Traditional cryptography doesn't stand a chance against the quantum age
How do you keep secrets when computers are operating on an atomic scale?
Quantum computers will make easy work of our current encryption systems, putting some of the world’s most sensitive data at risk. And John Prisco, CEO of the security company Quantum Xchange, tells Inverse that the time for new encryption is already here.
Traditional cryptography relies on a system of public and private encrypted “keys” that protect data by creating a decryption process that relies on solving incredibly complex math. Namely, the factoring of prime numbers. For today’s computers, trying to solve the answer through brute force (e.g. guessing as many different answers as possible) would be nearly impossible. But for quantum computers, such computational hurdles would be trivial.
“Before computers were as powerful as they are today, that [kind of cryptography] was going to be good for a million years,” says Prisco. “[But] a million years got truncated into just a handful of years.”
But such computational might, for the time being, is still fairly theoretical. Google was only able to achieve quantum supremacy (a benchmark that compares its computational abilities to a ‘classical’ computer) this year and quantum systems are far from office staples. Yet, Prisco tells Inverse that waiting until these machines become more widespread to begin improving our encryption methods would be too late.
“People are stealing data today and then harvesting [and] storing it,” says Prisco. “And when they crack the key, then they’ve got the information. So if you have data that has a long shelf life, like personal information, personnel records, you really can’t afford to not future proof that.”
And government agencies says Prisco, are worried about this too. In 2017 NIST (National Institute of Science and Technology) put out a call for new, quantum-resistant algorithms. Out of the 82 submissions it received, only 26 are still being considered for implementation. But Prisco tells Inverse that simply creating algorithms to combat these advanced computers won’t be enough. Instead, we need to fight quantum with quantum.
That’s where Prisco’s company, Quantum Xchange, comes in. Instead of focusing on quantum-resistant algorithms, Quantum Xchange creates new encryption keys that themselves rely on the physics of quantum mechanics.
Just as today’s keys are made up of numbers, says Prisco, their quantum key (called QKD) would be made up of photons.
“[The QKD’s] photons are encoded with ones and zeros, but rather than relying on solving a difficult math problem, it relies on a property of physics,” says Prisco. “And that property is associated with not being able to observe a photon in any way, shape, or form without changing its quantum state.”
This quantum property that Prisco refers to is a law of physics called the Heisenberg Uncertainty Principle. According to this principle, the quantum state of the QKD is only stable as long as it’s not observed. So, even if a nefarious actor were to steal the QKD, Prisco tells Inverse, the very act of stealing it would count as observation and would thus change the QKD altogether and render it moot.
“You could steal the quantum key,” says Prisco, “but it would no longer be the key that was used to encrypt and therefore it would no longer be able to decrypt.”
Prisco tells Inverse that he believes this new generation of quantum keys would remain resilient as long as the laws of quantum physics did. So in theory, a very, very long time.
While other experts have estimated that it will be ten years until such quantum attacks really start taking place, Prisco tells Inverse he believes it will be less than five. And waiting to develop these technologies will not only put our data at risk, but could put us behind the curve when it comes to competing with other countries in this arena as well. Particularly China, who Prisco says is outspending the U.S. 10-to-1 in quantum technology.
Going forward, Prisco says that the U.S.’s best bet will be to incorporate both the quantum-resistant algorithms being developed by NIST and other government agencies as well as a quantum key like their QKD.
“I’m a proponent for combining what NSA and NIST are doing with quantum-resistant algorithms with quantum keys,” says Prisco. “You know, it may seem like a revolutionary concept in the United States but I can tell you that China’s doing this, all of Europe’s doing this… Russia’s doing this. Everybody kind of realizes that the quantum computer is an offensive weapon when it comes to cryptography. And that the first defensive weapon one can deploy are the quantum keys, and then quantum-resistant algorithms when they’re available.”