This article explores the relationship between quantum computing and encryption, detailing that while quantum computers could break current encryption methods, this threat is not immediate due to technological limitations. It also highlights ongoing work in creating quantum-resistant encryption to secure our digital future.
Background
Quantum computing has been a topic of interest for technologists, cryptographers, and security professionals for quite a while. The prospect of quantum computers, with their massive computational power, and potential for breaking existing encryption schemes has been a matter of ongoing discussion.
Quantum computers work fundamentally different from classical computers. Instead of bits, they operate on quantum bits or qubits, which can exist in multiple states at once, a property known as superposition (the ability of a qubit to represent multiple states simultaneously). This, combined with another quantum property called entanglement (where qubits become correlated with each other in a non-classical way), could potentially allow quantum computers to process information at rates exponentially faster than classical computers.
The current challenge
However, building a stable and large-scale quantum computer is still a significant engineering challenge, as quantum states are very delicate and easily disturbed (quantum states collapse when measured or interacted with the environment). This is one of the reasons why the development of quantum computing technology hasn’t progressed as fast as some might have hoped or feared.
The first publicly known algorithm that could theoretically break the widely used RSA and ECC encryption was introduced by Peter Shor in 1994. His algorithm, known as Shor’s algorithm, leveraged the principles of quantum mechanics, but it was purely theoretical at the time and required a fully functional quantum computer to implement - a technology that was not available back then and is still in the early stages of development today.
The future
Over the next 5 years, we can expect to see continued, incremental progress in quantum computing. Developers will work on building qubits with longer coherence times, reducing error rates, and expanding the number of qubits that can be entangled. We’ll likely see quantum computers in the range of thousands of qubits. While this represents meaningful progress, it will likely still fall well short of what’s required to break common encryption schemes.
In 2019, researchers from Google and KTH Royal Institute of Technology published a paper estimating that a quantum computer with 20 million qubits would be able to break 2048-bit RSA encryption in approximately 8 hours. This provided an early benchmark for the scale of quantum computers that would be required to challenge certain public-key encryption standards.
Progress toward this goal accelerated in 2022 when IBM unveiled their newest quantum processor called Osprey, which had 433 qubits. While this represented a major increase in qubit number compared to previous processors, it was still massively short of the 20 million qubits estimated to be needed to break RSA 2048 according to the 2019 research. IBM’s Osprey provided further evidence that significantly larger quantum computers would be required to achieve encryption cracking capabilities.
Continuing their progress, in 2023 IBM announced an ambitious new research initiative with the University of Tokyo and University of Chicago, with the goal of building a quantum computer containing 100,000 qubits by 2030. Reaching this scale would move quantum processors into a realm where public key encryption standards like RSA 2048 may become vulnerable, according to projections. However, scaling quantum computers to tens of thousands of qubits while maintaining the precise control and low error rates needed for advanced computations is a tremendous technical challenge.
What this means today
Today’s most common encryption schemes like RSA, DSA, and ECC are theoretically vulnerable to quantum attacks because they rely on the difficulty of factoring large primes or solving discrete logarithms, which can be efficiently solved by a sufficiently large quantum computer using Shor’s algorithm. However, this does not mean that all encryption is doomed.
The cryptographic community is aware of these threats and has been working on post-quantum cryptography, essentially cryptographic algorithms that are believed to be secure against attacks by quantum computers. Some examples include lattice-based, code-based, and multivariate polynomial encryption schemes. The National Institute of Standards and Technology (NIST) has been leading a process to standardise post-quantum cryptographic algorithms, and we can expect to see these increasingly adopted in the coming years.
Our conclusion
To summarise, the threat of quantum computing to current encryption schemes is real but not imminent. Quantum computers capable of breaking popular encryption schemes are still years, if not decades, away. In the meantime, the cryptographic community is proactively working on developing and standardising quantum-resistant algorithms. Most businesses do not need to panic but should stay informed and start reading about quantum-resistant encryption for long-term security planning.
Important notes
Some researchers have claimed to be able to crack RSA 2048 using smaller quantum devices or fewer qubits. However, these findings have not been validated through peer review. For example, Dr. Ed Gerck reported techniques using desktop computers or 372 qubits, but the cryptography community has not confirmed these methods. There is uncertainty around how viable such approaches may be without more details. Much of our discussion is based on the general consensus regarding quantum computing and encryption today. Experts estimate that a billion dollar quantum computer could potentially break RSA-2048 by 2030. But this remains speculative given current technology limitations. Significant advances may occur over the coming decade as quantum research intensifies. While the presented facts are accurate now, rapid progress is possible in this developing field with extensive worldwide research. For now, RSA 2048 and similar algorithms are believed secure. Continued monitoring will help determine when post-quantum algorithms may need to be adopted.
Next steps with Hexiosec
Ready to take charge of your organisation’s cybersecurity? With Hexiosec’s attack surface management solution, you’ll gain a comprehensive view of your vulnerabilities, track your cyber health score, and prove the ROI of your security investments. Don’t just take our word for it – experience the difference for yourself by creating a free account today.