Every once in a while, a scientist somewhere makes alarming noises about quantum computing and its potential effect on cryptography – and with good reason. The threat is real enough that governments are investing in new cryptographic techniques to protect data from quantum computers, and IBM has already released its first quantum-resistant product.
Quantum computing technology, which is still in a relatively early stage of development, represents an entirely different model of computing that would make today’s supercomputers look like the home computers of yesteryear. The worry is that they will be able to do sums that are impossible for today’s machines, breaking modern cryptography and exposing data en masse.
Conventional computing bits exist as either ones or zeros. Quantum bits can exist in multiple states at once, being both ones and zeros at the same time. Stringing lots of them together would enable computers to compute lots of sums simultaneously, performing some truly astounding mathematics at unthinkable speeds.
That's a threat to most modern encryption, which is based on trapdoor functions. These calculations are easy to perform one way, but mathematically difficult to reverse. It's easy to multiply two numbers together for a result, but it's difficult to factor that result, retrieving the two original numbers. By calculating factors at the quantum level, this new class of computer could crack those codes, unlocking vast amounts of data that we consider well protected today.
Those computers aren't up to the job yet – stringing together enough quantum bits to do the job is a daunting physics problem – but researchers are getting closer. Estimates of when quantum computers will be good enough to crack today’s commercial asymmetric crypto vary between 10 and 30 years, although every so often someone comes along and shortens that timeframe with a new discovery.
Japan is worried enough about this that it wants to pile the equivalent of $14m this year alone into researching quantum-proof cryptography techniques. It hopes to roll out the technology by 2025.
IBM isn't waiting around either. The company just released a tape drive that is resistant to quantum computing. The tape itself is just plain old tape, and the drive, just a plain old drive. The anti-quantum part is the encryption algorithm in its firmware. This is based on a form of lattice cryptography, a branch of crypto more than 30 years old that has proven resistant to quantum computing techniques. Lattice cryptography has been submitted to the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography project. Yes, the US government is thinking about this stuff too.
Today, we know one thing for sure: quantum computing will eventually smash modern crypto. We know that it will happen at some point in the future, and we know that the race to outsmart it is ongoing. You may not need to rush out and buy IBM's quantum-busting tape drive today, but you should be thinking about how to make your software applications and data infrastructure agile enough that when the threat does loom larger, you'll be ready to introduce technologies that can protect you.