How Encryption Will Survive the Crypto-Apocalypse
Quantum computing poses a mortal threat to computer security as we know it.
Most people don't realize it, but the world runs on cryptography. The art and science of secure communication is integral to everything from instant messaging apps to online banking and modern warfare. Today, cryptography relies on a handful of algorithms so secure that the heat death of the universe would occur before anyone would be able to break them, even if they had access to all the computing power on Earth.
The problem is that the nature of computing is rapidly changing. The digital computers of today will eventually give way to new, more advanced computers of tomorrow. So-called quantum computers will be far more powerful than the fastest supercomputers in existence today. While they hold the potential to facilitate unprecedented scientific advances, they also threaten to render today's strongest encryption standards obsolete.
The threat of a crypto-apocalypse, where everyone's private information becomes insecure due to the arrival of large-scale quantum computers, is no longer a question of 'if,' but a question of 'when.' The perceived inevitability has security researchers locked in a high-stakes race to develop quantum-resistant cryptography before the dawn of the first large-scale quantum computer arrives on the scene.
"Quantum computers decimate (versus just weaken) currently deployed public-key cryptography," Michele Mosca, a co-founder of the University of Waterloo's Institute for Quantum Computing, told me via email. "Just increasing key sizes with our current systems isn't a solution. We need fundamentally new public key systems, and this can take well over a decade to do properly."
Unlike normal computers, which process information using binary bits (that is, either a 1 or a 0), quantum computers traffic in qubits, which allows them to code information as either a 1, 0 or both at the same time. This gives them a massive leg up when it comes to solving the complex math problems (usually factoring primes for astronomically large numbers) that are the reason RSA, or public-key cryptography, is so secure. This type of crypto allows people to post a public key to encrypt a message sent to them, which they can then decrypt using a privately held key that is paired with that public key.
To address this looming security issue, quantum information researchers like MIT's Seth Loyd are exploring alternative methods of encryption that will be resilient to the brute force attacks capable by quantum computers. Last year, Loyd and his colleagues created the first prototype of a "quantum enigma machine," a previously hypothetical device capable of encrypting information in a way protected from quantum attacks. This device encodes messages by altering the properties of a photon wave, such as its amplitude or wavelength.
By encoding information in a quantum channel itself, Loyd and his colleagues are virtually guaranteeing it will be impossible to crack. Any interference in the channel that is conveying the information–such as an optical fiber—will cause the photon wave to degrade and the message to be destroyed. In other words, encoding information in a photon wave makes it impossible to eavesdrop on a conversation. A ne'er-do-well with a quantum computer only has one shot at decoding the message successfully before it degrades beyond recovery. This is different from traditional encryption, where an attacker could intercept an encrypted message, store it, and use a quantum computer to decipher the code.
For now, the device developed by Loyd and his colleagues remains highly experimental, but it's also the best bet we have to defend information from quantum attacks in the future. Other methods, such as quantum key distribution, are also promising, but still less secure than the enigma machine. Quantum key distribution essentially scrambles a message using the quantum properties of a photon (such as its spin state) as a key, and the message is then sent over a traditional, non-quantum channel.
It's uncertain when we can expect to see a functional, large-scale quantum computer. When I spoke to Mosca in 2015, he estimated that there was a 1 in 7 chance that we'll see a large-scale quantum computer by 2024. But when I spoke to him in September of this year, he said it's become even more likely.
"There has been much positive progress both in reducing the physical resources needed to break [encryption standard] RSA2048, and in developing physical systems designed to be fault-tolerant and scalable," Mosca told me. "So my 10-year estimate has nudged up to 1 in 6."
Considering that the blueprints for a large-scale quantum computer were only rigorously outlined last year, Mosca's prediction seems pretty optimistic, but he says it's based on tracking the development of quantum computers over two decades. In any case, the only way to make sure we don't get pwned by the future crypto-apocalypse is to address the problem now before it's too late.
Correction: A previous version of this article listed Michele Mosca as the founder of the Waterloo Institute of Quantum Computing. He is one of the co-founders. Motherboard regrets the error.
Dear Future is a partnership with CNET that will explore the people, companies, and communities that are ushering in the future we were all promised. Follow along here.