Quantum computers that can crack standard encryption algorithms may arrive in a few years, a few decades, or maybe never. However, they are already having a significant impact. A new cryptographic arms race is developing around quantum computers, in a dynamic that threatens much of the modern world’s digital infrastructure.
Governments and big tech companies are frantically searching for ways to apply and counter the power of this technology. Most notably, they are developing encryption schemes that would be resistant to cyberattacks from quantum computers, also known as post-quantum encryption schemes. The challenge: Quantum-resistant algorithms can be vulnerable to conventional hacking.
Last summer, a classical computer that is not even capable of running Windows 11 broke a quantum-resistant encryption algorithm in less than an hour. For comparison, classical computers require hundreds of trillions of years to break the public key encryption schemes that are standard in everything from banking to security systems. The cracked algorithm, Microsoft’s SIKE (Supersingular Isogeny Key Encapsulation), was one of the US government’s late-stage candidates for modernizing current cryptography standards and preventing potential adversaries with quantum computers from unveiling highly sensitive data.
There is a real danger that, by attempting to address the risk of quantum hacking, security architectures might be opening another more devastating and immediate vulnerability. Had SIKE been prematurely deployed on critical systems, and its weakness been discovered by an adversary, the economic and security consequences would have been terrible.
However, continuing to rely on potentially outdated conventional encryption may be equally dangerous. If quantum computers were to break public key encryption, there would be significant consequences for the economy, privacy, and security. For example, hackers could use this capability to compromise US national security systems. This would potentially expose classified information, including intelligence and military data. Moreover, financial transactions, emails, digital signatures, and other confidential information could be decrypted.
A lack of understanding of quantum technologies in policy circles, international tensions, and infrastructural challenges further complicate the dilemma and increase the risk of miscalculations.
The race to post-quantum. Most current public key encryption relies on mathematical operations that are easy to solve but difficult to reverse. For example, it is easy to multiply two large prime numbers. However, finding these exact numbers by factorizing their product is extremely time-consuming for a classical computer.
Quantum computers could approach factorization by either turning it into an optimization problem or by applying a method called Shor’s algorithm. Shor’s is one of the few currently known algorithms that could allow quantum computers to perform dramatically better than conventional computers. This improved capability could crack the most popular types of public key encryption exponentially faster than classical computers.
The systems theoretically capable of these feats are known as “cryptographically significant” quantum computers, and they are likely decades away from existing. Initially, only powerful governments and big tech companies are expected to have access to these systems, because of their enormous cost and complexity.
These quantum computers would threaten encrypted messages sent before and after their invention. Countries are currently intercepting and storing data with the hope of decrypting it later, if these countries manage to develop a capable quantum computer. This method is known as “harvest now, decrypt later.” Some experts estimate that every message sent today is being collected by at least two countries or private organizations. However, the real extent of this practice is unknown.
The US National Institute of Standards and Technology is attempting to improve public key encryption by establishing a new post-quantum cryptographic standard. The new algorithms that the institute is compiling do not require quantum computers for their development. However, the schemes have taken considerable time to engineer. After a six-year competition, the organizers selected four initial winners and short-listed four additional algorithms as finalists for possible future implementation. SIKE was among the latter group.
After announcing the results, the institute encouraged the cryptography community to try to break the new algorithms. This vetting process brought in outside perspectives, in an attempt to identify issues that insiders might have overlooked. Only a month after the announcement, cryptographers from the research university KU Leuven were able to break SIKE’s encryption. Their research showed that a single-core computer, which applies mathematics developed in the 1990s and 2000s, can decrypt the algorithm in about an hour.
This type of hack is partial proof that the vetting process is working. If members of the public find vulnerabilities and communicate them to standard-setters, the standards institute can prevent malicious actors from exploiting these flaws at a later stage. In SIKE’s case, Microsoft encouraged hackers in the general public to share their findings by offering a $50,000 bounty. The reward system was successful in this instance. However, it is unclear whether money will always be enough to prevent hackers from trying to sell their findings to higher bidders.
There might be other reasons to worry. Jonathan Katz, a professor of computer science at the University of Maryland and core faculty member in the Maryland Cybersecurity Center, told Ars Technica: “It is perhaps a bit concerning that this is the second example in the past six months of a scheme that made it to the 3rd round of the [National Institute of Standards and Technology] review process before being completely broken using a classical algorithm.”
The other algorithm Katz refers to is Rainbow, which researchers cracked earlier in the year. Katz goes on to advise caution, noting that three of the four winners of the institute’s process “rely on relatively new assumptions whose exact difficulty is not well understood.”
Additionally, vetters do not currently have a cryptographically significant quantum computer to deploy against these new encryption schemes. Therefore, standard-setters are limited to running purely theory-based testing. Until post-quantum schemes undergo practical tests, there will be questions surrounding the algorithms’ reliability.
The dangers of fear. Quantum technologies have gained an aura of extreme complexity and occasional urgency. Periodically, a flurry of headlines on the imminent impact of quantum technologies rouses policy makers and industry members who do not understand how the technology works. This combination of alleged inexplicability and urgency is counterproductive, even dangerous.
Q-Day is a clear example. Q-Day is a narrative claiming that a large quantum computer will one day be able to suddenly crack existing public key encryption systems. In this scenario, the quantum computer would almost immediately decrypt crucial elements of international security and finance. Catastrophic consequences for defense would follow, along with monetary losses and a collapse of trust in the international financial and security architectures. It is a grim picture.
While Q-Day does identify a few genuine potential risks, some of its assumptions are contestable. Chief among them is viewing the advent of cryptographically significant quantum computers as a question of “when” and not “if.” Experts and institutions have argued that there is no guarantee cryptographically significant quantum computers will ever be a reality.
Additionally, Q-Day’s apocalyptic scenario assumes that quantum computers will develop explosively, almost overnight. Considering the numerous significant technical challenges that remain, it is unlikely that quantum computers will improve at this pace, although it is difficult to predict when or if breakthroughs will happen.
Finally, the Q-Day narrative treats certain important hurdles for conducting quantum hacking as trivial. For example, it ignores that hackers bent on decrypting data would require access to encrypted files and time on a quantum computer, which would be a precious finite resource.
Unchecked, these assumptions could lead policy makers to rush standard-setting processes, producing vulnerabilities in cryptography schemes. Policy makers can prevent this by refusing to see quantum technology as an impenetrable domain, and instead making an effort to better understand it. Free resources published by nations, companies, and science communicators can help the “quantum curious” learn about this new technology.
International competition is also putting pressure on the United States, European Union, China, and other nations to develop quantum-resistant cryptography. Every so often, one of these competitors claims to be on the cusp of breaking public key encryption. The latest episode featured a group of Chinese researchers claiming that they had engineered a new quantum decryption algorithm. This method would allegedly work on significantly smaller quantum computers than initially thought necessary for efficient cryptanalysis. However, as is often the case in this field, the results were not as significant as initially thought.
Given the highly sensitive nature of technologies used for quantum cryptography, it is very difficult to assess the true progress being made. International tensions and imperfect information allow fears of strategic surprise to fester. A strategic surprise is an unexpected change that challenges current strategic assumptions. In this case, the development would be societies losing an essential, secure channel of communications. A government could develop and use a cryptographically significant quantum computer without the knowledge of others, leaving competitors guessing whether they are being hacked or not.
Mitigating the risk of strategic surprise will require careful development and implementation of robust post-quantum encryption. The issue has recently gained more political attention in the United States, with the Senate and the Biden administration taking action. The latter instructed federal agencies to begin preparing for the transition to post-quantum encryption. However, a wider migration will require software and hardware changes to an extensive set of devices, likely taking at least a decade and costing billions of dollars. This level of effort and time horizon will require consistent action.
There is a long road ahead before societies can achieve a reliable post-quantum public key encryption system. However, companies and governments can currently implement security measures to better protect data and support the transition to quantum-resistant encryption. These measures range from less technical, such as risk assessments, to highly complex, such as implementing quantum key distribution. Data managers can also set up honeypots (encrypted but useless data) to mislead attackers, and compartmentalize their data and encrypt each part separately.
Beyond these technical solutions, governments and industry can educate themselves to avoid falling prey to hype. Governments could partly ease international tensions by holding—or at least not preventing—dialogues between scientists, engineers, and policy makers to better communicate and understand threat perceptions. These discussions could help avoid unwanted confrontations.
Moreover, discussing quantum hacking in policy and military doctrines could help clarify its use. However, it would be difficult for outsiders to verify whether countries are following doctrines or international agreements that may limit the use of quantum computers.
Ideally, governments and industry should mitigate the technical and political risks of quantum hacking, a capability that might never come to fruition—while also being careful not to provide everyone who has a moderately modern computer with the tools to hack government secrets.
Editor’s note: This article is an adaption of a paper presented at the International Student/Young Pugwash (ISYP) Third Nuclear Age conference in November 2022. Selected participants had the opportunity to submit their work for publication by the Bulletin, which was one of ISYP’s partners for the conference.
The Bulletin elevates expert voices above the noise. But as an independent nonprofit organization, our operations depend on the support of readers like you. Help us continue to deliver quality journalism that holds leaders accountable. Your support of our work at any level is important. In return, we promise our coverage will be understandable, influential, vigilant, solution-oriented, and fair-minded. Together we can make a difference.