(Above: IBM's Osprey quantum computer, source: https://www.popsci.com/technology/ibm-quantum-summit-osprey/)
The math and machines behind the future of privacy online are fiendishly
complex
—
Modern encryption works because of the extraordinary amounts of time required to decrypt data that is passed through ‘one-way’ mathematical functions. So far, the time and computing resources needed to decrypt sensitive data have served as an effective barrier to massive, wide-ranging, brute-force decryption attacks. With advances in quantum computing, however, barriers to cracking current cryptographic standards are rapidly disappearing.
Advances in the raw compute power of quantum processors are only one part of the equation; research into more efficient algorithms for decrypting encrypted data is also poised to turn quantum computers into highly adept encryption-breaking platforms.
In 2017, Charles Neill at UC Santa Barbara and Pedram Roushan at Google unveiled a proof-of-concept ‘superconducting qubit’. In quantum mechanics, superconductivity can be achieved by cooling a substance (liquid metal in this case) to an extremely low temperature and introducing an electrical current. The principle of superconductivity allows this current to flow forever, in both directions simultaneously.
This behavior of the electrical current in the liquid metal represents a qubit that can simultaneously represent a 0 and a 1. In classical computing, a bit can only represent a 0 or a 1 at an arbitrary point in time. Qubits, meanwhile, can store values of 0 and 1 at the same time, allowing an equivalent number of qubits to store exponentially more number values than bits. To put this in more practical terms, just 50 qubits can store 10 quadrillion numbers; a classical computer would require a petabyte-scale memory system to store the same number of values.
The main concern from physicists about such a system is that mathematical errors would scale rapidly with the size of the quantum system. Neill and Roushan demonstrated that errors only increased slowly, suggesting that a meaningful superposition of up to approximately 60 qubits could be attained. A superposition of 60 qubits would surpass the researchers’ initial goal of 49 to 50 qubits, while theoretically producing a manageable number of errors.
Since this research was published in 2017, the field of quantum computing has advanced rapidly. As of October 2023, the fastest quantum computer in the world has surpassed 1000 qubits. For comparison, Microsoft estimates that 2500 qubits would be necessary to crack modern 256-bit AES encryption. Just one year earlier, in 2022, the fastest quantum computer in the world was IBM’s Osprey system, at 433 qubits.
If advancements continue at this pace, modern 256-bit encryption could be cracked in only a few years. While the general public does not have access to quantum computing resources, research universities, high-tech corporations, governments, and militaries certainly will. At that point, the genie will have been released from the bottle and we must then assume that data encrypted with ‘legacy’ ciphers is no longer secure.
However, it’s crucial to keep in mind that sheer qubit numbers aren't the final word in quantum performance. Accuracy counts more than raw speed in most classical computing paradigms, with quantum computers being no exception. The difference, though, is that quantum computers are considered “noisy” in that they lose their quantum state over time. A degradation in quantum state means worthless results are produced; considering the running costs of a quantum computer, vast resources have been invested into improving the accuracy and reliability of these systems.
Electromagnetic interference and changes in magnetic fields cause qubits to lose their quantum states, necessitating exotic and complex cooling and environmental isolation solutions which are prohibitively expensive for all but large enterprise and government institutions.
As of mid-2024, research at the Chalmers University of Technology in Gothenburg, Sweden has found that the use of harmonic oscillators can control error rates and thus produce a quantum computing system that can run longer calculations. The researchers at Chalmers University explain:
“The oscillators used in the study consist of thin strips of superconducting material patterned on an insulating substrate to form microwave resonators, a technology fully compatible with the most advanced superconducting quantum computers. The method is previously known in the field and departs from the two-quantum state principle as it offers a much larger number of physical quantum states, thus making quantum computers significantly better equipped against errors and noise.”
While errors remain a roadblock to the “quantum supremacy” Google researchers envisioned in 2017, research into reducing error rates is producing actionable scientific results that promise to make quantum computers more accurate and less susceptible to environmental influence.
Predicting the assault of more advanced and less error-prone quantum computers, the National Institute of Standards and Technology (NIST) in 2022 announced its first four quantum-resistant cryptographic algorithms. These algorithms rely on mathematical models that are designed to resist decryption attacks from both classical and quantum computers, as part of NIST’s Post-Quantum Cryptography Standardization Project.
For general encryption, NIST chose the CRYSTALS-Kyber algorithm to defend against future quantum decryption attacks. For digital signatures, CRYSTALS-Dilithium (a nod to the fictitious dilithium crystals featured in Star Trek), FALCON, and SPHINCS+ were selected. Three of the algorithms chosen by NIST operate based on a family of mathematical problems known as structured lattices, while SPHINCS+ uses more conventional hashing functions.
As ever, the march of increasingly powerful microprocessors and more advanced cryptographic algorithms demands that digital citizens of all stripes adopt and maintain best security practices. Small businesses are especially vulnerable to more advanced credential theft, phishing, impersonation, and brute-force decryption attacks. Get in touch with Geeks for Business today to learn how you can secure your organization’s digital footprint.
Comments