Quantum security standards almost ready but have already been attacked

06-04-2022 | By Robin Mitchell

The National Institute of Standards and Technology (NIST) will soon be releasing a range of different quantum cryptography methods designed to protect against quantum computers, but a recent attack done with a standard laptop in a little over 50 hours suggests that more work is needed. What are the dangers of quantum computing, why is quantum computing internet security such a threat to modern encryption, what will the NIST be releasing, and how close are we to a quantum world?


Why are quantum computers such a threat to modern encryption?


It is often stated that quantum computers threaten modern encryption standards and that the introduction of a practical quantum computer will disrupt the entire planet. But the exact details behind how this is the case are often vague, and there is a good reason for this; quantum computers are unbelievably complex. While the math may be too complex to discuss, the basic principles behind quantum computing algorithms make it clear why they threaten modern encryption methods.

Modern encryption methods use passcodes called keys that are used to scramble information, and this information can only be unscrambled with the same key. A key that is 4 numbers in length can have a value between 0000 and 9999 which gives 10000 possibilities. Such a key could be cracked by trying every single number, and this would take a modern computer less than a millisecond.

To make this guessing game complex, modern keys are up to 256-bits in length, which gives the number of possibilities of 2^256. To try every single number would require more time than the universe has been around and would require the energy of a star on a computer the size of the sun. Long story short, modern computers simply cannot randomly guess the keys used in modern encryption using brute force.

Quantum computers, however, can deploy special algorithms done using superpositions that significantly reduce the number of guesses needed. For example, Grover’s Algorithm can reduce the key strength by half its bit size such that a 64-bit key would be breakable in 2^32 guesses. Another algorithm, called Shor’s algorithm, can rapidly find prime number products used to generate public keys, and it has been estimated that such an algorithm can crack a 4096-bit key in under four hours.

These problems are compounded when considering that there may be entities currently storing encrypted traffic in logs today. The idea is that while these messages are currently unbreakable, the introduction of quantum computers decades in the future will allow for this past data to be read and observed. This puts any modern-day communication at serious risk should quantum computers ever be fully developed.

Considering that modern life is built on encryption for bank details, certificates, user profiles, personal data, emails, and web traffic, one can see why quantum computers are such a threat to modern life.


NIST to announce multiple quantum-safe security standards


In light of the potential impact of quantum computers, the National Institute of Standards and Technology (NIST) will soon announce the public release of multiple encryption methods said to be immune to quantum attacks. These six encryption methods will be broken down into two groups of three, where one half is concerned with key exchange and the other half is concerned with public key signatures. Depending on the implementation complexity, this could provide developers with a set of tools able to defend high-risk applications from future attacks.

However, a recent potential encryption method developed by NIST called “Rainbow” was easily defeated by a team of researchers who, using a modern laptop, were able to crack it within 50 hours. While this demonstration clearly showed that the Rainbow encryption method was not fit for use, it also casts light on whether the new methods being introduced by NIST will also be suitable.

When the new encryption methods by NIST are announced, it is expected that they will be put under high levels of scrutiny from researchers and hackers just to see how secure they really are. After a few years of torture, the new methods will then be pushed to become encryption standards to help protect devices in the future. But considering that there are well over 20 billion devices globally, this may be next to impossible to achieve.


How close are we “really” to quantum computers?


It seems that the advances made by many companies, including Google and IBM, in the field of quantum computing happen daily and that quantum computing is only months away. Many of these reports also suggest that each company is working towards quantum supremacy, and world encryption methods are already vulnerable.

In truth, quantum computers are extremely far away, and while modern research is improving their capabilities, they still face fundamental challenges that prevent them from being used practically. For example, the need for near absolute-zero temperatures prevents their use outside of laboratories. Even if researchers can force atoms to retain quantum properties at higher temperatures, it is always of a single qubit that cannot interact with others. Some researchers have created quantum computers with many qubits, but they cannot interact with others, making them as useless as a single qubit.

Thus, quantum computers are still in their infancy, and while they do have immense potential in the future, they are nowhere near being a threat. Of course, it doesn’t hurt to prepare for their arrival, as once they are introduced, there will be no turning back.


Profile.jpg

By Robin Mitchell

Robin Mitchell is an electronic engineer who has been involved in electronics since the age of 13. After completing a BEng at the University of Warwick, Robin moved into the field of online content creation developing articles, news pieces, and projects aimed at professionals and makers alike. Currently, Robin runs a small electronics business, MitchElectronics, which produces educational kits and resources.