Quantum computers are breaking down, and hardware makers have warned of a potential security crisis looming with such lightning-fast systems capable of cracking encryption in seconds.
To counter this, companies like Intel, Microsoft and IBM – which also build quantum computers – are looking to the future and creating quantum-resistant algorithms to secure the systems of the future.
Companies are working with standards bodies like the National Institutes of Standards and Technology to test and finalize new algorithms that could withstand security attacks from quantum computers, while eliminating algorithms that aren’t effective.
The technologies available today are sufficient to secure data such as credit cards and social security numbers, but it’s time to recognize that data must be protected from quantum computers, which could crack advanced encryption in seconds. only, said Greg Lavender, chief technology officer and general manager. from Intel’s Software and Advanced Technology Group, during a keynote at the Intel Vision Conference in Grapevine, Texas.
The risk is public key cryptography, which serves as the basis for online transactions, which could be easily compromised by quantum computers. Attackers will have the ability to crack public key cryptography when quantum systems reach a certain scale and number of qubits.
“Public-key crypto should be completely broken due to Shor’s algorithm, and current crypto algorithms will have to be replaced by a new class of quantum-resistant algorithms,” Lavender said.
Quantum computer makers seek to standardize crypto-resistant algorithms through agencies such as the National Institute of Standards and Technology.
“They all go through some kind of baking and slowly whittle the list down to a smaller subset,” Lavender said.
Conventional algorithms like those of Grover and Shor, which have been around for decades, are widely used for quantum computing, with well-established and provable mathematical speedups. The goal is not to uproot these algorithms, but to investigate multiple approaches, such as adopting a hybrid approach that mixes classical algorithms and quantum approaches, Lavender said in response to a question from HPCwire during of a press conference after the opening speech.
“The open source community is already prototyping, experimenting and evaluating these things. In fact, some have…already been attacked and shown to have weaknesses and have been delisted,” said said Lavender.
The companies have set a timeline to have viable quantum-resistant algorithms in place by 2030, which Lavender has dubbed “Y2Q”, playing on the Y2K crisis.
“While the exact timeline is difficult to predict, as quantum technology continues to evolve, post-quantum experts anticipate a time within the next 8-10+ years when we as an industry, will reach a situation similar to what we saw with the infamous Y2K millennium bug,” Lavender said.
The goal is to secure data against attacks from multi-million-qubit systems, said Anil Rao, vice president of systems and engineering at Intel’s office of chief technology officer.
“Although fully capable quantum computers are not yet available today, adversaries can still pose a threat by harvesting today’s encrypted data with lower encryption quality now and decrypting it later when computers quantum will be available,” Lavender said.
Intel is taking a three-pronged approach to dealing with these threats posed by the quantum adversary.
The company approaches the collection of encrypted data by increasing the key sizes of cryptographic algorithms, both symmetric and asymmetric. One approach is to replace 128-bit AES with 256-bit AES, which offers more protection.
Another approach is to increase the robustness of code-signing applications such as firmware and software authentication with quantum-resistant algorithms, which helps guard against attacks.
Finally, Intel is also working to secure the Internet by replacing traditional public-key encryption algorithms with standardized post-quantum encryption algorithms, which include key wrapping and digital signature algorithms used in fundamental applications for Internet transaction security.
Microsoft has four algorithms in contention, Microsoft Azure chief technology officer Mark Russinovich said during a panel discussion after Lavender’s keynote.
“We also worked on enabling the use of these algorithms even today with OpenVPN software that applies cryptographically strong algorithms to VPN connections,” Russinovich said.
People are ready to put their credit card information in apps and on devices, and it’s important to get a security appliance in place quickly to protect against quantum attacks, said David Kanter, analyst at Real World Technologies, during the show.
“I think part of it is having this perspective that ‘we can’t afford to go back to the dark ages to find out if it’s safe to put my credit card online.’ this is as little friction as possible,” Kanter said.