Quantum computers today can’t stand up to modern encryption methods. But if simulations prove true, a future of larger, more powerful systems may threaten the integrity of government information and, subsequently, national security.
Quantum computers are fundamentally different from traditional computers. The processors they use rely on quantum physics to solve specific problems that regular computing processors could never solve. Companies such as IBM, Intel, Google and D-Wave Systems are developing quantum computers, and some companies are on track to release quantum computing processors that reach “quantum supremacy,” the 50-qubit academic benchmark at which a quantum processor outpaces traditional supercomputers.
That improvement is a double-edged sword. While today’s impossible computing problems include analysis of complex chemical reactions and organization of multi-variable logistics (think self-driving cars or automated package delivery), they also include the code that keeps classified government information safe.
“This is definitely a very real threat,” said Dustin Moody, a mathematician with the National Institute of Standards and Technology (NIST). “We’re putting a good number of resources on this project.”
A 2016 report from NIST, which handles cybersecurity for non-classified government information, warned that if large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. That in turn would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.
Granted, it could be decades before quantum computers are used for nefarious means. But federal cybersecurity experts are preparing now for what’s to come, with NIST currently working on quantum-safe algorithms and new federal guidelines that would better harden systems from future vulnerabilities, NIST mathematician Dustin Moody said.
Such strategies are driven by an ever-closing window of time. Put in place protections now that in theory promise to be effective for two decades, Moody said, and government won’t find itself vulnerable when a more capable quantum computer is created in 10 years.
The National Security Agency actually began taking proactive steps a few years ago, announcing in 2015 it was planning a move to quantum-safe algorithms. The agency is also working on removing vulnerable public-key algorithms.
Next-generation technologies also hold some promise. The NSA told Fifth Domain in a statement that it is exploring a variety of means to protect sensitive data from future quantum computers, including artificial intelligence and quantum infrastructure.
“NSA concurs with experts who say that quantum computing has the potential to become a national security threat one day if quantum resistant algorithms are not implemented,” the statement read.
Despite the security risk, sidelining quantum computing is not the answer, said Scott Crowder, IBM vice president and CTO for quantum computing. He testified in front of a subcommittee of the U.S. House Committee on Science, Space, and Technology last year, saying quantum computing applications will bring powerful tools to the United States if the nation makes enough investment to keep the country competitive in this field.
“Quantum computing is not just another emerging technology. It is a radically different computing paradigm that could launch a new age of human discovery,” Crowder said. “The technology will one day help us to solve problems that are unsolvable today with classical computer systems. You are right to focus on U.S. quantum leadership given its critical importance to our national competitiveness and security.”
Quantum computers are known to be able to break public-key cryptography, which is a common system of protecting data that uses one “key” to encrypt the data and another “key” to decrypt it. Some potential methods to counter such a threat could be symmetric-key algorithms, which use one secret key to encrypt and decrypt information, provided they’re at least 512 bits long, Moody said. Other options are lattice-based cryptography, where the structure of an algorithm is built upon an abstract mathematical grid of two-dimensional points, and multivariate cryptography, which relies on algorithms that solve nonlinear equations.
NIST recently held a call for entries for a competition for innovative post-quantum cryptography ideas that use these or other methods. NIST will review and test the proposed ideas over the next three to five years. It’s also developing new standards for the federal government’s cyber policies so it will be ready for the day when quantum computers spread across the world.