It’s Already Time to Prepare For Quantum Computers
As quantum computers get closer, we examine the threats they’re causing to our online privacy right now.
Recently, a Chinese study sparked controversy by claiming that quantum computers will be able to break commonly used encryption algorithms much sooner than previously thought. But whether it takes 2 years or 20 years, this affects your online privacy today.
Is this real, or just a theory?
There’s no longer much discussion over whether quantum computers are coming. They already exist. But they’re not yet powerful enough to be much use in practical cryptographic attacks.
But quantum computers are growing, and becoming practical, with better reliability, less noise, and most famously, more qubits. And the algorithms and the programs are ready and waiting. That’s right, we already have the software, we just don’t have a quantum computer that can run it.
Modern cryptographic standards are built around computation time. An encryption algorithm is considered secure if it will take an infeasibly long time to crack without the key, even if you have access to a huge amount of computation power.
Quantum computers are threatening to disrupt the cryptography world. They work in a fundamentally different way to classical computers, meaning that many types of cryptographic calculations (such as factoring prime numbers) can be completed in much shorter time. Although quantum computers of the scale and reliability needed are not yet with us, there are some reasons that the time to start preparing is now.
Your data is being harvested right now
When you send data over the internet, or store it in a cloud, it passes through many systems on its journey. In the past, data was commonly sent unencrypted, and could be viewed or altered by these systems as it passed through. But as encryption and signing became standard (eg SSL), your data can no longer be easily read or corrupted. But it can be stored.
Internet Service Providers, intelligence services and VPN companies, among others, can (and often do) save your data in its encrypted form. There’s not much they can do with it right now (except traffic analysis, host headers… OK, there’s some things). But if they store it for long enough, then they will be able to read it in the future, once the encryption is broken. This is referred to as a store-now-decrypt-later attack.
Will your secrets still be sensitive when this is broken? That depends on your personal threat model. Will you be happy if these organizations have access to your emails, browsing history, personnel files and photos in 20 years time? How about 5 years? This is especially concerning as we see so many data leaks. Maybe you don’t mind these faceless organizations reading your medical records, so long as they don’t get back to your employer. But can you trust your ISP to keep them secure? Probably not.
But that’s not the only reason to start preparing for the quantum shift.
Your devices might still be in use
Typically, we replace our smartphones every 2 to 3 years. But many devices have lifetimes that are far longer. MRI machines, for example, are expected to last well over a decade, and are often kept in service for even longer. As cloud connectivity everywhere becomes the norm, more and more sensitive data is going to be communicated by machines running old software.
Of course, this can be solved by keeping software updated. But as we see so often, that’s easier said than done. And this is complicated as the software update mechanism also uses encryption, to ensure that the update is genuine and uncorrupted.
What can we do to get ready?
At Kaymera, we’re investing time in making our software quantum ready.
First and foremost, we need to keep our software and communication secure against classical attack vectors. We do that by using industry standard, tried and tested cryptography, and we will continue to do that.
But following Google’s example, we’re starting to add post-quantum cryptography as an extra layer of protection in our new products. This guarantees us the full security that we’ve had up to now, but with the promise of reliable privacy well into a quantum future, whenever it arrives.
