Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Is quantum computing a cybersecurity threat?


Is quantum computing a cybersecurity threat?
Codes can be simple or advanced. Credit: Derek Rose/flickr.com , CC BY

Cybersecurity researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography . The effect would be to render communications as insecure as if they weren't encoded at all.

Fortunately, the threat so far is hypothetical. The quantum computers that exist today are not capable of breaking any commonly used encryption methods. Significant technical advances are required before they will be able to break the strong codes in widespread use around the internet, according to a new report from the National Academy of Sciences.

Still, there is cause for concern . The cryptography underpinning modern internet communications and e-commerce could someday succumb to a quantum attack. To understand the risk and what can be done about it, it's important to look more closely at digital cryptography and how it's used and broken.

Cryptography basics

At its most basic, encryption is the act of taking an original piece of information a message, for instance and following a series of steps to transform it into something that looks like gibberish.

Today's digital ciphers use complex mathematical formulas to transform clear data into and out of securely encrypted messages to be stored or transmitted. The calculations vary according to adigital key.

There are two main types of encryption symmetric, in which the same key is used to encrypt and decrypt the data; and asymmetric, or public-key, which involves a pair of mathematically linked keys, one shared publicly to let people encrypt messages for the key pair's owner, and the other stored privately by the owner to decrypt messages.

Symmetric cryptography is substantially faster than public-key cryptography. For this reason, it is used to encrypt all communications and stored data.

Is quantum computing a cybersecurity threat?
The insides of an IBM quantum computer. Credit: IBM Research , CC BY-ND

Public-key cryptography is used for securely exchanging symmetric keys, and for digitally authenticating or signing messages, documents and certificates that pair public keys with their owners' identities. When you visit a secure website one that uses HTTPS your browser uses public-key cryptography to authenticate the site's certificate and to set up a symmetric key for encrypting communications to and from the site.

The math for these two types of cryptography is quite different, which affects their security. Because virtually all internet applications use both symmetric and public-key cryptography, both forms need to be secure.

Breaking codes

The most straightforward way to break a code is to try all the possible keys until you get the one that works. Conventional computers can do this, but it's very difficult. In July 2002, for instance, a group announced that it had found a 64-bit key but the effort took more than 300,000 people over four and a half years of work. A key twice the length, or 128 bits, would have 2 possible solutions more than 300 undecillion, or a 3 followed by 38 zeroes. Even the world's fastest supercomputer would need trillions of years to find the right key.

A quantum computing method called Grover's algorithm , however, speeds up the process, turning that 128-bit key into the quantum-computational equivalent of a 64-bit key. The defense is straightforward, though: make keys longer. A 256-bit key, for example, has the same security against a quantum attack as a 128-bit key has against a conventional attack.

Handling public-key systems

Public-key cryptography, however, poses a much bigger problem, because of how the math works. The algorithms that are popular today, RSA , Diffie-Hellman and elliptic curve , all make it possible to start with a public key and mathematically compute the private key without trying all the possibilities.

For RSA, for instance, the private key can be computed by factoring a number that is the product of two prime numbers as 3 and 5 are for 15.

Is quantum computing a cybersecurity threat?
A pair of keys can help strangers exchange secure messages. Credit: David Gthberg/Wikimedia Commons

So far, public-key encryption has been uncrackable by using very long key pairs like 2,048 bits, which corresponds to a number that is 617 decimal digits long. But sufficiently advanced quantum computers could crack even 4,096-bit key pairs in just a few hours using a method called Shor's algorithm.

That's for ideal quantum computers of the future. The biggest number factored so far on a quantum computer is 15 just 4 bits long.

The National Academies study notes that the quantum computers now operating have too littleprocessing power and are too error-prone to crack today's strong codes. The future code-breaking quantum computers would need

Viewing all articles
Browse latest Browse all 12749