As quantum technology inches closer to reality, stakeholders worldwide are searching for new cryptographic methods.
Cryptography

Ready for the quantum plunge?

Quantum computers could revolutionize many areas of research.Their evolution, however, has many security experts worried. These new supercomputers will not only rev up science in the near future, but could also break many forms of encryption in a heartbeat. Companies are at risk of losing sensitive data.
Author: Jan Ungruhe
Illustration: Knut Niehus/ddp images

It’s scary stuff: through brute processing power, a quantum computer can crack many an established encryption method in seconds – a feat that would take billions of years with a conventional computer. At that point, the “s” in “https” will stand for “so long, privacy!” instead of “secure.” Sending passwords and other sensitive data over the Internet – integral to applications like online banking – could expose individuals and companies alike to incalculable security risks. 
Sound like the distant future? Think again, many researchers say. For now, quantum computers only exist in theory. But computer scientists believe that Google could unveil a 50 qubit quantum chip by the end of 2017. 
In light of this menace, security experts are furiously hunting for a way to block the new superhackers. Their quest became even more urgent in 2014 when the Washington Post, citing former CIA contractor Edward Snowden, revealed that the National Security Agency (NSA) was crafting a quantum supercomputer – one powerful enough to spy on foreign governments or public agencies.

Data communications already at risk

Researchers are urging companies to switch to post-quantum encryption as soon as possible. Today’s data communications are already at risk, they say. Hackers could capture sensitive messages in encrypted form and then store them until the advent of a quantum computer strong enough to decrypt them – in potentially ten years or less. This scenario wasn’t plucked out of thin air, either. The NSA is allowed to stockpile encrypted data for as long as needed to crack it, for example. 
A wait-and-see approach could prove itself costly for companies, warns Dr. Enrico Thomae, a post-quantum expert at operational services GmbH, a joint venture between Fraport and T-Systems. “Businesses should identify their critical assets and extend their analysis to include longterm security requirements, including protecting information with a secrecy horizon of five to 15 years.” Manufacturers who ignore this risk could end up performing costly recalls or retrofits of long-lived products such as automobiles or refrigerators.

Longer key lengths required

For now, the cryptography expert recommends selecting 256 bit keys for symmetric algorithms such as AES (Advanced Encryption Standard). Lengthy keys can buy time with asymmetric encryption, too. In fact, specialists are forecasting a renaissance for RSA encryption (Rivest, Shamir and Adleman) with extremely long keys. This combination would remain impervious to attack until even larger quantum computers have been developed. Companies could use hybrid encryption in the future, too: a conventional encryption method with a post-quantum algorithm.
As quantum technology inches closer to reality, stakeholders worldwide are pressing ahead with the search for new cryptographic methods. In 2015, for example, the European Union provided EUR 3.9 million in funding for the PQCRYPTO project (Post-Quantum Cryptography). The project team consists of universities and companies from eleven countries, including Ruhr University of Bochum and TU Darmstadt University. The researchers put known postquantum algorithms through their paces to validate their applicability and security and then optimize them for the TLS protocol, for example. Final results are expected by the end of 2018. At the same time, the National Institute of Standards and Technology (NIST), a federal US agency, has launched its own public tender and is accepting algorithm submissions until the end of 2017.
Even Google, gearing up for new types of attacks, has begun experimenting with a new post-quantum algorithm called “New Hope” in its Chrome browser. Meanwhile, Deutsche Telekom and South Korea’s SK Telecom have kicked off an initiative to enable secure communications in the age of quantum computing and established the “Quantum Alliance.” The telecommunications companies will test post-quantum algorithms and new cryptographic algorithms that will run solely on quantum computers. “With the Quantum Alliance, we are taking the lead in a technical development that will revolutionize IT: we will help to ensure that communications remain secure even after a breakthrough is made in quantum computing and the first computers hit the market,” said Claudia Nemat, Deutsche Telekom Board member for Technology and Innovation.

Researchers benefit

The biggest beneficiaries of a supercomputer, though, would be researchers in virtually all disciplines worldwide. Quantum computing could turbo-charge medical research programs, crack open optimization problems, accelerate search algorithms and rapidly scour large databases. The horror stories of evil-minded hackers would revert to what they have been in many cutting-edge fields of technology: a sideshow – but one with a considerable threat potential.