Fear not, quantum computers won’t break data encryption anytime soon

Current data encryption techniques may fend off the threat of quantum computing for some time to come

Google AI quantum

Current data encryption techniques may fend off the threat of quantum computing for some time to come, security experts say. In recent years the computational potential of qubits has led many to belief that current forms of encryption would be under threat by this new entangled tech. But that threat might not be as imminent as some may say.

Richard Evers and Alastair Sweeny from Canadian encryption company Kryptera published a paper calling into question the belief that quantum’s cryptographic codebreaking properties are a threat to current encryption. They claim this ability has been greatly exaggerated by companies and researchers doing so for their own gain. Their issue lies with claims, specifically those of the director of IBM Research, Arvind Krishna, that quantum will be able to break today’s best encryption methods in a matter of moments within the next decade.

Evers et al outlines two forms of encryption used today: symmetric and asymmetric. Each is theoretically susceptible to an encryption breaking algorithm. Grover’s algorithm will be utilised for symmetric encryption, and Shor’s algorithm to break asymmetric.

But there are some major prerequisites before a quantum computer can get the job done. For Shor’s algorithm, a quantum computer capable of breaking RSA encryption would require twice as many logical qubits as the length of an RSA key in bits. For example, the Evers and Sweeny paper (via The Register) says a 2048-bit RSA key could only be broken by a quantum PC with 4,096 logical qubits with necessary error correction.

  • Symmetric encryption: uses an identical private key to encrypt and decrypt data. Examples: AES, DES, 3DES.
    • Vulnerable to Grover’s algorithm.
  • Asymmetric encryption: requires a public and a private key, where each can be use to encrypt and decrypt data. Examples: RSA, Bitcoin.
    • Vulnerable to Shor’s algorithm

Grover’s algorithm similarly requires a high-qubit, fault-tolerant quantum computer. AES-128 encryption is expected to require a quantum computer with 2,953 qubits, with AES-256 would necessitate 6,681 qubits.

Today’s quantum computers from the likes of IBM, Google, and Intel utilise less than 100 qubits, and error-correcting provisions are still less than required for accurate results. For every logical qubit required to break encryption, a greater magnitude of physical qubits must be implemented in the hardware. This is a necessary measure to reduce decoherence: errors caused by quantum noise.

Intel QuTech quantum computer

We’re still a long way off quantum computers with enough physical qubits to compute error-free. Intel’s Mike Mayberry believes it could require one million or more qubits to make a commercially relevant PC. But it’s a fool’s errand to estimate the speed at which technology progresses. And even Evers et al accept that, one day, “it may prove feasible to create quantum computers with sufficient logical qubits to reliably run Shor’s or Grover’s algorithms.”

But even with a suitably equipped quantum PC, Evers et al believe there’s an easy fix: just make the encryption keys even longer.

Learn more: the who’s who of quantum computing

“While conventional forms of asymmetric encryption will eventually be replaced by quantum secure forms of asymmetric encryption,” Evers and Sweeny say, “conventional forms of symmetric encryption will not be replaced as long as it remains far too time consuming for a quantum computer to iterate and test keys against cyphertext for breakage. If symmetric key size proves to be too small to be remain secure well into the future, then software can be altered to use larger symmetric keys without needing to greatly alter the underlying algorithms.”

But while some may be overselling the qubit’s codebreaking capabilities over the course of the next decade, researchers have already set their sights on alternatives to today’s encryption standards that may one day prove more quantum-resistant. And it looks like we might have a good few decades to work on those while quantum gets up to speed.