We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Securing Today’s Data Against Tomorrow’s Quantum Computers

Quantum computers are still a distant prospect, but Microsoft researchers say we should strengthen online encryption against them now.

Quantum computers would deliver immense power that would be useful in many fields—but also potentially break our strongest forms of encryption, used to protect things like financial and medical data.

Call it an abundance of caution. A Microsoft research project has upgraded the encryption protocol that secures the Web to resist attacks from quantum computers—machines that are expected to have stupendous power but have never been built.

Governments and computing giants like IBM, Microsoft, and Google are working on quantum computers because tapping subtle effects of quantum physics should let them solve in seconds some problems that a conventional machine couldn’t solve in billions of years (see “Microsoft’s Quantum Mechanics”). That might allow breakthroughs in areas such as medicine or energy. But such machines would also be able to easily break the encryption used to secure information online.

Intelligence organizations see that as a positive—the National Security Agency has an $80 million research program on quantum computing. But some researchers think we should be planning to upgrade our encryption so life can continue normally in a quantum-computing era. A team from Microsoft, chip maker NXP, and Queensland University of Technology have now shown how that might be done. They are testing a quantum-computer-proof version of the transport layer security protocol, TLS, that online banking sites and others use to encrypt online data.

Krysta Svore, who leads a research group working on software for quantum computers at Microsoft’s headquarters in Redmond, Washington, says this is more than just an academic exercise. “Given that scalable quantum computers are under development, it is crucial to prepare,” she says. It can take a decade or more for a new cryptographic algorithm—or “primitive”—to be properly tested out and widely deployed, she says. “There is an urgent need to determine other primitives now.”

When your bank or e-mail provider uses the TLS protocol to secure your data, today it typically uses the RSA algorithm (the letters stand for the last names of its three inventors). That creates pairs of digital security keys by multiplying together large prime numbers. One key is public and the other private; if you can figure out which primes were used to make the public key, you could also re-create the private one and unlock encrypted data. But conventional computers can’t quickly work out the primes used to make a key.

In 1994, mathematician Peter Shor proved that a quantum computer could easily find the primes behind a key. By using quantum states to exploit the mathematical structure of the problem, such a computer could effectively take a shortcut to the right answer. Shor’s algorithm can also be modified to crack a stronger alternative to RSA encryption, known as elliptic curve cryptography, which is becoming more common and is also used with TLS to secure online data.

The new quantum-proof version of TLS generates encryption keys using a different mathematical problem that’s believed to be beyond the practical reach of both conventional and quantum computers.

That system was tested by using it to encrypt data moving between two PCs, one taking the role of a Web browser and the other a Web server. The quantum-proof encryption protocol moved data 21 percent more slowly than a version using elliptic curve cryptography, as some websites do today, but the researchers consider that penalty a reasonable one to pay if their idea is polished up for real-world use.

Ari Juels, a professor at Cornell Tech and previously chief scientist at the security company RSA, says it makes sense to prepare our encryption for quantum computers now. Outdated encryption lingering in websites or software already causes security problems, even with the relatively slow progress made on encryption-beating attacks, he says.

However, right now it’s not certain that the math used in Microsoft’s quantum-proof software will always be intractable for either quantum or conventional computers, says Juels. Mathematicians and cryptographers haven’t studied them as intensely as they have RSA or the encryption used today. “We’ve no solid assurance,” he says.

Svore agrees but says the signs look good so far—people have looked for quantum shortcuts to the problem used in the new version of TLS for 15 years without success. Nonetheless, Microsoft’s researchers are studying possible alternative forms of quantum-proof encryption. Svore says she also wants to educate more computer scientists and programmers about how to write code for quantum computers so they are better prepared to use—or defend against—them when they do arrive. “We need to raise awareness on the power of quantum computing,” she says.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.