Moore’s law that predicted back in 1965 that chip performance would double every 18 months was the foundation of the U.S. semiconductor industry which today is the third largest of all U.S. manufacturing industries, behind only the petroleum refinery and pharmaceutical preparations. While the prediction is that transistors will stop shrinking in 2021, the expectation is that Moore's law will prevail beyond utilizing new technologies such as 3D packaging and cooling. With this in mind the concern is that by 2026 quantum computers will be able to crack the RSA encryption. Read the article to see what's at stake.
Imagine you wake up one morning, assuming everything is as you left it the night before. But overnight, attackers with a quantum computer capable of breaking current cryptography standards have targeted millions of people and stolen their personal data.
Experts have estimated that a commercial quantum computer capable of breaking the cryptography we rely on today will be available by 2026. In fact, IEEE Spectrum reported last year that a quantum computer is close to cracking RSA encryption.
To many people, a nine-year timeline doesn’t sound alarming, and the consequences of not updating our security technology with quantum-safe solutions may not be clear. Here’s why the work to upgrade to quantum-safe security needs to start now to keep our data safe once quantum computers arrive.
Everyday Things Quantum Computers Will Be Able to Hack
On any given day, you might engage in any of the following common activities as a typical technology user, and if attackers with a quantum computer break the cryptography these transactions rely on, your sensitive data could be leaked, leading to serious consequences for you and the institutions responsible for safeguarding that data:
1. Sending email: You log in to your laptop and send a few personal emails. Your messages can now be read by the attackers and posted publicly for anyone to read.
2. Checking an online bank account: You log in to your bank account and transfer money. Your financial data is now accessible by the attackers who can use it to drain your accounts.
3. Updating your social media accounts: You log in to Facebook and post a personal update about your upcoming vacation and some pictures of your family, assuming you are sharing only with your friends. All photos and personal information are now publicly visible and can be modified by people other than you.
4. Updating software on a smartphone: You get a software update to your smartphone and accept it, not realizing that the authentication process that assures the update comes from a trusted source (i.e. Google or Apple) is now broken. Malware can now be pushed to your smartphone in the guise of a trusted update, giving the attackers further access to any login credentials for apps you have stored, as well as your data.
5. Driving your connected car: You get into your car to drive to work. Your car’s computer accepts software updates automatically. Those updates could now come from the attackers, without your knowledge, allowing a third party to take control of the embedded systems in your car and override your navigation, cut power to your vehicle, and more.
Many other daily transactions we take for granted could immediately become vulnerable. For example, using a formerly secure IoT-connected device, such as a thermostat, home security system, or baby monitor; transferring funds to a pre-loaded payment for a public transportation system; or using a VPN to log in to a corporate network. Many public safety risks that are also introduced when public transport vehicles, safety systems, and physical access systems can be compromised.
We already see rapidly increasing numbers of data breaches as more connected devices make more attack surfaces available. As companies and governments work continually to protect against cybersecurity attacks through advances in technology, the advent of quantum computing could create a free for all for cybercriminals.
But there is a solution in the form of quantum-safe cryptography. The key will be updating quantum-vulnerable solutions in time, and that means understanding now which systems will be affected by quantum risk and planning a migration to potential quantum-safe security solutions that includes appropriate testing and piloting.
The transition can begin with hybrid solutions that allow for agile cryptography implementations designed to augment the classical cryptography we use today.
While the potential threats and use cases presented in this article are quite disturbing, I would not worry about it just yet. First, it is clear that many battles will be waged in the future in the cyberspace between a variety of bad actors and law enforcement agencies. While quantum computing will be available to the bad actors to crack encryption, it will also be available to individuals and enterprises who want to protect the authenticity, confidentiality, and non-repudiation of their data and transactions. If we take the RSA algorithm, for example, the commercial software can be upgraded to select larger prime numbers and therefore a longer key length of 2048-bit or even 3072-bit, which would make it impossible even for quantum computers to crack. Last, but not least, is the fact that disruptive innovations proved in the past that science and technology drive continuous growth of the Commonwealth and overcome seemingly impossible obstacles. ~ Michael Segal, Area Vice President, Strategic Marketing, NETSCOUT