Quantum Tech to Break Encryption Sooner than Expected

Breaking encryption using quantum computing could be 20 times easier than previously thought. It's not happening any time soon, but the point where computer security needs an overhaul may be earlier than expected.

Most computer encryption today is based on creating an encryption key by multiplying two large prime numbers together. The beauty and simplicity is that doing this is very simple, but reversing the process to work out what the two numbers originally were is incredibly complex. While a computer can eventually figure it out, the idea is that it would take so long (potentially years or more) that it's not practical.

That will all change with quantum computing, which leverages the principles of quantum physics - allowing particles to exist in multiple states simultaneously. As complex as that is, it makes the simple change that a particular "bit", the smallest data unit in a processor, is no longer restricted to be a 0 or a 1 at any given moment. This dramatically speeds up processing time and makes it much easier for a computer to explore multiple solutions to a problem at the same time: exactly the approach that would be most useful for trying to break encryption.

Slower But Simpler

Previous estimates were that it would take a quantum computer with around 20 million "noisy qubits" (a similar concept to a bit in ordinary computing) eight hours to crack a form of encryption called 2048-bit RSA. That uses a key that's 617 digits long and is widely recommended as a minimum level of security today.

Now research by Google finds it would be possible to use a quantum computer with 1 million qubits to crack the encryption in a week. It involved a tweak to the approach that means using approximate (rather than precise) numbers to save time without compromising the results, as well as using better error correction. Needing one week rather than eight hours to decrypt the data might not make a major difference if the attack involves stolen or leaked security keys. (Source: newscientist.com)

Post-Quantum Solutions in The Works

On paper the change doesn't appear that dramatic: twenty times fewer qubits taking around 20 times as long to complete the task. The issue is that while we're still many years away from such powerful quantum computers (the biggest in use today is just over 1,000 qubits, with plans for a 100,000 qubit model by 2033), a one million qubit computer will likely be with us significantly earlier than a 20 million qubit one. (Source: decrypt.co)

Fortunately security researchers continue to work on new forms of encryption known as "post-quantum cryptography." A UK security agency recently urged organizations to assess their security needs and plan for the future by 2028, set a deadline of 2031 to move the highest priority systems to new forms of encryption, and move all systems by 2035. It could be that the Google development makes that timescale too close for comfort.

What's Your Opinion?

Do you worry about quantum computing compromising security? Do you trust the computer industry to solve the problem better than criminals can exploit it? Is something happening earlier than expected next decade really a big deal?