Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Illustration: Aïda Amer/Axios
We probably have as much as a decade before quantum computers pose a threat to the encryption systems that sit at the foundation of contemporary cybersecurity. But we'd better start strengthening that foundation now if we hope to protect it down the road, experts say.
Why it matters: Encryption is critical for economic and national security, protecting trade secrets, communications, and classified information.
The big picture: Quantum computers, which take advantage of the spooky weirdness of quantum mechanics, can solve certain types of complex problems in fewer steps than a traditional microprocessor (or, for that matter, a human). One of those problems is reading data that's been protected by any of several common encryption algorithms.
The catch: Ask most of the rank and file working in cybersecurity, and they’ll tell you that quantum computing is more a topic for barroom conversation than an imminent threat.
- For the most part, people who work in cybersecurity are concerned with how people can steal data today or tomorrow.
- Quantum computing, which is still in the early stages of development, could take 10 years to be a real threat to systems — and may never get to that point.
- People in the field have a sense that there's still time before this has to be a front-of-mind concern.
But, but, but: While it could take a decade to develop a quantum system that attackers could use to crack our codes, it could take nearly as long for defenders to migrate from vulnerable algorithms to new systems based on quantum-safe encryption.
- Changing encryption algorithms takes an incredible amount of effort. Brian LaMacchia, who works on post-quantum cryptography at Microsoft, notes that the last time an industry-wide change took place, Microsoft included the new algorithm in Vista, the 2006 edition of Windows — and the industry still hasn't fully completed that transition.
- Software relies on layers of code dependent on other code, and the more layers there are, the more complex it is to update those systems. There are many more layers stacked on top of encryption than ever before, making this migration the most complicated one yet, LaMacchia said.
- While some encryption algorithms can be made quantum-safe with only minor changes, any software using any type of encryption will need to updated.
The timing: Complicating matters further, while quantum computers may be a decade away, data encrypted today may need to be secret for more than a decade. So while we may not go toe to toe with quantum computers until much later, we need to start using post-quantum encryption now.
- "We still have information about the John F. Kennedy assassination kept classified," said Steve Grobman, CTO of McAfee. "Some secrets have a long shelf life."
- And systems will likely be at risk before we're told they are at risk. "If a government develops quantum computing well in advance of its peers, it will keep it a secret, just like the allies did when they cracked Enigma," said LaMacchia.
Next steps: Lawmakers, including Rep. Will Hurd (R-Texas), are pushing for greater U.S. investment in quantum research.
- "Quantum capabilities will likely define hegemony in this century’s increasingly digital, interconnected economy, and the U.S. cannot abdicate our leadership in this crucial field," said Hurd.