May 9, 2019

Heading off the quantum encryption apocalypse

Illustration: Aïda Amer/Axios

We probably have as much as a decade before quantum computers pose a threat to the encryption systems that sit at the foundation of contemporary cybersecurity. But we'd better start strengthening that foundation now if we hope to protect it down the road, experts say.

Why it matters: Encryption is critical for economic and national security, protecting trade secrets, communications, and classified information.

The big picture: Quantum computers, which take advantage of the spooky weirdness of quantum mechanics, can solve certain types of complex problems in fewer steps than a traditional microprocessor (or, for that matter, a human). One of those problems is reading data that's been protected by any of several common encryption algorithms.

The catch: Ask most of the rank and file working in cybersecurity, and they’ll tell you that quantum computing is more a topic for barroom conversation than an imminent threat.

  • For the most part, people who work in cybersecurity are concerned with how people can steal data today or tomorrow.
  • Quantum computing, which is still in the early stages of development, could take 10 years to be a real threat to systems — and may never get to that point.
  • People in the field have a sense that there's still time before this has to be a front-of-mind concern.

But, but, but: While it could take a decade to develop a quantum system that attackers could use to crack our codes, it could take nearly as long for defenders to migrate from vulnerable algorithms to new systems based on quantum-safe encryption.

  • Changing encryption algorithms takes an incredible amount of effort. Brian LaMacchia, who works on post-quantum cryptography at Microsoft, notes that the last time an industry-wide change took place, Microsoft included the new algorithm in Vista, the 2006 edition of Windows — and the industry still hasn't fully completed that transition.
  • Software relies on layers of code dependent on other code, and the more layers there are, the more complex it is to update those systems. There are many more layers stacked on top of encryption than ever before, making this migration the most complicated one yet, LaMacchia said.
  • While some encryption algorithms can be made quantum-safe with only minor changes, any software using any type of encryption will need to updated.

The timing: Complicating matters further, while quantum computers may be a decade away, data encrypted today may need to be secret for more than a decade. So while we may not go toe to toe with quantum computers until much later, we need to start using post-quantum encryption now.

  • "We still have information about the John F. Kennedy assassination kept classified," said Steve Grobman, CTO of McAfee. "Some secrets have a long shelf life."
  • And systems will likely be at risk before we're told they are at risk. "If a government develops quantum computing well in advance of its peers, it will keep it a secret, just like the allies did when they cracked Enigma," said LaMacchia.

Next steps: Lawmakers, including Rep. Will Hurd (R-Texas), are pushing for greater U.S. investment in quantum research.

  • "Quantum capabilities will likely define hegemony in this century’s increasingly digital, interconnected economy, and the U.S. cannot abdicate our leadership in this crucial field," said Hurd.

Go deeper

Updated 40 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 2 p.m. ET: 6,325,303 — Total deaths: 377,460 — Total recoveries — 2,727,679Map.
  2. U.S.: Total confirmed cases as of 2 p.m. ET: 1,820,523 — Total deaths: 105,644 — Total recoveries: 458,231 — Total tested: 17,340,682Map.
  3. Public health: Protests against police brutality threaten coronavirus response — Controlling the virus in nursing homes won't be easy.
  4. Business: More than 1 in 6 black workers lost jobs between February and April.
  5. Climate: The alarm over climate financial risk gets louder because of coronavirus.
  6. Media: Interest in the George Floyd protests has soared past the coronavirus.

Updates: George Floyd protests nationwide

Police officers wearing riot gear push back demonstrators outside of the White House on Monday. Photo: Jose Luis Magana/AFP via Getty Images

Protests over the death of George Floyd and other police-related killings of black people continued across the U.S., inciting a federal response from President Trump, the National Guard, Immigration and Customs Enforcement and Customs and Border Protection.

The latest: Immigration agents have been deployed to assist federal, state and local law enforcement. The U.S. Secret Service closed the streets immediately on all four sides of the White House Tuesday, until "riots become peaceful, or stop."

NASA passes the torch

Illustration: Eniola Odetunde/Axios

With the historic crewed SpaceX launch last weekend, NASA passed the torch to private companies that will need to step up to build the economy the space agency envisions in orbit.

Why it matters: This new era of spaceflight will likely be marked by new conflicts — possibly including product placement (like the Tesla that drove the astronauts to the pad on Saturday), safety concerns and cultural differences between companies, the space agencies and people they serve.