The applications running on the Internet today rely on a combination of symmetric and asymmetric encryption for security.
The asymmetric protocols are typically used for authentication and key establishment. Examples of such protocols include RSA, RSA-EC, DSA, DH, and DHEC.
The security of these protocols relies on the assumption that it would take even the most powerful classical computers thousands of years to solve certain mathematical problems (e.g. factoring large numbers or computing a discrete logarithm).
Shor’s Algorithm: Challenging classical assumptions
The assumption that these protocols were difficult to crack was held with confidence until 1994, when MIT professor, Peter Shor, showed that a quantum computer could break the encryption with ease. Using Shor’s algorithm, a large-scale quantum computer can solve the mathematical problems underlying existing encryption protocols in minutes.
Once a sufficiently large and reliable (fault-tolerant) quantum computer exists that can run Shor's algorithm, security as it is deployed on the internet today will be broken. The quantum computer will be able to decrypt all traffic without needing the keys.
How soon will quantum computers threaten existing encryption methods?
While quantum computers may reach maturity soon, the danger to existing networks already exists today. Expert predictions of the timeline of quantum computer development vary dramatically. Hardware vendors have predicted large-scale quantum computers to come online in the next 5-10 years. For instance, IBM expects to build a 1000-qubit device by 2023 and Google CEO Sundar Pichai predicted the tech company would have a commercial QC by 2029.
Because data risk is retroactive, networks transferring sensitive data will need to be upgraded well in advance of the existence of such quantum computers. If you capture secret traffic today, you will be able to decrypt it later once you have access to the quantum computer in the future. This presents serious concerns today for certain applications such as health care or defense, where information transmitted now must remain confidential for many years to come.
How can you secure your network against quantum computers?
Luckily, there are several methods to secure networks even against quantum computers. Three overlapping approaches include: post-quantum cryptography (PQC), quantum key distribution (QKD), and Entanglement as a Service (EaaS). These methods each imply a different underlying network.
- Today’s networks - PQC: PQC refers to a collection of classical encryption methods that shift the underlying mathematical assumption to protect from Shor’s Algorithm. These methods still rely on similar assumptions about hardness of mathematical problems, but don’t seem to be vulnerable to quantum computers running Shor’s Algorithm. Of course, for the most secure applications this assumption presents a major risk. The benefit of PQC is that it can run on today’s networks, though they may require additional bandwidth.
- QKD networks: QKD is a quantum encryption method that uses photons to agree on a secret key, protecting the key exchange by the laws of physics. The first proposed QKD algorithm was BB84, which has been built on from there. QKD networks are special-purpose networks built specifically to implement QKD. Because quantum states are fragile, QKD networks typically use trusted intermediate nodes to extend beyond single hops.
- EaaS networks: EaaS networks are general-purpose networks that distribute entanglement to end nodes for a variety of applications. EaaS works hand in hand with QKD and can be used to implement QKD protocols. A key difference between EaaS networks and QKD networks is that EaaS networks don’t rely on trusted nodes, instead using quantum repeaters. Today, EaaS networks are limited to short ranges. The development of quantum repeaters is the key enabling technology for EaaS networks.
To stay up to date about the latest developments in each of these network technologies, please sign up for the Aliro newsletter in the footer of this page. Please reach out to firstname.lastname@example.org if you have any questions or comments about this post.