Chang Wei Goh
What does the rise of quantum computers mean for encryption technology?
Updated: Sep 26, 2022
Is blockchain technology threatened?
Goh Chang Wei and Risa Kazui delve into the risks quantum computing brings for encryption and security risks.
IBM Research 2022
The hype over quantum computing is reminiscent of the first days of innovations in the 1950s that solidified the emerging computing industry propelled by Universal Turing Machines. The idea that one day life of any average human being would be so entwined with computers was unimaginable to normal civilians. Regardless, this meant that some preceding computing technology was innovated and improved upon, and eventually succumbed to obsoletion. Rarely does one today whip out an abacus to solve a complex math problem in favour of the convenient disposal of smartphones and calculators. Humans innovate to improve. So, with the emergence of the quantum computers, which are mainly hyped for their capability to calculate multi-exponentially faster than regular computers, the demand for some other technology falls. At the same time, many pressing concerns are raised. Could quantum computers’ decryption capabilities put confidential information at risk? Will the rise of quantum computing pose a threat to present-day encryption technology? This article aims to analyse the consequences of quantum computers’ emergence.
What is quantum computing?
Quantum computing refers to the type of computing founded on the principles of quantum theory. Currently, computers work in ‘bits’, where information is stored in binary values of 0 or 1. But quantum computers use quantum bits, or ‘qubits’, which can be 0, 1, or either at the same time. This is called superposition.‘Superposition’ is what emancipates computers from the binary limitations and allows a wider and faster ability to compute. This comparably higher computing power quantum computers have compared to traditional computers is what some suspect might cause cracking of existing cryptography methods.
(Check this video out where a physicist explains quantum computing in different levels of difficulty to understand the concept better.)
The tale behind its hype
The field of quantum computing emerged in the 1980s. Quantum computing is expected to play a major role in finance, biomedical engineering, machine learning, artificial intelligence, and much more. This has led to most, if not all, technology companies such as IBM, Microsoft, Google, Alibaba, and NEC to invest significantly in quantum computing. More notably, financial big players such JPMorgan Chase and Visa have been experimenting with this technology, seeking to benefit from the quantum advantage. In their case, the quantum computer is attractive because it can do more in less time, meaning that finding solutions, such as the future asset value, can be reached faster than a traditional computer.
How will its rise affect current encryption technology?
Existing encryption and public key cryptography are based on mathematical algorithm-generated keys, which are used to authenticate transactions. They are impenetrable to brute force attack, this means that even great computing power cannot ‘break’ the key as it would take over centuries to do so. However, quantum computers can be programmed with specific algorithms that can lessen the time used to decrypt. Some symmetric algorithms are presumed to be safe given the key lengths, however, asymmetric algorithms such as RSA and ECDSA would be vulnerable to quantum computers, as calculations that would take trillions of years could be reduced to eight hours. In sum, the brute-force-immune qualities that encryption had for so long is at risk, as quantum computers can do the calculations in a fraction of the time. And encryption is everywhere in modern day life, from e-commerce, to online payments, to passwords, everything will be vulnerable!
How to mitigate the security risks
Nevertheless, there are measures firms can take to mitigate the security risks that quantum computers pose. Although the potential disruption quantum computers pose cannot be emphasised enough, one should note that there are already existing encryption methods that are somewhat resistant to (potential) brute-force attacks by quantum computers. Moreover, new, more secure encryption algorithms may be introduced before quantum computers become commercially viable. In other words, beyond merely accounting for the potential security risk, firms also have two options to mitigate the security risks associated with quantum computers.
First, they can increase key lengths of existing methods to make them more secure. Second, firms can migrate to improved encryption algorithms that are more resistant to brute-force attacks in the future. For instance, existing symmetric algorithms like AES, with sufficient key length, should still be resilient to a brute-force attack, even by a quantum computer. This is because quantum computers use Grover’s algorithm which can only reduce the time taken to crack a symmetrically encrypted password by its square root. For example, a conventional computer would need a maximum of 2^256 tries to ‘crack’ a 256-bit key, which is currently industry standard, while a quantum computer would only need 2^128 tries. In short, ceteris paribus, increasing key length (for e.g. mandating longer passwords) would be an easy, albeit temporary, solution to making current encryption methods more resistant to brute-force attacks. Another point to note is that while the relative decrease in time is still large (square root amount of time), in absolute terms, the time taken still is probably too long to ‘brute-force’, even with a quantum computer.
Additionally, quantum computing is a tool - as much as it can be used to circumvent current encryption methods, it can also be used to create new encryption methods as well. With the potential rise of quantum cryptology - where the increased power of quantum computers are used to execute even more elaborate and secure algorithms might render our existing encryption methods obsolete, thus solving the very problem they once posed. Examples include, quantum key distribution and quantum encryption. The minutiae are still very much in flux (as is quantum computing in general), but it is definitely a potential high growth industry, estimated to be worth US$291.9 million by 2026, as noted by StrategyR. The upshot is that there is a possibility that quantum computing supersedes both conventional encryption and decryption methods. Thus, although existing encryption methods might no longer be secure, newer, better methods might come around to replace them.
Overall, quantum computers represent a potential paradigm shift in technology in general - and encryption is just one particular example. Nevertheless, much thought and research is going into how we can exploit the potential, and mitigate the pitfalls, of quantum computing. Additionally, deep down, nobody is sure if and when quantum computers will ever fully overcome the challenges they currently face. At present, beyond being much less powerful than conventional computers, they also need to be cooled to extremely low temperatures to operate efficiently. These operational hurdles need to be jumped across before their impacts on markets and society can be realised.