Quantum and the Future of Cryptography

iStock illustration

The ability to encrypt information is an essential part of military command and control, just as breaking military codes has been a decisive factor in modern warfare. With that in mind, the United States should take steps now to prepare for a day when adversaries could have quantum computing-enabled decryption capabilities.

Examples of successful codebreaking abound, from the deciphering of the Zimmermann Telegram that brought the United States into World War I to the cracking of Japanese codes that led to victory at the Battle of Midway. Most famously, cracking the Enigma code helped change the course of World War II. Though still an essential element of military command and control, cryptography also underpins security across all segments of our economy, including phone calls, credit card payments, banking transactions and most web searches.

Ensuring that data is successfully encrypted and thus inaccessible to attackers is key to maintaining a strong cyber defense posture. To that end, cryptographic technologies are widely employed to authenticate sources, protect stored information, and share data in a confidential and secure manner. Algorithms currently in use are so advanced and have revolutionized data security to such an extent that even the fastest classical computers could take years, in some cases decades, to unlock encrypted files. As a result, rather than attempt brute force decryption, hackers have instead preferred to steal encryption keys or find weak links in a security network to bypass secure channels and steal decrypted data.

For example, in the recent Colonial Pipeline incident, attackers obtained access to the IT system through a legacy Virtual Private Network, or VPN, profile that had not been used or monitored for years. Better enforcement of cyber hygiene is a short-term solution, but in the long-term, security networks must also be overhauled to implement cryptographic algorithms designed to fend off future attacks made possible with emerging technologies such as quantum computing.

For decades now, quantum computing has been hailed as one of the next big revolutions. Quantum computing is not just faster than traditional computing methods, but a fundamentally different approach to solve seemingly intractable problems. The mathematical operations that most traditional cryptographic algorithms rely on could be cracked with a sufficiently strong quantum computer.

With the potential that quantum could have on the international economy, it is no surprise that billions of dollars are being invested to fund research in this emerging technology area. In the United States, efforts are being led by academia, government labs and technology companies across the industrial base. However, China is investing heavily and is close behind. President Xi Jinping’s government has spent more than $10 billion to set up the National Laboratory for Quantum Information Sciences, and at the current rate will spend more on quantum research than any other nation by 2030.

Practical quantum computers are still a long way off. The design and operation of an operational quantum computer, let alone programming it, will be exceptionally challenging.

Traditional computers use bits that can hold only one of two values — 0 or 1. But a quantum computer employs quantum-bits, also known as qubits, that can be both 0 and 1 at the same time, thus giving the computer its exceptional power. However, these qubits are also fragile, and interactions with their surroundings can distort them. Existing quantum computers have been built with only a few handfuls of qubits, while a usable quantum computer would require something closer to a million high-quality qubits with robust error correction.

Larger computations would also require bigger quantum chips with many millions of connections. Even if that were possible, we do not currently have the capability to control multiple qubits on the time scales required for useful operations, on the order of tens of nanoseconds.

Notably, only a limited set of problems have been identified that can currently be solved more effectively on a quantum computer than a traditional one.

However, given the pace of advancement and magnitude of investments by peer competitors, we should not wait to implement quantum-resistant algorithms on our security networks. There are steps we can take now to guard against future quantum computational capabilities, including the implementation of post-quantum cryptography algorithms that are secure against both classical and quantum computers. Of course, systems protected by even the most robust quantum-resilient algorithms would still be vulnerable to attack via weak links in a network, so these are necessary but not sufficient steps.

In 2015, the National Security Agency announced plans to transition to a quantum-resistant cipher suite and encouraged partners and vendors to do the same. The National Institute of Standards and Technology established the Post-Quantum Cryptography Standardization program and competition in 2016, to upgrade public key encryption to a quantum-proof model. Schemes submitted were analyzed internally to standardize the best ones for use in products and services. Three signature schemes were selected as finalists in Round 3 in July 2020, with some alternate schemes considered for further analysis. NIST also plans to publish a playbook to guide government and industry through the transition of their crypto systems to quantum-resilience.

It would be difficult to predict when, or even if, quantum computing will provide our adversaries, or even bad actors, with the ability to creak previously unbreakable codes. But regardless of the timeline for that threat, we can take steps today that will significantly reduce the potential risks posed by that future capability.

Vidya Subramanian is a recent master’s degree graduate of Purdue University and former research intern at NDIA’s Emerging Technologies Institute.

Topics: Emerging Technologies