Visible to the public SoS Musings #39 - Cryptographers Prepare for the Arrival of Quantum ComputersConflict Detection Enabled

SoS Musings #39 -

Cryptographers Prepare for the Arrival of Quantum Computers

Quantum computing is the leading application of quantum physics in technology. Quantum computers are expected to provide several advancements and benefits for many different fields such as artificial intelligence, molecular modeling, financial modeling, weather forecasting, drug design, and more. However, much preparation is needed for the risks and threats presented by quantum computers.

Quantum computers are expected to solve the most complex problems since the way in which they operate allows them to perform calculations that classical computers cannot. Classical computers encode information in bits, with each bit representing a 0 or a 1. These zeros and ones behave as on-off switches that enable computers to carry out operations. In quantum computing, qubits are used to encode information. Qubits apply the principles of quantum physics, known as superposition and entanglement, to solve problems. Superposition describes a qubit's ability to exist in many states simultaneously, which allows qubits to be either one or zero or both one and zero. Entanglement refers to the correlation between two qubits in a superposition that forces the state of one qubit (e.g., a zero, a one, or both) to depend on the other qubit's state in the relationship. The application of entanglement reduces the number of logic operations needed to solve a problem. These quantum mechanics principles enable quantum computers to perform calculations and solve a given problem exponentially faster than classical computers. IBM further illustrates why quantum computers are more powerful than traditional computers, using an example involving solving a maze. A classical computer would use its bits to test each possible route individually until it finds the correct one. In contrast, quantum computers would apply the principles of superposition and entanglement via qubits to find the right path significantly faster with fewer calculations. However, quantum computers' ability to solve complex problems will require the development of new cryptographic approaches.

While there are significant potential benefits to quantum computing, security experts have expressed concern about the threat posed by quantum computers to the current security protocols that protect passwords, digital signatures, health records and other types of data stored in systems managed by the government, military, financial industry, and more. The quantum-mechanical properties possessed by quantum computers that enable them to calculate at a significantly faster rate than today's computers give them the potential to break current encryption algorithms, including RSA and ECC. When quantum computing renders modern encryption algorithms useless, troves of sensitive data will be left open as attackers will use quantum computers to break secure communications.

The potential impact of such attacks has prompted the race among researchers and security firms to develop new approaches to cryptography, characterized as Post-Quantum Cryptography (PQC), that can withstand such attacks. An article published by MIT Technology Review defines PQC as the development of new types of cryptographic methods that can be applied via modern computers while being impervious to future quantum attacks. The U.S. National Institute of Standards and Technology (NIST) is making an effort to get quantum-resistant cryptographic standards ready before the age of practical quantum computing arrives. The government agency initiated the PQC Standardization Process in which researchers from academia and private industry are challenged to develop a new generation of cryptographic algorithms that are impenetrable by quantum attacks as well as replace modern cryptography. The NIST process seeks algorithms that fall into two general categories: key-establishment algorithms and algorithms for digital signatures. Key-establishment algorithms aim to enable the agreement on a shared key between two parties that have never met, while algorithms for digital signatures verify whether data is authentic. Both categories call for new algorithms based on mathematical approaches that could not be deciphered by quantum computers. NIST recently announced that the PQC process has entered the third phase in which the number of submissions initially received has been boiled down from 69 to 15. At the end of this round, NIST will standardize one or more of the quantum-resistant algorithms. NIST plans to conclude the process and draft standards for PQC in 2022. Qrypt, Inc. licensed a Quantum Random Number Generator (QRNG) from the Department of Energy's Oak Ridge National Laboratory (ORNL) to include the generator in its existing encryption platform and leverage inherent randomness of quantum technology to create unique and unpredictable encryption that is unbreakable by cyberattacks, including those executed by quantum computers. The QRNG technology is said to be capable of detecting and measuring the characteristics of electromagnetic waves, called photons, to create truly unique, unpredictable, and indecipherable encryption keys. IT experts at Monash University devised a post-quantum secure privacy-preserving algorithm, called the Lattice-Based One Time Linkable Ring Signature (L2RS), powerful enough to prevent attacks launched using quantum supercomputers in the future. The L2RS enhances the security and privacy of large transactions and the transfer of data to the extent at which they are unable to be hacked by quantum computers. IBM researchers have also proposed lattice cryptography as a security method to protect data from crypto-breaking quantum computers. Researchers must continue their efforts to develop post-quantum cryptography before quantum computers are ready.

Although it remains unknown as to when quantum computing will render modern cryptography algorithms obsolete, researchers from academia and private industry, as well as the government, must collaborate and continue advancing cryptography for the post-quantum future.