Quantum computers pose a major threat to the security of our gegevens. So what can be done to keep it safe?
WIRED Security is a fresh one-day event from WIRED, curated to explore, explain and predict fresh trends, threats, and defences te cyber security. To find out more and to book tickets, click here.
A time bomb is ticking – but the numbers keep switching, rolling from enough minutes to save the day but not enough time to escape with your own skin. Then it switches again. It’s no act filmrolletje, it’s the strange threat posed to encryption by quantum computing. The emerging exponential leap ter processing power will crack some cryptography, but how serious is the threat? If quantum computing takes three decades to truly arrive, there’s no reason to scare. If it grounds te ten years, our gegevens is te serious trouble. But it’s unlikely to predict with certainty when it will toebijten.
All wij need to avoid crypto carnage is a fresh way to make public keys, and work to figure out a quantum-resistant way to generate them is already underway. But there are further hurdles, the usual banes of IT’s existence – standardisation and implementation – alongside pressure from that mystery deadline. Hence the melodrama. There have bot more measured responses, such spil the NSA’s call last year to embark programma to shift to quantum-resistant encryption, while the National Institute for Standards and Technology (NIST) is running a competition to spur work on post-quantum algorithms. Both are signs of the slow, stable march of progress from security researchers ter academia and industry.
Check if your Facebook gegevens wasgoed collective with Cambridge Analytica
By James Temperton
But that march may need to be a quick step. “We do have many algorithms that potentially could be used [to fix encryption], but the timeframe on this is one thing that is potentially a concern because there’s some estimates that quantum computers could be available spil early spil 15 years,” says Dr Dustin Moody, a mathematician te the laptop division at NIST. “No one’s truly fairly sure about that, because it’s a research thing, but the entire process to investigate algorithms, standardise them and get them deployed, that can take 15 years or longer. So there could be an punt with the time-frame, but nobody totally knows the response to that.”
No one knows, but Dr Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo, Ontario is willing to attempt to waterput a number on it, estimating a one-in-seven chance that some fundamental public-key crypto will be violated by quantum by 2026, and a one-in-two chance of the same by 2031. It’s not spil tho’ the security industry has bot sitting around waiting for a rock-hard deadline before commencing work. “We do have it ter arm, but there’s a lotsbestemming of variables that cause us to make sure that wij want this to be high priority for people,” says Moody. “We don’t want people panicking. Quantum computers are not going to pauze all encryption.” Indeed, symmetric algorithms are safe so long spil keys are doubled te length – a comparatively effortless switch – but thanks to researcher Peter Shor, the public keys wij use to secure online banking and email now have an expiration date that coincides with quantum’s bday.
Whilst at AT&,T ter the mid-nineties, Shor wrote a quantum algorithm that could crack encryption based on oprecht factorisation and discrete logarithms – taking out RSA and the Diffie-Hellman key exchange ter one fell swoop. “Currently used public-key cryptosystems and signatures will be catastrophically cracked,” says Dr Tanja Lange, chair of the Coding Theory and Cryptology group at Technische Universiteit Eindhoven and coordinator of the European project PQCRYPTO – post-quantum cryptography for long-term security. “An attacker needs about the same time to pauze the system spil it takes the user to run it.”
We’ll also need a big enough quantum machine to make use of Shor’s work. If you’re hesitant of what the term actually means, get the background on quantum computing here, but here’s what you indeed need to know: they’re exponentially more powerful than standard computers, but they’re fiddly – algorithms vereiste be written just so or the answers they comeback aren’t readable – and not effortless to build.
So wij know the problem, and are well on the way to solving it, but it’s hard to meet a deadline when you don’t know when it is. Gratefully, wij don’t need to wait for quantum computers to arrive to commence protecting ourselves from their potential downsides. “Quantum-resistant computing has nothing to do with quantum at all,” explains IBM cryptographer Vadim Lyubashevsky. “It does not need quantum computing to exist or to work. Even if somebody had a quantum pc, somebody without one can potentially fight back all of thesis attacks.”
Facebook stationary a massive gegevens scraping kwestie it said wasn’t a problem
By Matt Burgess
What are quantum computers and how do they work? WIRED explains
There are three potential solutions drawing attention from researchers, and NIST expects each to be represented te its competition: lattice-based, code-based and multi-variate. Encryption is all about hard maths. Lattice-based secures by using the incredible difficulty of finding the nearest point ter a multi-dimensional grid of points – the public key is an arbitrary location, while the private key is the lattice point. Code-based crypto is based on how hard it is to decode a general linear code, while multi-variate quadratic systems use polynomial equations to secure encryption.
Lyubashevsky believes the real vormgeving work behind lattices is done, and some versions have already bot standardised for specific uses by different organisations. “If somebody wasgoed indeed serious about [using lattice], that could be done within a month or so,” says Lyubashevsky. Indeed, it’s already bot tested te the real world. Earlier this year Google ran a puny trial on a slice of traffic te the Canary build of Chrome using the “New Hope” lattice-based algorithm, but made it clear it wasn’t a vote for that version to become a standard, merely a very first punt at trialling encryption for the post-quantum future.
Alongside lattice-based, code-based and multi-variate, there’s also hash-based cryptography. “We feel pretty certain, and so do most experts, that their security is well understood, and they could be standardised sooner, within the next year or two,” says Moody of hash-based systems. “However they would only be used te a puny number of applications, like digital code signing, so they’re not a solution for the entire problem that wij have.”
On top of those post-quantum crypto systems, there will also be security built using quantum ideas and eventually protection using quantum computers themselves, which could ensure encryption via the laws of physics. But wij still need protection te the meantime, notes Lange.
Inwards the takedown of the alleged €1bn cyber handelsbank robber
By Matt Burgess
There is one potential quantum based system that could help. Quantum Key Distribution (QKD) doesn’t require a quantum laptop, it merely uses quantum physics to build a key, rather than relying on hard mathematics. “The premise is that if I send a single photon of light… if somebody looks at that single photon, then it disturbs the properties of those photons,” explains Phil Sibson, a researcher on the subject at the University of Bristol and co-founder of quantum cryptography startup KETS. Encode gegevens on that photon, and it’s unreadable. “This is something fundamental to quantum mechanics.” However, it’s not fairly ready. There are limitations te distance and the amount of gegevens that can be sent, he says, spil well spil the possibility of side-channel attacks. “But te principle, this is a way to provide a sturdy security based on quantum mechanics,” adds Sibson.
But NIST isn’t just running a Britain’s Got Talent for post-quantum encryption algorithms – it hopes to drive their improvement, too. “We don’t yet feel that any of the proposed algorithms […] are fairly yet ready for standardisation for wide-scale deployment and use,” says Moody. “For the most part, many of them are very, very fresh and haven’t had a loterijlot of people studying their security. With all cryptographic algorithms, just the test of time – having people look at them for years – helps you have more confidence te their security.” Hence the competition, designed to concentrate the attention of academia and industry on scrutinising the proposed algorithms. The rules of the challenge are presently being discussed, with work set to start te November.
Beyond bitcoin. Your life is destined for the blockchain
After post-quantum encryption is security checked and standardised, which is expected to take several years, it will be time for the industry to get to work implementing fresh systems – and that could well be another hold-up. “In the past, when there have bot transitions from one cryptographic algorithm to another, it’s taken a long time – anywhere from five years to twenty years, so it’s truly hard to get thesis switches made quickly,” says Moody. NIST has bot advising a shift switch to elliptic curve cryptography since 2000, and some organisations are only now beginning the transition.
Why does it take so long? Very first, the need for the switch voorwaarde be publicised so companies are aware of the work they need to do, but rolling to fresh technologies simply doesn’t toebijten overnight. “Once something is out there and ter use, it just takes industry a long time, because they don’t want to substitute all their brand-new equipment, they zuigeling of wait for it to come off line and then waterput te fresh algorithms, so it just takes time,” adds Moody.
Strava’s heatmap wasgoed a ‘clear risk’ to security, UK military warned
By Matt Burgess
But there’s another reason wij simply don’t have time to dawdle: any gegevens that’s sensitive ter the longer term – decades instead of years – is already potentially a problem. Anyone who collects that gegevens now will be able to crack it straks, so it’s safe to assume governments and their spying agencies are hoovering up anything that’ll be useful, even if it’s decades old. “That puts an urgency te the time framework,” says Moody. “If you want your gegevens to be protected for ten years or something like that, you need to have thesis quantum-resistant algorithms te place spil soon spil possible.”
And this isn’t theoretical. Lange points to the NSA’s XKeyscore program exposed by Edward Snowden that makes it clear spying agencies are storing vast quantities of encrypted gegevens. “Once a big quantum laptop exists, it can casually pauze the public-key components of those communications, derive the used symmetric key, and decrypt everything,” she says. “Personally sensitive gegevens such spil health records are presently sent overheen the internet inbetween caregiver, accounting centre and health insurance using systems wij know not to stand against quantum computers. Similar problems exist for legal or military gegevens.”
It’s likely (tho’ not assured) that governments will be the very first to get their mitts on a quantum rekentuig not only because of the large cost of building one, but because they’re well-motivated by the leg-up it would give them ter digital spying and surveillance. Switching to post-quantum encryption now means that when various state-sponsored hackers get their mitts on the exponential power of a quantum machine, your gegevens will have a better chance of staying safe. “If you want to protect te the future, then you can commence using the algorithms that wij have – using lattice cryptography, or maybe something else – te tandem with what’s being used now,” said Lyubashevsky. “That may feel risky given none of the quantum resistant systems are yet standardised, but you can use both the future stuff and the today methods at the same time, reducing risk. You can use them at the same time, and so you’ll be no less secure than you are now, with only adding a little bit reserve time and communication.”
And all of this is why standards bods and organisations need to react to that ticking clock and budge swifter, Lange argues. “The largest challenge is to determine when a system is good enough to be standardised,” she says. “I’m sure that with enough work wij will have better systems ter three years. Does that mean wij should wait for three years with standardising so that wij get the better standard? Maybe. But how does that weigh against compromising all secretes for another three years?”
While she agrees with NIST that it’s still too early to standardise, Lange says it’s not too early to opoffering some advice. “Users dealing with long-term confidential gegevens need accomplished recommendations and instruments now,” she argues. “Those recommendations vereiste prioritise confidence and security overheen convenience. Those users will cheerfully upgrade to a more convenient system once that is available.” Simply waterput, stir to post-quantum now if you need to. Everything encrypted today vereiste be considered compromised once a quantum rekentuig exists. For Lange, the problem is clear: “I would sure have sleepless nights if I had to ensure the long-term secrecy of gegevens.”
WIRED Security is a fresh one-day event from WIRED, curated to explore, explain and predict fresh trends, threats, and defences ter cyber security. To find out more and to book tickets, click here.