The National Institute for Standards in Technology (NIST) has a new report
highlighting the dangers of the possibly-fast-oncoming quantum
computing revolution, which could challenge the modern way of life by
making online commerce fundamentally insecure. The study of how to keep
encrypting messages even in the face of exponentially increased
computing power is called “post-quantum cryptography,” or
“quantum-resistant cryptography,” and the reality is that nobody knows
quite how urgent it really is. Perhaps real, programmable quantum
computers will never be a reality — but perhaps they will, and if they
will, we’d better be ready. NIST thinks we need to be focusing far more
on “cryptographic agility,” and the ability to adapt existing encryption
standards in response to disruptive new technologies.
NIST is planning a post-quantum competition to
try to stimulate more work in the area. But it can be difficult to
motivate significant investment when things are currently working just
fine, and the crash is a purely theoretical future problem. It takes a
concerted education campaign to impress on executives exactly why it’s
so important — this isn’t just your ability to complete business-sized
wire transfers, but your ability to email a colleague in confidence, or
pay for a product on Amazon, or keep your browsing history secret.
Though we probably don’t need to switch to it until quantum computers
actually come around, we do need a solution ready to go when that day
comes.
DWave’s (alleged) quantum computing chip.
The report says
that there are a number of possible approaches already available,
including lattice-based cryptography and multivariate polynomial
cryptography, but they are all attempts to replicate the usability of
modern crypto. That is to say, the new approach has to be able to work
over modern computer infrastructure, and it must not itself require a
quantum computer in order to work. So, “quantum encryption” is not a
form of post-quantum cryptography; if we use quantum entanglement to
transmit information, or encrypt it with a quantum-speed algorithm,
we’ve done a very impressive thing with no relevance to the average
internet user. Not good enough.
One
big problem with existing efforts is that there are no robust quantum
computers around to do the attacking — this all comes down to running
theoretical attacks based on the assumed abilities of an early quantum
attacker. That makes it more difficult to tell when you’re making
progress, or when you might have reached your goal. In addition, almost
all currently theorized solutions requires much longer keys than modern
algorithms, perhaps twice as long or more, and it’s doubtful modern
internet protocols could immediately handle the switch. So, any effort
to move toward post-quantum software has to be undertaken with
foresight, and in collaboration with a number of interested parties and
standards organizations.
There are always rumors flying around about
the NSA’s secret quantum computers, how they’ve had years of access to
tech that can break high-level RSA like it’s nothing — but there’s no
reason to believe that’s the case. Despite the FBI’s various run-ins
with Apple and the rest of the tech world, there seems to be a growing
awareness that security standards effect everyone, and that
technological crime is a great equalizer on the world stage; the NSA itself
has been poking the development world about better post-quantum
solutions. The negative impacts of quantum computers could just as
easily be turned on the US Government as anyone else. If a foreign power
does develop a crypto-breaking quantum machine, the US isn’t likely to
know about it until it’s already been snooping through their
communications for quite some time.
So, there are conflicting incentives. On the
one hand, global business doesn’t usually like to fix things that aren’t
broken. On the other hand, the potential consequences of being
unprepared when the day comes are enormous.
Post a Comment