WASHINGTON — Here at only the second-ever Quantum World Congress, there’s excitement in the air about the prospects for everything from picosecond-precise timing to unhackable communications using entangled particles. But a shadow looms on the horizon: the potential for quantum computers to crack the current encryption algorithms that safeguard everything from bank transactions to weapons systems.
“It is important to us to make sure we are investing in both sides — to make sure that we are protecting ourselves [from quantum attacks] while we are also seeking to figure out … how to leverage quantum technology” for America’s own use, said Stacey Dixon, Principal Deputy Director of National Intelligence, in a Q&A with conference attendees. “All systems need to be hardened.”
This is not a problem for the distant future but today, said James Kushmerick, director of the Physical Measurement Laboratory at the National Institute of Standards and Technology, which is finalizing new “quantum-resistant” encryption standards. “The sooner we get this out,” he told the conference, “the better off we’ll be whenever a cryptographically relevant quantum computer is developed.”
Such an all-conquering computer doesn’t actually exist yet. But there lies the paradox of what’s called quantum-resistant or “post-quantum” encryption: You don’t need a quantum computer to start laying the foundations for a quantum-powered hack — or, fortunately, to start building a defense.
RELATED: Expand National Quantum Initiative to keep up with China, say officials, experts, legislators
The threat is a tactic called “collect now, decrypt later.” Well-heeled foreign intelligence agencies (and the American NSA) already scoop up terabytes of encrypted communication. Whatever they can’t crack today can just go into long-term storage, waiting for quantum computers to get powerful enough to break them.
Of course, some secrets will be irrelevant by then, such as the positions and immediate orders of military units: It doesn’t help much to decode “Attack Pearl Harbor Dec. 7″ on Dec. 8. But other data remains relevant for decades, because that’s how long the US military keeps many systems in service. Data like design details and test data from X-35 development in the late 1990s, for instance, will be of interest to adversaries until the F-35 retires circa 2070. And even out-of-date information on past operations could be fed into an artificial intelligence that looks for repeated patterns that might predict a future move.
“There’s a long tail of how valuable information may be if it’s collected now and decrypted later,” Kushmerick told the conference, what the government has described as data with a “long secrecy lifetime.”
How much “later” will someone get a quantum computer able to break existing codes? While the public can’t know what’s happening in secret government labs, IBM unveiled a 127-qubit (quantum bit) computer in 2021, hit 433 qubits in 2022, aims to reach 1,121 qubits this year, and has talked of breaking 4,000 qubits by 2025 — what some experts (but hardly all) say is a critical threshold for codebreaking. By one company’s estimate, a 4,000-qubit computer could to decrypt the widely used RSA encryption — which would take today’s supercomputers “millions of years” to crack — “in a matter of hours”; another company says 10 seconds.
So while widespread quantum computing remains many years away, cutting-edge intelligence agencies could apply it to high-priority targets much sooner.
“You want to do ChatGPT on quantum computers, that will require it to become commonplace… That’s 10 years away, no doubt about it,” said Neeraj Paliwal, general manager at Rambus, a company developing quantum-resistant chips. “[But] all they need, at the state level, is four or five functioning quantum computers, even if it is at the cost of $200 million.”
“That’s why NSA and government are all over it,” he told Breaking Defense.
The good news, according to Paliwal and others in the field: You don’t need a quantum computer to stop a quantum computer, just better encryption algorithms. And those new algorithms should be able to run on today’s computers, although a lot of lower-power devices will need to be upgraded or replaced.
“It’s not all that different from how we’re doing it now,” said Michael Vermeer, a senior scientist at RAND, in an interview with Breaking Defense. “It’s just a new algorithm, [using] a different area of mathematics.”
“You don’t need a quantum computer to fight a quantum computer,” agreed Rebecca Krauthamer, co-founder of QuSecure, which develops quantum-resistant software. “It’s not a quantum algorithm we’re using to encrypt things,” she told Breaking Defense. “It’s still classical math, it’s just math that’s really hard for a quantum computer to solve.
That said, she warned, “You can’t say anything is ‘quantum-proof’ because everything is always changing…. It’s going to evolve in ways we can’t foresee.”
At first glance, the government timeline to deploy the new quantum-resistant algorithms looks outright stately. Last year, the NSA set an official target of 2035, over a decade away, for all “national security systems” across the US government to migrate to quantum-resistant encryption.
The National Institute of Standards & Technology released draft standards for the first three algorithms last month and will take comments on them until Nov. 22 before finalizing them next year. At that point, Kushmerick told the QWC conference, it’ll be up to “industry [to] deploy into a product.”
But that doesn’t mean companies and agencies should sit on their hands until 2024, experts emphasized.
“The government… especially DoD, has been doing a lot on trying to prepare the defense industrial base and elsewhere in the government to transition as quickly as possible to the new standard,” said RAND scientist Vermeer.
In August NIST, the NSA and and Homeland Security’s CISA published a factsheet urging industry, especially those who support critical infrastructure, to “begin preparing now” to migrate to post-quantum defense.
The message was, in essence, “We haven’t fully signed off on the algorithms, so be careful, but you need to start today, [because] it’s a really hard problem,” said Kaniah Konkoly-Thege, head of government affairs at the quantum computing firm Quantinuum. “Take that basic step of inventorying your date, inventorying your assets, [and] putting in proper policies for retention of data. You also should start testing aggressively, she told Breaking Defense: “Break your system and figure out what doesn’t work.”
“When we move some aspects of our infrastructure to the new standard, it’s going to break things,” agreed Vermeer. That’s something Google, Amazon, and other major companies have already found in trial runs with prototype post-quantum encryption, he said. “The point of these tests was to figure out where things fail, [but even so] they were surprised – things broke in places that they weren’t expecting,.”
“There is a lot of software that needs to be patched,” he said. “We don’t know where all of it is right now.”
RELATED: Zero trust is breaking things at the DIA, and ‘that’s good,’ CIO says
Many applications that use RSA and other reportedly quantum-vulnerable algorithms are obvious, from online shopping to military communications. But other uses of encryption are hidden deep in complex systems, sometimes in obscure subroutines that need to communicate securely, sometimes in functions embedded on individual chips.
The military has a particularly tricky hardware problem because a lot of its secure technology is not in laptops, desktops, or centralized data centers, but built into all sorts of weapons systems. Much of this “embedded” microelectronics is tailored for specialized military purposes and — because of its age, cost-cutting, or both — has little margin to run the new and more complex quantum-resistant algorithms.
“If you have some hardware that is deployed… and it cannot handle the new algorithm, you cannot fix that, a lot of the time, without ripping it out and replacing it, which is a big problem,” Vermeer said. “Part of the urgency for national security systems [is] trying to make sure that what we are deploying now is going to be able to be updated in the field — because most of the time, it can’t be.”