The news that IBM has used a quantum computer to solve a problem that that stumps the leading classical methods is another step on the road to what has become known as “quantum advantage”, where a quantum system solves a problem that cannot be solved by any amount of classical computation. For those of us in around fintech, the one problem that we really want to solve is breaking public key cryptography so that we can forge digital singatures, get access to bank systems and, of course, steal a lot of Bitcoin.
This is important stuff. In the British government’s new technology strategy, quantum computing is one of the “priority” technologies and it is easy to udnerstand why. That point about solving problems beyond the reach of exisiting computers means that there is something of an arms race underway, with quantum supremacy as the goal. One of the interesting problems that quantum computer can solve is breaking the asymmetric cryptography at the heart of cryptocurrency in order to transfer money out of lost or abandoned wallets. If you look at Bitcoin, for example the accountants Deloitte reckon that about four million Bitcoins will be vulnerable to such an attack. That means are billions of dollars up for grabs in a quantum computing digital dumpster dive.
It will take a while to get to the aforementioned quantum supremacy, where quantum computers can outgun the classical incumbents. Detail calculations by people who what they are talking about. But… the IBM solution is already at 127 qubits (quantum bits). If quantum computers are put up against a classical supercomputers capable of up to a quintillion (10^18) floating-point operations per second, quantum supremacy could be reached with as few as 208 qubits. Quantum supremacy isn’t science fiction.
If we apply quantum computers the problem of breaking the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so, researchers calculaton it would require 317 × 106 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μs, a reaction time of 10 μs, and a physical gate error of 10−3 10 − 3 . To instead break the encryption within one day, it would require 13 × 106 physical qubits. So never mind quantum supremacy with a few hundred quibits, quantum computers would need millions of physical qubits to be a threat to Bitcoin.
Nevertheless, quantum computing will come. So is the sky falling in for the banks and the credit card companies and mobile operators and the military and everyone else who uses public key cryptography then? Well, no. They are not idiots with their heads in the sand and they are already planning to adopt a new generation of Quantum Resistant Cryptographic (QRC) algorithms to defend their data against the inevitable onslaught from quantum computers in unfriendly hands. They have been looking towards the National Institute of Standards and Technology (NIST), which last year selected a set of algorithms designed to withstand such an onslaught after a six-year effort to devise encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available today. NIST has now released these algorithms as standards ready for use out in the wild.
If you are interestied in the details, he algorithms are:
CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203;
CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204;
SPHINCS+, also designed for digital signatures, is covered in FIPS 205;
FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.
These algorithms are important because while there are no Bitcoin-stealing quantum computers around right now, they will come. As the quantum technology advances, there will be an inevitable competition between the quantum computers that can break cryptographic algorithms and the cryptography community’s efforts to develop quantum-resistant algorithms. This means there will be a period where entities (eg, Visa and the DoD, not just Bitcoin) will be transitioning to new cryptographic methods, which is why the US Cybersecurity and Infrastructure Security Agency (CISA) has just issued a note calling on critical infrastructure and other organizations to begin work now to create road maps for how they’ll migrate to QRC.
(The cryptocurrency world should follow suit so that if and when quantum computers become a threat, then cryptocurrencies can be updated to use QRC. This would be a significant undertaking, but it’s theoretically possible.)
Technology strategists in banks, fintechs and “crypto” know why these standard algorithms are being pushed out now, when any actual quantum computer is still some years away. The fact is that you can be at risk from quantum computers that do not yet exist because of what is know as the “harvest now, decrypt later” attack. It’s the idea that your enemy could copy your data, which is encrypted, and they can hold onto it right now. They can’t read it. But maybe when a quantum computer comes out in 10 years, then they can get access to your data. If the information you’re protecting is valuable enough, then you’re already in trouble because of that threat.
Quantum computers are coming. It’s best to be prepared.
Snippings 