Encryption and the Quantum computer freight train

Quantum computing is clearly the next phase in computing progress. It's the difference between having a vocabulary of two (Yes and No ie binary) and being able to use millions of words to calculate and communicate... faster, more accurate, efficient and powerful.

The problem is that anyone with the advantage of a Quantum computer can totally overwhelm someone relying on old YES/NO technology.

Enter Encryption.

It's current role is to scramble information so that the processing power of someone with a key can unscramble the information millions of times faster than someone who does not have the key but has to guess it.

Quantum computing means that key finding is so fast that encryption as a protection is almost pointless.

But Quantum computing (that uses qubit rather than bit) is only coming in the medium term future isn't it?

We are a decade off at least... right?

Well for a relatively long time IBM's 5 qubit Quantum computer was considered the ceiling for the near future, but just recently French scientists successfully ran a 15 qubit computer... while this is exciting for computer engineers, for cryptographers this is a nightmare.

To illustrate. If this progress continues a 300 qubit computer is feasible. A 300 qubit quantum computer could use more computational states than there are atoms in the known universe. On that track a 1000 qubit computer could break any encryption at any time with little or no effort.

So how do we counter this? How can we operate without and information constraints or privacy?

In the long term, this will need a major initiative. Very serious.

In the short term, the answer is a carefully designed security architecture. Architecture that is not dependant on particular flavours of encryption but allows advances in encryption to be easily plugged in and out as they become victims in the the ensuing quantum vs encryption battle.

At this rate it may be possible to break into pretty much every standard encryption system used today within 3-5 years. HTTPS will no longer be secure.


Here are some facts to keep in mind:
  • Quantum computing is very strong at specialist tasks ie finding prime numbers in a specific range. But not good at general computing yet.
  • A modern laptop can simulate a Quantum computer of up to 40 qubit capability! So it is still early days. Ref Economist.
  • Quantum computers are finicky and temperamental so will probably be first used by big state, academic and corporate organisations, then by well resourced criminal organisations then eventually by individuals.
  • The NSA, CIA and FBI will probably be using them long before we hear about it. The advantage of the Quantum computers encryption cracking capability is too big a prize not to exploit.
  • Quantum cracking of encryption will be traceable. I am working on, developing and refining a Quantum attack detection system for use by our team in staying ahead of these developments. For details please feel free to contact me but I will discuss this advance only under NDA.


Takeaways:
  • If you don't want someone to see something that you have stored digitally... don't put it out there... at all.
  • If its important, make sure the encryption you use is Quantum resistant... ie NOT RSA.
  • Store your important stuff on your own devices that can be detached from the net if needed.
  • Watch the movie "The Imitation Game" to get some insight into what happens when someone assumes they are secure and then has their security broken. Good operators will not let you know you have been broken until years after the fact. Quantum code cracking will be happening long before anyone knows about it publicly.




Copyright 2008-2014 Ric Richardson. Powered by Blogger.