Thoughts on the post-quantum computing era
Posted
Monday, December 18, 2017 3:04 PM
by
CoreyRoth
With IBM, Google, and Microsoft pouring funding into the research of quantum computing, it's really starting to look like we are going to see the benefits in the next 5 - 10 years. Google may be just weeks from announcing they reached the quantum supremacy milestone and IBM may not be far behind either. Today, I wanted to share my thoughts on how quantum computing may affect cryptography as we know it.
Effects on cryptography
When we talk about the basic cryptography used for things like TLS when you access your bank's website, the premise behind securing your data is surprisingly simple. The certificate uses a public key which is really just a large number that's the result of multiplying two prime numbers together. This key has a size typically between 256 bits and 2048 bits. It's quite a large number. To find the two factors via brute force, in today's classical computers, it would take a billion years to solve (give or take a year or two). In computational complexity theory, they refer to these problems as intractable. They just can't be solved with the computers we have today.
However, once we have quantum computers, by the nature of entanglement and superposition, it can brute force all of the possibilities using an algorithm such as Shor's algorithm in a couple of minutes. Quantum Computers will ultimately break RSA encryption as we know it. It will take a significant number of qubits though before this can happen. The largest number factored to date is 56163, far smaller than a number that is 256 digits long. This means your bank login is safe from quantum computing for a little bit longer.
Prediction - the media will cause mass hysteria about quantum computers and cryptography
Here is what I think is going to happen. Some journalist looking for the next click-bait is going to stumble upon this following an upcoming advancement in the field of quantum computing. With half the facts the journalist, will write an article with a headline such as "Quantum Computers are breaking into your bank account right now." This will cause other media outlets to spread the word and amplify the message and people will go into a 1999 Y2K style frenzy. Consumers will freak out. Some will stop using the Internet for a while.
The thing is there are already smart people thinking about this and working on algorithms for Post-quantum cryptography. That doesn't mean a system for post-quantum cryptography will be available at the same time we get a quantum computer that can break RSA. We might, but I doubt it. Assuming post-quantum cryptography for the we is still certificate based, vendors will have to start creating those certificates. Then the web platforms like Apache and IIS will have to support it (not to mention the OS itself). Then the browsers will have to be updated as well. That's a lot of moving parts.
Companies will be scrambling to figure out what to do. I am predicting another gold rush for consulting firms (like Y2K) to help companies come up with a post-quantum strategy. Keep in mind it's not just the ecommerce site we are securing. It's the servers, the network communication, the connections to the cloud, etc. Some new people are going to get rich off of this.
I think the hysteria will happen whether it is warranted or not. Even when we start seeing quantum computers, not everyone is going to have access to them at the scale required to break the RSA. Even with Microsoft and IBM putting quantum compute in the cloud, most people will only have access to a small number of qubits. To get enough quantum computer power, it's absolutely going to cost you. That's not to say that some researcher with early access to quantum hardware couldn't "turn to the dark side and cause some mischief." It sounds like the making of a science fiction film, right?
Effects on cryptocurrency
Now I am hoping the bubble of cryptocurrencies like Bitcoin pops long before we reach post-quantum computing. I think it's going to be around for a while though. We may be out of Bitcoins by then but one of the other networks will rise up to take its place. I don't think a lot of thought has gone into the effects of quantum computing on cryptocurrencies yet, but I think the threat is real. Cryptocurrencies like Bitcoin are based on SHA-256. New blocks of bitcoins are generated basically by brute force by trying to mine a nonce to go along with the hash value. This sounds like something a quantum computer could do quite well. If someone were able to mine say all the remaining blocks in a cryptocurrency in a few days instead of years, that could be bad for the cryptocurrency economy.
This is all speculation of course, but I wouldn't be surprised if some we hear a story of some PHD university researcher who took off with a ton of cryptocurrency and disappeared off the grid in Fiji. Sounds like another science fiction film, right? Maybe I need to go into screenwriting. The implications are easy to exaggerate I know. It doesn't take much to spook and investor though. One new story goes viral, and a bubble could pop.
Conclusion
I think a lot of what happens in post-quantum computing and cryptography will happen to some degree. However, you will have to be able to discern perception and reality. Keep an eye on the state of the industry so you know what's going on. Then make smart informed decisions instead of knee-jerk reactions.
If you want to start learning more about quantum computing, check out my guide on How to start learning about Quantum Computing.