Is quantum hacking the biggest threat to encryption?
The potential of quantum computers is seemingly limitless — experts predict the ultra-powerful machines could one day help us do everything from cure diseases to explore new parts of space.
But they could also help hackers gain access to our most private data, cracking encryption that would normally take millions of years to solve, even using supercomputers.
That possibility has some security experts on the hunt for new encryption methods that would withstand quantum hacking — but some see a more immediate threat to data security in a piece of pending U.S. legislation.
Preventing Quantum Hacking
Today, nearly all of our digital data — our emails, text messages, online purchases, etc. — undergoes a process called encryption that makes it unreadable without a special decryption key. This protects your data in transit, in the cloud, and stored on your computer from being stolen or tampered with.
The most commonly used method for encrypting and decrypting all of this data is the Advanced Encryption Standard (AES), which was adopted by the U.S. National Institute of Standards and Technology (NIST) in 2011.
AES encryption is almost impossible for today’s classical computers to break, but quantum computers would presumably have the processing power needed for the task.
To get ahead of the problem of quantum hacking, NIST launched a competition in 2016, asking researchers to develop “quantum-proof” encryption methods. In July, it narrowed the field of contestants down to 15 from the original 69.
The agency won’t be announcing the winners of the competition until 2022, but several of the remaining candidates take an approach called “lattice-based cryptography,” making it a frontrunner in the hunt for a post-quantum encryption standard.
“What NIST thinks is that lattice problems are really hard,” Elena Kirshanova, a mathematician and cryptanalysis researcher, told MIT Technology Review. “Although these problems are hard, they seem quite efficient in terms of time to generate keys, time to construct signatures, and also efficient in terms of memory.”
Threats to Encryption
It’s hard to predict when the threat of quantum hacking might actually come to fruition; the machines may not be ready for years, or perhaps decades — and scientists still have yet to use quantum computers to solve any useful problems at all.
But NIST mathematician Dustin Moody believed there’s no time to waste in preparing for it.
“It takes a long time to standardize and get cryptographic algorithms implemented and into products,” he told Technology Review. “It can take 10 or 20 years. We need this process done before a quantum computer is done so we’re ahead of the game.”
But quantum hacking — unraveling encryption — is not the only systemic threat to data security. The EARN IT Act is another.
The privacy and security of all users will suffer.
That bill, which is currently up for vote in the Senate, is ostensibly designed to protect children online, and part of how it would do that is by requiring companies to give law enforcement the ability to break into encrypted data.
Privacy experts argue that creating these “backdoors” — essentially, flaws consciously built into encryption — would render encrypted data vulnerable, not just to “good guys” but “bad guys” as well.
Privacy experts warn that such a mandate would create the kind of systemic vulnerability that only quantum computing or some other kind of technological breakthrough could introduce without it.
“The privacy and security of all users will suffer if U.S. law enforcement is able to achieve its dream of breaking encryption,” Joe Mullin, a privacy analyst for the Electronic Frontier Foundation, wrote in March.
We’d love to hear from you! If you have a comment about this article or if you have a tip for a future Freethink story, please email us at [email protected].