Cybersecurity researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography. The effect would be to render communications as insecure as if they weren’t encoded at all.

Fortunately, the threat so far is hypothetical. The quantum computers that exist today are not capable of breaking any commonly used encryption methods. Significant technical advances are required before they will be able to break the strong codes in widespread use around the internet, according to a 2018 report from the National Academies of Sciences, Engineering, and Medicine.

Still, there is cause for concern. The cryptography underpinning modern internet communications and e-commerce could someday succumb to a quantum attack. To understand the risk and what can be done about it, it’s important to look more closely at digital cryptography and how it’s used—and broken.

Cryptography Basics

At its most basic, encryption is the act of taking an original piece of information—a message, for instance—and following a series of steps to transform it into something that looks like gibberish.

Wikimedia Commons

Today’s digital ciphers use complex mathematical formulas to transform clear data into—and out of—securely encrypted messages to be stored or transmitted. The calculations vary according to a digital key.

There are two main types of encryption: symmetric, in which the same key is used to encrypt and decrypt the data; and asymmetric, or public-key, which involves a pair of mathematically linked keys, one shared publicly to let people encrypt messages for the key pair’s owner, and the other stored privately by the owner to decrypt messages.

Symmetric cryptography is substantially faster than public-key cryptography. For this reason, it is used to encrypt all communications and stored data.

Public-key cryptography is used for securely exchanging symmetric keys, and for digitally authenticating—or signing—messages, documents, and certificates that pair public keys with their owners’ identities. When you visit a secure website—one that uses HTTPS protocols—your browser uses public-key cryptography to authenticate the site’s certificate and set up a symmetric key for encrypting communications to and from the site.

The math for these two types of cryptography is quite different, which affects their security. Because virtually all internet applications use both symmetric and public-key cryptography, both forms need to be secure.

Breaking Codes

The most straightforward way to break a code is to try all the possible keys until you get the one that works. Conventional computers can do this, but it’s very difficult. In July 2002, for instance, a group announced that it had uncovered a symmetric 64-bit key—but the effort took more than 300,000 people more than four and a half years of work. A key twice the length, or 128 bits, would have 2128 possible solutions—more than 300 undecillion, or a 3 followed by 38 zeroes. Even the world’s fastest supercomputer would need trillions of years to find the right key.

Graham Carlow/CC By-ND 2.0

A quantum computing method called Grover’s algorithm, however, speeds up the process, turning that 128-bit key into the quantum-computational equivalent of a 64-bit key. The defense is straightforward, though: Make keys longer. A 256-bit key, for example, has the same security against a quantum attack as a 128-bit key has against a conventional attack.

Handling Public-Key Systems

Public-key cryptography, however, poses a much bigger problem, because of how the math works. The algorithms for public-key encryption that are popular today—which are called RSA, Diffie-Hellman, and elliptic curve—all make it possible to start with a public key and mathematically compute the private key without trying all the possibilities.

For RSA, for instance, the private key can be computed by factoring a number that is the product of two prime numbers—as 3 and 5 are for 15.

Future code-breaking quantum computers would need 100,000 times more processing power and an error rate 100 times better than today’s best quantum computers have achieved.

So far, public-key encryption has been uncrackable by using very long key pairs—like 2,048 bits, which corresponds to a number that is 617 decimal digits long. But sufficiently advanced quantum computers could crack even 4,096-bit key pairs in just a few hours using a method called Shor’s algorithm.

That’s for ideal quantum computers of the future, however. The biggest number factored so far on a quantum computer is 15—just 4 bits long.

The National Academies study notes that the quantum computers now operating have too little processing power and are too error-prone to crack today’s strong codes. The future code-breaking quantum computers would need 100,000 times more processing power and an error rate 100 times better than today’s best quantum computers have achieved. The study does not predict how long these advances might take—but it did not expect them to happen within a decade.

However, the potential for harm is enormous. If these encryption methods are broken, people will not be able to trust the data they transmit or receive over the internet, even if it is encrypted. Adversaries will be able to create bogus certificates, calling into question the validity of any digital identity online.

Quantum-Resistant Cryptography

Fortunately, researchers have been working to develop public-key algorithms that could resist code-breaking efforts from quantum computers, preserving or restoring trust in certificate authorities, digital signatures, and encrypted messages.

Notably, the U.S. National Institute of Standards and Technology is already evaluating 69 potential new methods for what it calls “post–quantum cryptography.” The organization expects to have a draft standard by 2024, if not before, which would then be added to web browsers and other internet applications and systems.

In principle, symmetric cryptography can be used for key exchange. But this approach depends on the security of trusted third parties to protect secret keys, and it cannot implement digital signatures, so it would be difficult to apply across the internet. Still, it is used throughout the Global System for Mobile Communication (GSM) cellular standard for encryption and authentication.

Another alternative to public-key cryptography for key exchange is quantum key-distribution. Here, quantum methods are used by the sender and receiver to establish a symmetric key. But these methods require special hardware.

Cryptography Doesn’t Mean Security 

Strong cryptography is vital to overall individual and societal cybersecurity. It provides the foundation for secure transmission and data storage, and for authenticating trusted connections between people and systems.

Wikimedia Commons

But cryptography is just one piece of a much larger pie. Using the best encryption won’t stop a person from clicking on a misleading link or opening a malicious file attached to an email. Encryption also can’t defend against the inevitable software flaws, or insiders who misuse their access to data.

Even if the math were unbreakable, there can be weaknesses in how cryptography is used. Microsoft, for example, recently identified two apps that unintentionally revealed their private encryption keys to the public, rendering their communications insecure.

If or when powerful quantum computing arrives, it poses a large security threat. Because the process of adopting new standards can take years, it is wise to begin planning for quantum-resistant cryptography now.

Utilizamos cookies propias y de terceros. Al hacer click en “Aceptar cookies” acepta que las cookies se guarden en su dispositivo para permitir un correcto funcionamiento de la web, analizar datos de uso, proveer funcionalidades mejoradas y personalizar anuncios en web de terceros. También puedes configurarlas o rechazar su uso clickando en “Configurar cookies”.

Privacy Settings saved!
Configuracion de Privacidad

Cuando visita cualquier sitio web, el mismo podría obtener o guardar información en su navegador, generalmente mediante el uso de cookies. Esta información puede ser sobre usted, sus preferencias o su dispositivo, y se usa principalmente para que el sitio funcione según lo esperado. Por lo general, la información no lo identifica directamente, pero puede proporcionarle una experiencia web más personalizada. Ya que respetamos su derecho a la privacidad, usted puede escoger no permitirnos usar ciertas cookies. Haga clic en los encabezados de cada categoría para saber más y cambiar nuestras configuraciones predeterminadas. Sin embargo, el bloqueo de algunos tipos de cookies puede afectar su experiencia en el sitio y los servicios que podemos ofrecer.

Estas cookies son necesarias para que el sitio web funcione correctamente y no se pueden desactivar. Están configuradas para adecuar la página web para cuestiones como recordar sus preferencias de privacidad, iniciar sesión o rellenar formularios. Puede configurar su navegador para bloquear o alertarle acerca de estas cookies, pero si lo hace puede ocasionar que algunas partes de la web no funcionen correctamente. Estas cookies no guardan ninguna información personal identificable.

Estas cookies permiten que el sitio ofrezca una mejor funcionalidad y personalización. Pueden ser establecidas por nosotros o por terceras partes cuyos servicios hemos agregado a nuestras páginas. Si no permite estas cookies algunos de nuestros servicios podrían no funcionar correctamente.

Estas cookies son instaladas por nuestros socios publicitarios en diferentes partes del sitio. Se utilizan para elaborar un perfil sobre sus intereses y mostrarle anuncios relevantes en otros sitios de terceros. Solo almacenan información respecto al navegador y dispositivo que utiliza. Si no permite estas cookies, tendrá una publicidad menos dirigida.

Estas cookies nos permiten realizar un recuento de las visitas y fuentes de tráfico para poder medir y mejorar el funcionamiento de nuestro sitio. Nos ayudan a saber qué páginas son las más y menos populares, y comprobar cuántos usuarios navegan por el sitio web. Toda la información que recogen estas cookies está agregada y, por lo tanto, anónima. Si no permite estas cookies no podremos saber que visitó nuestro sitio y no podremos mejorarlo.

Rechazar todos los servicios
Acepto todos los servicios