic when quantum computers are ubiquitous – everyone can get their hands on one,” he explains.
“There’s a big difference there. And the techniques are wildly different.”
Costello notes that quantum computers are being built for a range of constructive purposes like simulating chemical processes that even the most advanced classical supercomputers cannot.
He says that, at the same time, quantum computers have the potential to break current encryption used for various online applications like internet banking, secure messaging and securing web browsing.
“The assumption is that no one’s built a large enough quantum computer yet to break the encryption, then we might be okay,” Costello says. “But the problem – the reason we’re trying to encourage industry and governments to implement post-quantum cryptography now – is because adversaries or ‘bad actors’ could be storing encrypted traffic and waiting to retroactively break it once they do have a large-scale quantum computer.
“Nobody knows when a quantum computer is going to come or if one already exists at scale. It could be 5 years, it could be 50 years. Even if everyone decides today we’re all going to roll out post-quantum cryptography, it takes years and decades to actually do it properly.”
“In some instances, like in government, you need encryption that’s going to be safe 25 years in the future.”
Encryption is just maths
Current encryption techniques were developed in the 1970s, ‘80s and ‘90s, Costello says.
“The current standard for public key cryptography is measured in the number of classical computing operations that we require as a bare minimum,” Costello says.
“The gold standard at the moment of cryptography is the 128-bit security level. What that means is that an attacker should have to perform at least 2128 steps to break the encryption. That’s about 1040 so, a 1 with 40 zeros after it – that many operations.”
It’s likely such a quantum device would have to have thousands of qubits – something which is probably many years away. But Costello highlights the urgency of post-quantum encryption being developed now.
One of the most common encryption methods is the RSA algorithm which uses extremely large prime numbers which are multiplied together to create an even bigger number.
“We’re talking numbers that are at the moment about 2,000 bits long – so around 10600 or 10700,” Costello explains. “The person holding those 2 prime numbers has the ‘secret’ key.
“Their product – the composite number – that’s the public key. So, everybody on the planet can have a look at that product of the 2 primes and use that to encrypt messages to someone or to or to verify signatures.
“If you can efficiently factor that into its 2 prime factors, then you can break the current encryption that we use.”
“We often say things like: it would take all of the supercomputers on the planet longer than the life age of the universe to break such an encryption,” he laughs. “But on a large-scale quantum computer with enough fault tolerance, stable qubits, you could do these things in a matter of seconds or minutes.”
Even more complicated maths
How do you make it harder to solve the mathematical problems underpinning encryption?
“That’s been my area of interest for the last over a decade now,” Costello says. “We’re looking at different mathematical problems.”
He says one example is analogous to the prime number RSA method. But instead of prime numbers, it uses the linear algebra language of matrices and vectors – this method is called “lattice-based cryptography”.
Costello says this first-generation of post-quantum cryptography has already been standardised by the US government and will be used in Australia too.
Instead of multiplying prime numbers, lattice-based cryptography involves the product of a massive matrix with a vector to produce another vector. This would be easy for a quantum computer to solve in itself, so the idea is to introduce “error” to the product vector.
“What we’re hoping is secure on a quantum computer is essentially linear algebra with noise,” Costello summarises. “Standard linear algebra isn’t secure to do anything, but if you add a little bit of noise to your results, then we believe that inverting the problem is hard on a quantum computer. Right now, that’s the gold standard in post-quantum cryptography: the ‘learning with errors problem’.”
Learning from mistakes
Costello says that there is nothing more important to progress post-quantum encryption than to find out that an algorithm is insecure.
He refers to Kerckhoff’s principle, named after the 19th century Dutch cryptographer Auguste Kerckhoff, that a system should be secure even if everything about the system is publicly known (except the secret key, of course).
“The hardness of the encryption has to be in the hardness of the underlying problem, not in no one knowing what the encryption algorithm is,” Costello explains. “Because, in practice, the whole world needs to use the same encryption algorithm. If you and I are going to text each other on WhatsApp, or you’re going to connect to some server in Europe – everyone needs to be using the same encryption algorithm so that we can interoperate.”
Costello has experience with the importance of a failed encryption algorithm.
“I worked on something from 2014 until 2022,” he recalls. “I basically worked full time on one algorithm that was a post-quantum candidate. And I got an email one day from 2 Belgian mathematicians that broke it on a classical computer in 10 minutes.”
“It was a big failure on our behalf,” Costello says. “We were really excited. The US government, we were thinking, was about to standardise it as well. It turned out not to be secure at all. But of course, finding out these attacks is progress because we need to know which things fall and which things won’t.”
Costello notes that the Australian government announced that it will disallow the use of encryption that does not have quantum security by 2030.
“That’s quite soon compared to the rest of the world,” he says. “I’m glad that Australia’s made that announcement. Whether or not industry will have these things in place in time is a whole other story.”
“It would be weird if they were investing billions of dollars, which they are, into quantum technology, and not taking the threat seriously,” Costello adds. “Because if the money that they’re investing into these quantum computers is well spent, then one will exist soon, and then we’d all be screwed if post-quantum cryptography isn’t in place.”
Leave a Comment