Skip to Content
Computing

Quantum computers pose a security threat that we’re still totally unprepared for

Some US experts think it could take at least 20 years to get quantum-proof encryption widely deployed.
December 3, 2018

The world relies on encryption to protect everything from credit card transactions to databases holding health records and other sensitive information. A new report from the US National Academies of Sciences, Engineering, and Medicine says we need to speed up preparations for the time when super-powerful quantum computers can crack conventional cryptographic defenses.

The experts who produced the report, which was released today, say widespread adoption of quantum-resistant cryptography “will be a long and difficult process” that “probably cannot be completed in less than 20 years.” It’s possible that highly capable quantum machines will appear before then, and if hackers get their hands on them, the result could be a security and privacy nightmare.

Today’s cyberdefenses rely heavily on the fact that it would take even the most powerful classical supercomputers almost unimaginable amounts of time to unravel the cryptographic algorithms that protect our data, computer networks, and other digital systems. But computers that harness quantum bits, or qubits, promise to deliver exponential leaps in processing power that could break today’s best encryption.

Key issue

The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day.

Such machines, which would require a couple of thousand “logical” qubits, are probably at least a decade away, say the US experts. Qubits’ delicate quantum state can be disrupted by things like tiny changes in temperature or very slight vibrations, so it can require thousands of linked qubits to produce a single logical one that can be reliably used for computation.

Still, complacency would be a mistake. William Oliver, an MIT physics professor and a member of the group that produced the academies’ report, notes that governments and businesses like banks often need to keep data secure for decades. They therefore need to be thinking now about potential future threats to the encryption they’re using.

Scott Totzke, the CEO of Isara, a startup that’s developing quantum-proof cryptographic solutions, says it’s getting plenty of interest from automakers worried about risks to software in connected cars and other vehicles that will spend many years on roads. 

Standard setting

Isara’s work is part of a wider push in the cryptographic community to come up with new encryption methods that can’t be cracked by quantum computers. The academies’ report summarizes several of these methods, and the US National Institute of Standards and Technology is working to develop standards for quantum-proof cryptographic algorithms related to them.

The biggest challenge will be getting these widely adopted. The academies’ experts say negotiating standards, persuading vendors to follow them, and then getting organizations to upgrade their hardware and software can take years. Old data will also need to be reencrypted or destroyed.

Hence the depressing-but-probably-accurate forecast that it will take at least a couple of decades to get quantum-safe cryptography broadly in place. If that holds, we’re going have to hope it somehow takes even longer before a powerful quantum computer ends up in a malicious hacker’s hands.

 

 

 

Deep Dive

Computing

afghanistan coding program
afghanistan coding program

The code must go on: An Afghan coding bootcamp becomes a lifeline under Taliban rule

In Afghanistan, tech entrepreneurship was once promoted as an element of peace-building. Now, young coders wonder whether to stay or go.

broken pieces of log4j
broken pieces of log4j

The internet runs on free open-source software. Who pays to fix it?

Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong.

This new startup has built a record-breaking 256-qubit quantum computer

QuEra Computing, launched by physicists at Harvard and MIT, is trying a different quantum approach to tackle impossibly hard computational tasks.

ASML machine
ASML machine

Inside the machine that saved Moore’s Law

The Dutch firm ASML spent $9 billion and 17 years developing a way to keep making denser computer chips.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.