The algorithms that have kept state secrets safe and confidential messages private since the 1970s are about to be broken.
Security experts disagree on how long it will take — some say within five years, others a decade. But they’re all convinced that it’s just a matter of years until it happens.
Encryption will be broken not by a group of skilled hackers or via industrial espionage, but through breakthroughs in quantum computing, allowing governments to perform calculations that can untangle the complex mathematics that have kept our privacy for decades.
Classical computers rely on bits of data that must be either ones or zeroes. Quantum computers, however, use quantum bits known as “qubits” that can represent a zero, one, or both values simultaneously.
The more qubits used in a quantum computer, the higher the number of calculations that are performed simultaneously, making them up to 3m times faster than even the most powerful classical supercomputers.
The looming threat has led to an international race to develop new methods of encryption that can’t be easily broken by quantum computers, with governments hoping to encourage their widespread use before foreign nations start to crack into private correspondence.
“The longer we leave this, the more current data is potentially at risk,” says Robert Hannigan, the former head of intelligence agency GCHQ who is now the chairman of cybersecurity business BlueVoyant.
“Those responsible for the protection of data should be thinking now about what they need to protect against future decryption and how to move to quantum safe encryption,” he continues.
The race to develop quantum safe encryption might not be well-known, but it’s crucially important. Without a new system of encryption, the secrets of governments and their citizens will spill out onto the internet.
About | What is quantum computing?
“If you’re using WhatsApp or any other messaging app, it relies on public key cryptography. It is broken, effectively speaking, by a quantum machine,” says Dr Ali El Kaafarani, the chief executive of PQ Shield, a quantum safe encryption start-up that was spun out of Oxford University in 2018.
Hundreds of mathematicians like El Kaafarani are taking part in a global competition to invent new encryption algorithms that can’t be easily cracked by quantum computers.
The work is being carried out because vast parts of the internet still rely on RSA, an algorithm unveiled in 1977 (although GCHQ invented it years earlier and kept it secret).
It scrambles messages by multiplying two prime numbers together. To crack the message, a computer would need to figure out the original prime numbers that were multiplied together, a process known as factorisation.
It’s trivially easy to factorise a number like 21, for example, but breaking encryption where the numbers are thousands of digits long would take around 300 trillion years using a classical computer.
A working quantum computer, however, can carry out multiple calculations at the same time, making it up to 100 million times faster than a classic computer. “Quantum computers hold out the promise of being able to do the same process in a matter of hours,” Hannigan says.
Former GCHQ head Robert Hannigan is concerned about the potential for quantum computers to break existing encryption
Credit: Jay Williams
Governments and banks have for years been concerned that a country such as China could develop a working quantum computer within years. It’s this threat which has led to the current race to develop new encryption systems that can’t be cracked by quantum computers.
“With quantum computers it will become possible to hack almost any classical encryption method,” says Markus Pflitsch, the chief executive of Swiss encryption start-up Terra Quantum which claimed last month to have discovered a way to break the widely used AES encryption algorithm using quantum computers.
While governments around the world have poured billions of pounds of funding into the development of quantum computers, comparatively little capital has been handed to start-ups working to keep our secrets safe from them.
“We’ve been going round and round in circles until now I’ve reached a point that I’m giving up,” says Andersen Cheng, the chief executive of Post-Quantum, a British start-up that is working on encryption that can’t be easily broken by quantum computers.
“The whole experience has been frustrating,” he says. Cheng, previously a director at a business that sold highly classified cryptography equipment to GCHQ, says he has struggled to secure funding from agencies including the National Cyber Security Centre (NCSC).
Quantum Computing | What are the applications?
“We have done some work with the NCSC but they just do not have the budget to fund this kind of development,” he says.
His fear is that the UK could experience a brain drain of cryptography talent to other countries like Canada and France that have allocated more government funding to the field.
In January, the French government announced €150m (£130m) in funding for quantum safe encryption as part of a larger €1.8bn grant for quantum computing.
Insiders with links to the security services say that the Government is carrying out its own secret work on quantum safe encryption instead of relying on start-ups.
Dr Ian Levy, the technical director of the NCSC, says the organisation "continues to work closely with industry, academia and international partners" on the subject. "The NCSC is committed to ensuring the UK is well-prepared for quantum-safe cryptography," he adds.
The threat of quantum computing breaking encryption could be solved within months, however. Many organisations, including PQ Shield and Post-Quantum have been taking part in a global competition run by the US National Institute of Standards and Technology (NIST).
The contest, announced in 2016, is nearing completion. Early next year, NIST will announce the new standard for quantum safe encryption, essentially replacing RSA. “It will change the world not for the next decade, but for the next 40 or 50 years,” Cheng says.
If everything goes smoothly, in several years the encryption keeping secrets safe will be quietly swapped out so that quantum computers cannot easily crack messages.
“I think the answer to the threat should be transparent for users. They should have basically the same experience they have today. They shouldn’t have to install some new bit of kit,” says Alan Woodward, a computer security expert and visiting professor at the University of Surrey.
But while NIST’s competition is nearing its end, there’s a rival scheme that has already been launched around the world.
Telecom businesses such as BT have spent millions of pounds creating specialist networks that use a system called quantum key distribution. It uses a stream of single photos to transfer the secret encryption keys used to decrypt data securely.
Instead of a new encryption algorithm, this scheme relies on kilometres of fibre optic cables to transfer keys and has been the favoured choice of physicists who prefer its reliance on photons rather than mathematics.
Quantum computing | The key players
In October, BT announced a 6km secure network between the National Composites Centre and the Centre for Modelling and Simulation in Bristol. It’s a small scale start but the technology could see secure networks stretch to 120km of cables.
Unsurprisingly, those in the encryption camp aren’t fans of this fibre-based approach. “Not every home has fibre and what happens on your mobile,” asks Woodward.
Behind closed doors, the rival groups have held sometimes-heated discussions about their approaches to fending off the threat of quantum computing.
BT’s claim that its system is “essentially un-hackable” has led to derision from cryptographers. “To say it’s perfectly secure is pushing the definition too far,” Woodward says.
It’s likely that within five years we could see both approaches put in place to keep data secure. The threat of quantum computers breaking encryption is real but, if everything goes to plan, it shouldn’t cause any problems.
“There is no magic about quantum computers,” El Kaafarani says. “A quantum computer does not do magic. It cannot solve every problem we have.”
Senior officials inside intelligence agencies are closely watching the development of quantum computers around the world, but they can at least take comfort in the collection of cryptographers and start-ups around the world racing to keep our secrets safe for decades to come.
Свежие комментарии