No matter how long it takes to reach commercialization in the enterprise, quantum computing could have major consequences for the world of cybersecurity well in advance of the technology going mainstream.
To date, most of the security discussion around quantum computing has focused on the possible implications for data encryption. The most common scenario: Someday — maybe in five, 10 or 20 years — mega-powerful computing systems that harness the very weird properties of quantum mechanics could achieve the unthinkable, and obliterate the current methods of encryption that the internet depends on for security.
On the other hand, maybe this will never happen at all. No one can say for sure.
It's very clear, however, that the tech industry is gearing up for this so-called "post-quantum" scenario. Software will be updated on an epic scale to accommodate new methods of quantum-resistant cryptography that are being advanced by the government and researchers.
That means while nobody can be certain if quantum computing will ever really pose a security risk itself, the preparations surely will: It's inevitable that we'll see a large number of security vulnerabilities unintentionally introduced into software as the process plays out, said Jonathan Katz, a cryptography expert and IEEE member. Any time software is changed on a large scale — particularly when it’s happening quickly — vulnerabilities will tend to creep in.
"We know how to design mathematically secure algorithms," said Katz, who’s also a professor of computer science at the University of Maryland. "We're not quite as good yet at implementing them in a secure way."
That’s a challenge the tech industry will have to figure out. If the hackers of, say, 2032 get their hands on a quantum computer that could break encryption, it would put much of the world's data at risk. (That includes, by the way, encrypted data that threat actors might be collecting today and storing away for a decrypting opportunity in the quantum future, according to experts.)
We can thank the efforts of cryptography specialists working in tandem with the National Institute of Standards and Technology for helping the industry prepare for this threat. Back in 2016, the agency helped get the ball rolling on post-quantum cryptography by launching a process for soliciting the algorithms needed to do the job.
In July, NIST presented the fruits of that six-year process, announcing four algorithms that the agency aims to use as the basis for the new quantum-resistant method of encryption. The algorithm that will provide secure web access is known as CRYSTALS-Kyber (some experts refer to it as Kyber). The three remaining algorithms will come into play for identity verification during digital exchanges.
While NIST says it expects to finalize the algorithm choices in "about two years," the vendors whose technology underpins the functions of the internet have already begun exploring how to implement them — particularly Kyber.
Make it work
Since there are a number of different ways to implement Kyber, the industry now has to settle on which type of implementation to embed into the TLS protocol, which is what enables HTTPS secure web browsing.
"The industry is now in the mode of, 'OK, we know what the algorithm is going to look like — how do we actually deploy it into systems? And what are the troubles and pitfalls of that?'" said Nick Sullivan, head of research at web security and performance vendor Cloudflare.
Software developers, however, have had decades to figure out how to properly deploy existing forms of encryption, such as RSA. "That time has allowed people to learn from their mistakes," Katz said. "And many mistakes were made along the way."
Now, we may have the same situation occur again, with the implementation of largely untested new algorithms that are based on different techniques, he said. Rather than facing an underlying issue with the algorithms, he believes it's more probable we'll see a variety of flaws in the code introduced during the software engineering process.
We know how to design mathematically secure algorithms. We're not quite as good yet at implementing them in a secure way.
Buffer overflow issues — a common bug in software code that can enable an attacker to access parts of memory they shouldn't be allowed to — are among the types of vulnerabilities that are likely to pop up a lot in a situation such as this, Katz said.
How could this happen? For one thing, there will be a learning curve involved for software engineers.
To some degree, they "will need to understand what's going on under the hood," Katz said. The complexity of the algorithms could present bigger difficulties than understanding existing methods, however.
Meanwhile, as the saying goes, speed is the enemy of security. And there's going to be a lot of new software being written as part of these post-quantum preparations, and written quickly, Katz said.
All in all, the implementation of the new algorithms is sure to become a "significant source of vulnerabilities in the five years after these things are first widely deployed," he said.
Counting down to quantum
For better or worse, the tech industry feels a lot of urgency around implementing the post-quantum algorithms. In part, that's because "nobody knows" when the threat to encryption might emerge, said Nelly Porter, Google Cloud's lead product manager for technology areas including encryption and quantum computing.
"Everybody assumes that it will take many, many years. But I think in the world of cryptography, we are much more paranoid," Porter said.
When is the earliest she thinks it could happen?
"I would say [as soon as] three years for very advanced adversaries to make it usable," Porter said. "We have time to get ready. But we don't have too much time."
Other experts have predicted longer time frames before the performance of quantum computers would be able to break encryption (specifically, what’s known as “asymmetric” encryption, or public-key cryptography).
Chris Monroe, a quantum computing pioneer and Duke University physics professor, believes it will take 10 years or more to get there. In the meantime, early quantum computing applications — for instance, optimization of delivery routes or financial models — will likely be commercialized in a shorter time frame, said Monroe, who is also co-founder and chief scientist at quantum computing vendor IonQ.
However, it'll take longer for quantum computers to break encryption because the problem sizes are so big, he said. In other words, breaking encryption will probably not be the first thing that happens when it comes to real-world usage of quantum computers.
Once technology vendors have done their part to implement the quantum-resistant algorithms, that's when the work for businesses will begin. And that will probably be the hardest part of all, experts told Protocol.
Hardware, operating systems and software will all need updates to enable the new quantum-proof encryption methods.
"There's a big patching and replacement exercise that's going to go on here — which is complicated, time-consuming and important," said Tim Callan, chief compliance officer at Sectigo, a major provider of digital certificates that are used in the encryption process.
We have time to get ready. But we don't have too much time.
The process will require taking an inventory of everything they use that leverages encryption. That’s no small task for any organization, but it will be especially daunting for those with workers, data centers and edge devices scattered around the globe.
"They're going to need to look at every system. And they're going to need to say, 'Is this system post-quantum-ready or not?'" Callan said. "'And if it is not, how do I feel about that?' They're going to have to prioritize."
Businesses that rely heavily on cloud infrastructure will have less to worry about, since a lot of the updates will happen behind the scenes, said Cloudflare's Sullivan. Those who still have a lot of physical machines in their operation will need to figure out if their devices can even be updated, or if they'll need to be replaced, he said.
One of the big questions for businesses will also be whether their existing PC fleets will be able to handle the compute requirements of the new algorithms.
While NIST included a requirement that the new algorithms would not be significantly more compute-intensive, that doesn't mean that every PC will be able to run them, said Stel Valavanis, founder and CEO of managed security provider onShore Security.
In the same way that the shift to work-from-home and videoconferencing forced many businesses to upgrade their PC fleets, the arrival of post-quantum encryption could be the "next ceiling" that businesses run into in terms of device performance, Valavanis said.
While it's still too early to know for sure, there's certainly a chance we could be heading into a "haves and have nots" scenario with quantum-resistant encryption, said Keith McCammon, co-founder and chief security officer at managed detection and response vendor Red Canary.
"We're probably going to run into questions of access: Is this thing equally accessible to everybody?" McCammon said.
On the other hand, there's also a chance that some businesses will not put a priority on quantum-proofing their systems at all.
Due to the uncertain and potentially long time frames — and all of the more immediate threats that businesses are dealing with on a daily basis — there's "always that risk" that some businesses will just ignore the issue, said Boaz Gelbord, chief security officer at Akamai Technologies.
In the short term, there might seem to be no consequences of inaction, said Joseph Steinberg, an independent information security consultant. But in all likelihood, we're never going to get much of an advanced warning about when encryption will be at risk, he said.
"The Chinese government doesn't announce what they're doing. We don't really know what the current capabilities are" for quantum computing, he said.
Ultimately, "we're talking about something catastrophic," Steinberg said. "And if we're wrong — and this hits sooner than expected — we have a problem."