{"id":14698,"date":"2018-12-20T02:36:39","date_gmt":"2018-12-20T02:36:39","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=14698"},"modified":"2018-12-21T02:38:09","modified_gmt":"2018-12-21T02:38:09","slug":"is-quantum-computing-a-cybersecurity-threat","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/is-quantum-computing-a-cybersecurity-threat\/","title":{"rendered":"Is quantum computing a cybersecurity threat?"},"content":{"rendered":"

Dorothy Denning<\/a>, Naval Postgraduate School<\/a><\/em><\/span><\/p>\n

Cybersecurity researchers and analysts are<\/a> rightly<\/a> worried<\/a> that a new type of computer, based on quantum physics<\/a> rather than more standard electronics, could break most modern cryptography<\/a>. The effect would be to render communications as insecure as if they weren\u2019t encoded at all. <\/p>\n

Fortunately, the threat so far is hypothetical. The quantum computers that exist today are not capable<\/a> of breaking any commonly used encryption methods. Significant technical advances are required before they will be able to break the strong codes in widespread use around the internet, according to a new report<\/a> from the National Academy of Sciences. <\/p>\n

Still, there is cause for concern<\/a>. The cryptography underpinning modern internet communications and e-commerce could someday succumb to a quantum attack<\/a>. To understand the risk and what can be done about it, it\u2019s important to look more closely at digital cryptography and how it\u2019s used \u2013 and broken.<\/p>\n

Cryptography basics<\/h2>\n
\n \"\"<\/a>
\n Codes can be simple \u2013 or advanced.<\/span>
\n Derek Rose\/flickr.com<\/a>, CC BY<\/a><\/span>
\n <\/figcaption><\/figure>\n

At its most basic, encryption is the act of taking an original piece of information \u2013 a message, for instance \u2013 and following a series of steps to transform it into something that looks like gibberish.<\/p>\n

Today\u2019s digital ciphers use complex mathematical formulas<\/a> to transform clear data into \u2013 and out of \u2013 securely encrypted messages to be stored or transmitted. The calculations vary according to a digital key.<\/p>\n

There are two main types of encryption \u2013 symmetric, in which the same key is used to encrypt and decrypt the data; and asymmetric, or public-key, which involves a pair of mathematically linked keys, one shared publicly to let people encrypt messages for the key pair\u2019s owner, and the other stored privately by the owner to decrypt messages.<\/p>\n

Symmetric cryptography is substantially faster than public-key cryptography. For this reason, it is used to encrypt all communications and stored data.<\/p>\n

Public-key cryptography is used for securely exchanging symmetric keys, and for digitally authenticating \u2013 or signing \u2013 messages, documents and certificates<\/a> that pair public keys with their owners\u2019 identities. When you visit a secure website \u2013 one that uses HTTPS<\/a> \u2013 your browser uses public-key cryptography to authenticate the site\u2019s certificate and to set up a symmetric key for encrypting communications to and from the site.<\/p>\n

The math for these two types of cryptography is quite different, which affects their security. Because virtually all internet applications use both symmetric and public-key cryptography, both forms need to be secure.<\/p>\n

Breaking codes<\/h2>\n
\n \"\"<\/a>
\n The insides of an IBM quantum computer.<\/span>
\n IBM Research<\/a>, CC BY-ND<\/a><\/span>
\n <\/figcaption><\/figure>\n

The most straightforward way to break a code is to try all the possible keys until you get the one that works. Conventional computers can do this, but it\u2019s very difficult. In July 2002, for instance, a group announced that it had found a 64-bit key \u2013 but the effort took more than 300,000 people over four and a half years<\/a> of work. A key twice the length, or 128 bits, would have 2\u00b9\u00b2\u2078 possible solutions \u2013 more than 300 undecillion, or a 3 followed by 38 zeroes. Even the world\u2019s fastest supercomputer would need trillions of years<\/a> to find the right key.<\/p>\n

A quantum computing method called Grover\u2019s algorithm<\/a>, however, speeds up the process, turning that 128-bit key into the quantum-computational equivalent of a 64-bit key. The defense is straightforward, though: make keys longer. A 256-bit key, for example, has the same security against a quantum attack as a 128-bit key has against a conventional attack.<\/p>\n

Handling public-key systems<\/h2>\n
\n \"\"<\/a>
\n A pair of keys can help strangers exchange secure messages.<\/span>
\n David G\u00f6thberg\/Wikimedia Commons<\/a><\/span>
\n <\/figcaption><\/figure>\n

Public-key cryptography, however, poses a much bigger problem, because of how the math works. The algorithms that are popular today, RSA<\/a>, Diffie-Hellman<\/a> and elliptic curve<\/a>, all make it possible to start with a public key and mathematically compute the private key without trying all the possibilities.<\/p>\n

For RSA, for instance, the private key can be computed by factoring a number that is the product of two prime numbers \u2013 as 3 and 5 are for 15.<\/p>\n

So far, public-key encryption has been uncrackable by using very long key pairs \u2013 like 2,048 bits, which corresponds to a number that is 617 decimal digits long. But sufficiently advanced quantum computers could crack even 4,096-bit key pairs in just a few hours<\/a> using a method called Shor\u2019s algorithm.<\/p>\n

That\u2019s for ideal quantum computers of the future. The biggest number factored so far<\/a> on a quantum computer is 15 \u2013 just 4 bits long. <\/p>\n

The National Academies study notes that the quantum computers now operating have too little processing power and are too error-prone to crack today\u2019s strong codes. The future code-breaking quantum computers would need 100,000 times more processing power<\/a> and an error rate 100 times better than today\u2019s best quantum computers have achieved. The study does not predict how long these advances might take \u2013 but it did not expect them to happen within a decade.<\/p>\n

However, the potential for harm is enormous. If these encryption methods are broken, people will not be able to trust the data they transmit or receive over the internet, even if it is encrypted. Adversaries will be able to create bogus certificates, calling into question the validity of any digital identity online. <\/p>\n

Quantum-resistant cryptography<\/h2>\n

Fortunately, researchers have been working to develop public-key algorithms that could resist code-breaking efforts from quantum computers, preserving or restoring trust in certificate authorities, digital signatures and encrypted messages.<\/p>\n

Notably, the U.S. National Institute of Standards and Technology is already evaluating 69 potential new methods for what it calls \u201cpost-quantum cryptography<\/a>.\u201d The organization expects to have a draft standard by 2024, if not before, which would then be added to web browsers and other internet apps and systems.<\/p>\n

In principle, symmetric cryptography can be used for key exchange. But this approach depends on the security of trusted third parties to protect secret keys, cannot implement digital signatures, and would be difficult to apply across the internet. Still, it is used throughout the GSM cellular standard<\/a> for encryption and authentication. <\/p>\n

Another alternative to public-key cryptography for key exchange is quantum key-distribution. Here, quantum methods are used by the sender and receiver to establish a symmetric key. But these methods require special hardware<\/a>.<\/p>\n

\n \"\"<\/a>
\n A look inside a prototype of the hardware that exchanges quantum cryptography keys.<\/span>
\n National Institute of Standards and Technology\/Wikimedia Commons<\/a><\/span>
\n <\/figcaption><\/figure>\n

Unbreakable cryptography doesn\u2019t mean security<\/h2>\n

Strong cryptography is vital to overall individual and societal cybersecurity. It provides the foundation for secure transmission and data storage, and for authenticating trusted connections between people and systems. <\/p>\n

But cryptography is just one piece of a much larger pie. Using the best encryption won\u2019t stop a person from clicking on a misleading link or opening a malicious file attached to an email. Encryption also can\u2019t defend against the inevitable software flaws<\/a>, or insiders who misuse their access<\/a> to data.<\/p>\n

And even if the math were unbreakable, there can be weaknesses in how cryptography is used. Microsoft, for example, recently identified two apps that unintentionally revealed their private encryption keys<\/a> to the public, rendering their communications insecure. <\/p>\n

If or when powerful quantum computing arrives, it poses a large security threat. Because the process of adopting new standards can take years, it is wise to be planning for quantum-resistant cryptography now.\"The<\/p>\n

Dorothy Denning<\/a>, Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School<\/a><\/em><\/span><\/p>\n

This article is republished from The Conversation<\/a> under a Creative Commons license. Read the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Dorothy Denning, Naval Postgraduate School Cybersecurity researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography. The effect would be to render communications as insecure as if they weren\u2019t encoded at all. Fortunately, the threat so far is hypothetical. […]<\/p>\n","protected":false},"author":44,"featured_media":14695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3410],"tags":[],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/14698"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=14698"}],"version-history":[{"count":1,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/14698\/revisions"}],"predecessor-version":[{"id":14699,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/14698\/revisions\/14699"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/14695"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=14698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=14698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=14698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}