Quantum Computing Is Coming. Better Encryption Helps Us Prepare for Its Arrival.
Blog Post
Sept. 26, 2024
The National Institute of Standards and Technology (NIST) announced, last month, the release of several new encryption algorithms “designed to withstand the attack of a quantum computer.” There are currently no quantum computers capable of carrying out such an attack, but advances in quantum computing are widely expected to make them possible over the next decade. The belief that such significant developments are fast approaching is shared by many in the federal government. These standards and the Department of Commerce’s recent inclusion of quantum computing in export restrictions both indicate a sense of urgency to, as Vice President Kamala Harris said in a recent debate, "win the race on A.I. and quantum computing."
Quantum computers may be able to efficiently “crack the code” of all currently-used encryption, rendering vulnerable any data that’s been secured with current encryption. The post-quantum cryptography standards released by NIST mark an important and concrete step in safeguarding billions of people’s private data by providing options to resist attacks from quantum computers before they become a widespread technology.
To really understand why this work is so important, it helps to understand some basics about encryption and its fundamental role in ensuring privacy on the internet, learn what quantum computers are, and know how they’re different from the type of computers that are in all current digital technologies.
What Is Encryption?
Encryption refers to a process in which clear text (or other types of data) is turned into a jumble so that only the intended parties can unscramble the jumble and view the original data. It is used to protect the privacy of direct messages, email, financial transactions, web traffic, and other data. Encryption is based on complex math or, as NIST describes it, “math problems that computers find intractable.” One need not fully grasp the complexity of the math involved to understand some of the basic principles of the process.
In math, some operations are easier to perform than others. In algebra terms, it is easier to square a prime number than it is to take that product and find its square root. Encryption uses something similar to that property, only with more complex mathematical operations and massive numbers.
Encryption works by making the math more difficult for computers to do quickly. Most modern encryption schemes work by including a process for sharing some of the variables in the formula, making it possible for those computers to do the math. The algorithms used in encryption have been updated a few times as digital computers became more powerful, but the math was always designed to account for the ways digital computers handle data.
There is reason to worry that quantum computers will be able to easily and rapidly do the math required to break the best of current encryption algorithms. The new NIST standards are the most recent update of that math and the first specifically designed to be harder for a quantum computer to do.
What Are Quantum Computers, and How Do They Differ from Digital Computers?
The main difference between quantum computing and classical (digital) computing is how information is stored and processed. A digital computer uses binary digits, or bits, where each bit is either a 0 or 1. Quantum computing, instead, uses qubits, which can be 0 and 1 at the same time. If a bit exists as a binary, each additional bit will double the previously held computing power; essentially, moving from 2, to 4, to 8, and so on. Because of the way that qubits can simultaneously exist in multiple states and do not behave as independent entities, a quantum computer's processing power increases at a higher exponential rate than with digital computers.
While this might seem improbable, qubits actually mirror the behavior that we see in electrons, photons, and other subatomic particles—observations that form the building blocks of quantum physics. With quantum computing, as with quantum physics, we understand the mathematical concepts behind it, even if we do not yet have the machinery to work with those concepts in real terms.
Quantum computers will have the ability to process data millions of times faster than even the best current computing systems, which will be useful for analyzing data and running AI models. This ability will also make it easy for bad actors to break encryption that is not designed to withstand this scale of processing.
While general purpose quantum computers capable of breaking encryption are a ways off, there is no reason to think that this is simply a theoretical problem. Quantum computers are coming.
Why Should We Care About Quantum Computers Now?
We live in a society that stores ever greater amounts of data, much of it quite personal, and the types of attacks enabled by quantum computers will make all existing encrypted data vulnerable. That’s why it is so important that NIST put together and published these encryption standards now. While it may be another ten years or more before the emergence of quantum computers that are powerful enough to hack current encryption schemes, there is a very real threat that data collected now could be decrypted in a decade—when the technology becomes more widely available.
Making quantum-resistant cryptographic protocols available now gives us the opportunity to update our encryption tools and start future-proofing private data as it gets generated. This process also gives us the time to migrate and delete data that has already been stored. We can’t claw back encrypted data that might already be stored and waiting for decryption, but we can certainly take steps to protect and remove existing data to prevent its future theft and decryption.
As with every newly-released standard, these algorithms will only become truly standard if they receive wide adoption. These standards seem very promising, and it will be interesting to see what existing encryption software will incorporate them as an option.
It is encouraging to see NIST working so proactively on a real threat while it still looms so far on the horizon.