Quantum Computers Are a Threat to Current Cryptography. It’s Time to Get Ready For What Happens Next.

Quantum computers can solve certain problems much faster than classical computers, for certain special types of calculations. 

We’re talking billions of times faster—which means we go from unsolvable to solvable. 

Within a few seconds, they can calculate problems it would take a classical computer 10,000 years to solve.

The upsides of this massive spike in speed are immense. Much of the talk around quantum computing centers on the mind-blowing opportunities it presents in computational chemistry, physics simulations, and drug design.

But there’s justified concern about the capability of such a powerful computer to crack the encryption methods we use to secure our data. If that happens, your bank balance could be zeroed out, government secrets could be exposed, and your proprietary business strategies could be laid bare for competitors to exploit. A hacker with a quantum computer could speed through even military-grade encryption, to get right at your sensitive data.

That may sound like a far-fetched future threat. But experts predict that building the first quantum computer powerful enough to break RSA and ECC public key cryptography could happen anywhere between ‘within a decade’ and ‘never’. They’re two of the most widely used encryption systems, so the ramifications would be massive. 

Vague timeline aside, the quantum threat is real and present enough that companies should already be working on mitigating the risks. To understand what makes quantum computers such a formidable challenge to data security, let’s first take a step back and look at how encryption works.

How public key cryptography works

Right now, untold volumes of sensitive information are zipping along networks and stored in the cloud. The security of that information relies on encryption—the mathematical padlocks put in place to protect communications, financial transactions, government records, digital signatures, and virtually everything else we do online.

Traditional encryption relies on public key cryptography, a method that uses pairs of keys—a public key and a private key—to encrypt and decrypt data. The public key is used to scramble the data, while the private key is used to unscramble it back into readable text. Only the person with the private key can decode the message. To any bad actor who intercepts it, the message is meaningless.

For public key cryptography to work, you need a set of ‘trapdoor functions’—calculations that are easy to perform in one direction, but hard to do in reverse. In the case of RSA, the easy calculation multiplies two prime numbers. The tricky bit is factoring that large, random-looking composite number back to its component primes.

Phil Zimmermann, applied cryptographer and creator of Pretty Good Privacy (PGP), the most-used email encryption software, says that, of all the cybersecurity measures we possess, “encryption is the one area where we’re ahead of the attackers.”

“We haven’t done that well in protecting our software from buffer overflow attacks, privilege escalation, or somebody breaking into our data networks. But one area that we’ve done well in is cryptography. As long as it remains difficult to factor large integers, then modern cryptography is comfortable. But if it became easy, then most of our currently deployed cryptography would be breakable.” 

This is the very threat that quantum computers pose.

The quantum threat to encryption

Quantum computers have an unfair advantage in solving some specific difficult math problems. ”They can factor large integers at crazy speeds. So what might have taken millions of years on a supercomputer cluster might take less than a minute on a quantum computer,” Zimmermann explains.

That’s down to some subatomic spookery enabling quantum computers to work with a near-infinite volume of numbers at once. They’re not limited by binary 1s and 0s, like classical computers. Rather, quantum bits, or qubits, can exist in multiple states simultaneously. Like a light switch that can be on, off, and both at the same time.

The ‘how’ is complex but the result is simple: When quantum computers get powerful enough, they could blow current algorithmic trapdoors wide open. They can rattle off something called Shor’s algorithm to easily factorize—find the prime numbers that make up—public keys.

When will this happen? Experts are divided. Despite the leaps in quantum computing’s ability to solve other types of problems, Zimmermann says “there has been a conspicuous lack of progress in building quantum computers that are cryptographically relevant.” The consensus is that we’re anywhere from a few years to several decades away from developing one that can run Shor’s algorithm against the algorithms and keys we commonly use today.

“Actually, we don’t even know if it’s going to happen,” adds Jan Rochat, applied cryptographer and co-founder of AET Europe. “Maybe there will never be a quantum computer large enough. Nevertheless, we should be prepared. Because if it happens, then the problems are so huge that we will completely destroy how our society works today. We rely on digital assets being safe and trust that we can communicate securely. This would send us back to the ’60s.”

Post-quantum algorithms to the rescue

Against that backdrop, we hope you can see how important it is to work with an experienced digital trust partner, Fortunately, mathematicians and cryptographers are urgently working on new algorithms to resist quantum computing attacks.

NIST, the U.S. National Institute of Standards and Technology, has been leading the hunt for post-quantum algorithms. These have nothing to do with integer factorization, so are immune to Shor’s algorithm. The institute put out a call for approaches to the problem in 2016 and received dozens of submissions; some for general encryption, others for digital signatures.

NIST is now evaluating these algorithms, aiming to release draft standards by the end of this year.

So far, the process hasn’t been smooth. “It’s hard because the math is much more complex. One of the algorithms that made it through the full selection process was then disastrously broken, with just a laptop computer,” Zimmermann says. “Plus, the population of cryptographers with the necessary math skills to develop and peer-review the post-quantum candidates is very small.”

Whatever new standards are finally approved, it will take years to roll them out into all the security protocols we use today. “It’s like if you’re trying to drive a supertanker and you want to make a sharp left turn. You have to anticipate when you have to turn quite early. Because of the high inertia of the systems we use today, it will take years to steer them in another direction,” he explains.

The race against time

That’s one reason why we have to hurry. Compounding the urgency is what researchers call the ‘archive now, decrypt later’ threat. This is where entities—with mixed intentions—capture the secure messages you’re sending today. Then they’ll hold onto them until whenever quantum computers are advanced enough to decrypt them.

“You can encrypt your data today and feel good that no one is decrypting it right now,” Rochat says. “But what about 10 years from now? What about 15, 20 years from now? If you have data that you don’t want people to decrypt, even many years in the future, then it would be better if you protected that data with new encryption algorithms that don’t depend on the difficulty of integer factorization.”

In other words, the data you generate today can provide hackers with tremendous value in the future—once they can access it. The longer you delay switching to new encryption techniques, the more of today’s information you’ll put at risk of being exposed tomorrow.

Frankly, we can’t afford to wait. As soon as post-quantum cryptography is ready, vendors will start incorporating the new algorithms into security products. You must be prepared to migrate immediately, so preparing for the transition is key.

How to stay ahead of the quantum curve

For companies, it’s important to remember that much of the development work will be done by large technology providers. Your task is to calmly position your business to start switching solutions as soon as the new algorithms are available. 

“I don’t think we need to go into a panic stampede on this,” Zimmermann says. “We can do an orderly transition to post-quantum algorithms. Yes, it takes a lot of work. But we can do it step by step.”

A little crypto-governance is a good place to start.

“A large company has many components using the old encryption, and they’re also interacting with vendors. Sometimes, they’re purchasing software libraries from vendors that use old public key algorithms. Maybe they’re buying smart cards for banking, or other applications containing firmware using old algorithms,” Zimmermann explains. Auditing where you use cryptography in your systems is a good first step: Where your critical data resides, how it’s encrypted, how it’s transmitted, where the keys are stored, and how the keys are exchanged.

Next, it’s important to pinpoint which data is most sensitive and how long it needs protection. Once you have this understanding, you can work with security teams and advisers to develop a plan to prioritize data migration to quantum-resilient encryption.

Bear in mind that, while post-quantum algorithms can be mathematically proven, they cannot be battle-tested. As time passes, we will gradually accumulate confidence in them as cryptographers unsuccessfully attempt to break them, either with classical computers or quantum computers.  

“A good solution to that is algorithmic agility: The ability to switch to new algorithms to replace the broken ones,” Zimmermann says. “In our migration to post-quantum algorithms, we’re blending the old ones and the new ones. So if a new algorithm, for some reason, has a weakness we haven’t anticipated, we can limit the harm.”

Rochat echoes this advice, recommending that “you select technology that can cope with the fact that there may be problems in the new algorithms, and switch to an alternative.”

If there’s one message to take away it’s this: Future-proofing your data security has only one direction of travel. It’s phasing out RSA, whether quantum happens or not.

“In the past, we’ve totally relied on this one mathematical problem being safe. But a professor somewhere might wake up tomorrow, having had a brilliant idea overnight, and suddenly be capable of compromising our security,” Rochat warns. “So even if a quantum computer is never going to exist, we need to think about having an alternative.” 

In this era of rapid technological advancement, hackers, and cybercrime, your best defenses are flexibility and readiness to adapt.

Want to improve the digital trust within your business? There is no better time than now.
Reach out to our experts for tailored guidance and support.