Quantum computing: it will affect cryptography, but not for a while

Summary

Quantum computing is poised to disrupt cryptography, but practical applications and countermeasures are still under development and won't render current encryption methods obsolete immediately.

Abstract

The article discusses the competition between the United States and China to leverage quantum computing for breaking encryption, while also developing defenses against it. It emphasizes that the impact of quantum computing on cryptography is not imminent and that the technology is not fully mature. The concept of quantum cryptography is presented as complex and not a panacea. The article also mentions post-quantum cryptography as a developing field that aims to create encryption methods resistant to quantum attacks. Despite concerns that quantum computing could decrypt all internet traffic, the article suggests a dynamic evolution where post-quantum cryptography will be implemented as quantum capabilities advance. Predictions for when quantum computers will be able to break current encryption, known as Q-Day, vary widely, and the article points out that there are already methodologies in development to counteract quantum threats, though they are not yet widely adopted due to their complexity and current lack of urgency.

Opinions

Quantum computing's impact on cryptography is a complex issue, not as straightforward as often portrayed in simplistic arguments.
Quantum cryptography is not as simple or immediate as some claim, and it should not be viewed as an invincible force.
The advancement of quantum computing is prompting nations to capture encrypted information to

Quantum computing: it will affect cryptography, but not for a while

IMAGE: Graham Carlow for IBM — CC BY ND

A highly recommendable Reuters article, “U.S. and China race to shield secrets from quantum computers”, explores the mounting competition between China and the United States to start using quantum computing to break cryptographic encryption systems, and conversely how to protect their own information systems.

The article and the accompanying infographic are in open access and go a little beyond the simplicity of arguments along the lines of: “as soon as quantum computers arrive, cryptography will be useless and we will be able to access all information”. In reality, so-called quantum cryptography is neither as simple nor as immediate as some would like to claim, and should not be reduced to some kind of force with unlimited power. The advance of technology already points to post-quantum computing models capable of resisting such developments (which, on the other hand, are still far from stable or able to be used routinely).

We should remember that this is a discipline about which its best-known proponent, Richard Feynman, went so far as to say “I think I can safely say that no one understands quantum mechanics”, a statement that is probably still true today, thirty-six years after his death. Of course, we will see advances in this field, and times like the present when superpowers are trying to access all kinds of encrypted information so as to store it for decryption when quantum computing is sufficiently mature. Some claim, in fact, that everything encrypted on the internet — an increasing percentage of all traffic, given the popularization of the HTTPS protocol thanks to players such as Let’s Encrypt, which allow even the traffic generated by my humble page in Spanish to be encrypted — may at some point be decrypted, prompting the race to capture everything for when that day comes. For traffic!

However, I believe we should take a more dynamic view of the technology, and understand that as soon as quantum cryptography reaches a certain point, we will see the implementation of post-quantum cryptography. This Q-Day is often spoken of as the moment that opens the door to code breaking by quantum computing, with predictions ranging from sometime between next year and mid-century, but the development of methodologies capable of withstanding the kind of attack posed by quantum computing is often overlooked, an area in which there are already many developments that are not being implemented simply because they are a complex and not yet considered necessary.

For quite a few years now, every time I mention anything related to cryptography, I have been asked what will happen when quantum computing reaches maturity, and my answer has always been the same: technologies do not mature overnight — and quantum much less so — and, when they do, they in turn allow their development to be used to advance all related disciplines. The answer, therefore, is not so simple or so immediate. In short, cryptography will be with us for a while yet.

(En español, aquí)