The modern world relies on the internet for everything from communication to shopping to national security. For this to be possible, communicating through the internet must be secure. Though hacks and data breaches are common, these occur due to mistakes in code and server configurations. The encryption used to secure the internet is extremely difficult to crack. However, recent innovations in quantum computing may make these techniques ineffective.
Preemptive steps are being taken by many companies to prepare for this. New algorithms have already been developed to keep the internet secure in a post-quantum world. The post-quantum world is still very far-off, but the progress is speeding up.
The world of quantum mechanics is pretty wacky. Though the laws of physics accurately describe everything big enough to be seen by the human eye, extremely small things behave differently. Quantum mechanics describes the behavior of these extremely tiny things. The strange rules of quantum states have led to even stranger discoveries including new states of matter.
You may have heard of Schrödinger’s Cat, a common thought experiment in Quantum Mechanics. This experiment imagines placing a cat in a dangerous box, where there is a set chance the cat will die. When the box is closed, we don’t know whether the cat is dead or alive. Logically, we would assume that the cat is in fact either dead or alive inside the box. We simply can’t tell which until we open the box. However, according to quantum mechanics, until the box is opened, the cat is both alive AND dead simultaneously.
This idea is extremely difficult to reconcile with a normal understanding of how our world works. We assume that everything in the world exists in a set state. The world of quantum mechanics throws this rational view on its head. Particles exist in all their possible states until they are observed. These particles exist as “waves of probability” until they are measured. When they are observed, the probability of these states is revealed.
Quantum computing applies this concept to bits, the ones and zeros of a computer’s binary code. While traditional computers encode all data as a series of defined bits, quantum computers use quantum bits, or qubits. Qubits encode information in a non-deterministic way, existing as both a one and a zero simultaneously.
This enables all of the possible combinations of bits to exist at the same time. The trick is in reading the probability of these states from the qubits. How this creates real data is well beyond my understanding of physics. However, teams at Google, IBM, D-Wave, and the Chinese Government have built machines capable of doing just this. The implications of these innovations are huge.
Encryption is at the core of all computer security. This field of math makes it possible to scramble information in a way that only the intended recipient can read its contents. For this to be secure, computers use secret “keys” that unlock the data. These keys are extremely complex and would require massive amounts of time for a traditional computer to guess. Quantum computers, however, can try every code simultaneously. This enables them to break encryption, as long as they have enough qubits. Currently, IBM has created a quantum computer with 50 qubits, still a fraction of what is needed to break real-world encryption.
Most websites implement cryptography (or should) to send and receive information. Most modern web browsers display a lock when this is working. Securing these connections is more difficult than standard encryption. The secret key needed to decode the data cannot be safely sent over the internet. Instead, websites use a different type of encryption.
This method (called TLS or SSL) uses public-key encryption. In this scheme, there are two keys, one to scramble and one to unscramble. The private key allows encrypted data to be read. An additional public key can encrypt, but not decrypt data. Therefore it is safe to send over the internet. A process called the Diffie-Hellman Key Exchange is used to exchange these keys.
Complex math is used to secure this process. Certain operations in math are easy in one direction, but not in another. A common example is multiplying prime numbers. It is easy to generate large prime numbers and multiply them. Once that number is created, the only way to find the prime numbers used is to try all the possible combinations. This problem is considered “NP” meaning that it cannot be solved with a “polynomial” (reasonably fast) algorithm. Instead, every possible combination must be tried. There are techniques to decrease the average number of attempts, but they are still very slow.
Shor’s algorithm is a quantum algorithm that solves this and similar problems (factorization of integers). It was proposed in 1995 by Peter Shor. It allows a quantum computer to solve these in “polynomial time.” Though no quantum computer has been built that can run this algorithm on real encrypted data, the theory already exists.
Though quantum computers may sound like the next Y2K, they will likely come to the same end. There are already quantum resistant encryption algorithms. Though they are not yet the standard in modern security, they will likely be implemented in the coming years.
Many companies are working on solving this problem before it happens. The National Institute of Standards and Technology is currently examining 69 different proposed algorithms. The NSA has begun to advise agencies and private companies to begin transitioning to quantum resistant algorithms. The internet company Cloudflare is working in partnership with Google to transition website security (TLS) to quantum-resistant algorithms.
Building effective and efficient quantum computers is harder than creating quantum-resistant algorithms. Therefore, the internet will likely still be secure when quantum supremacy (quantum computers beating classical ones) is achieved.
One area of concern that is difficult to address is old data. Though most web traffic cannot be read now, it can be recorded in its encrypted form. This encrypted data could be stored indefinitely. Eventually, this may enable bad-actors to use quantum computing to decrypt sensitive information in the future. Though most of this data will no longer be useful, some of it may. As personally identifiable information (PII) becomes increasingly valuable hackers may use stored data to extract information like SSNs and birth dates. The implications of this could be huge. However, they are yet to be seen in reality.
Though quantum computing is likely to render modern encryption ineffective, new techniques to protect data are already being developed. Additionally, quantum computers capable of effectively breaking encryption are still far off. However, quantum computers will certainly disrupt many technologies and areas of research.
Image Credit: Shutterstock/Yurchanka Siarhei