The news that IBM
This is important stuff. In the British government’s new technology strategy, quantum computing is one of the “priority” technologies and it is easy to udnerstand why. That point about solving problems beyond the reach of exisiting computers means that there is something of an arms race underway, with “quantum supremacy” as the goal.
It will take a while to get to the aforementioned quantum supremacy, where quantum computers can outgun the classical incumbents. But… the IBM solution is already at 127 qubits (quantum bits). If quantum computers are put up against a classical supercomputers capable of up to a quintillion (10^18) floating-point operations per second, quantum supremacy could be reached with as few as 208 qubits. Quantum supremacy isn’t science fiction.
Now, as is well known, one of the interesting problems that quantum computer can solve is breaking the asymmetric cryptography at the heart of cryptocurrency in order to transfer money out of lost or abandoned wallets. If you look at Bitcoin, for example the accountants Deloitte reckon that about four million Bitcoins will be vulnerable to such an attack. That means are billions of dollars up for grabs in a quantum computing digital dumpster dive.
If we apply quantum computers to the problem of breaking the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so, researchers calculaton it would require 317 × 106 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μs, a reaction time of 10 μs, and a physical gate error of 10−3 10 − 3 . To instead break the encryption within one day, it would require 13 × 106 physical qubits. So never mind quantum supremacy with a few hundred quibits, quantum computers would need millions of physical qubits to be a threat to Bitcoin.
OK, that’s not going to happen tomorrow. Nevertheless, quantum computing will come. So is the sky falling in for the banks and the credit card companies and mobile operators and the military and everyone else who uses public key cryptography then? Well, no. They are not idiots with their heads in the sand and they are already planning to adopt a new generation of Quantum Resistant Cryptographic (QRC) algorithms to defend their data against the inevitable onslaught from quantum computers in unfriendly hands.
They have been looking towards the National Institute of Standards and Technology (NIST), which last year selected a set of algorithms designed to withstand such an onslaught after a six-year effort to devise encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available today. NIST has now released these algorithms as standards ready for use out in the wild.
(If you are interestied in the details, he algorithms are:
CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203;
CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204;
SPHINCS+, also designed for digital signatures, is covered in FIPS 205;
FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.)
These algorithms are important because, as noted, while there are no cryptography-breaking quantum computers around right now, they will come. As the quantum technology advances, there will be an inevitable competition between the quantum computers that can break cryptographic algorithms and the cryptography community’s efforts to develop quantum-resistant algorithms. This means there will be a period where entities (eg, Visa and the DoD, not just Bitcoin) will be transitioning to new cryptographic methods.
That period is now, by the way, which is why the US Cybersecurity and Infrastructure Security Agency (CISA) has just issued a note calling on critical infrastructure and other organizations to begin work now to create road maps for how they’ll migrate to QRC.
(The cryptocurrency world should follow suit so that if and when quantum computers become a threat, then cryptocurrencies can be updated to use QRC. This would be a significant undertaking, but it’s theoretically possible.)
Harvest Now, Decrypt Later
Technology strategists in banks, fintechs and “crypto” know why these standard algorithms are being pushed out now, when any actual quantum computer is still some years away. The fact is that you can be at risk from quantum computers that do not yet exist because of what is know as the “harvest now, decrypt later” attack. It’s the idea that your enemy could copy your data, which is encrypted, and they can hold onto it right now. They can’t read it. But maybe when a quantum computer comes out in 10 years, then they can get access to your data.
If the information you’re protecting is valuable enough, then you’re already in trouble because of that threat and you need to start work on your road map soon.