How quantum computing will change SSL as we know it

For anyone immersed in the world of tech, the advent of quantum computing is an exciting prospect. Quantum computers have the potential to bring about unprecedented innovation across various fields, from pharmaceuticals research to the automobile industry. However, once quantum computing does become more widespread, it’s likely to undermine what we consider to be tried-and-true IT staples, including the encryption protocols we use today.  

Some have dubbed this the “Quantum Apocalypse”. This Apocalypse is set to change cryptography as we know it. Is it something we should all be worried about? And should you start stockpiling canned goods? For the latter, the answer is no — fortunately, it’s not that kind of apocalypse. For the former, if you have a personal or small business website, the answer is probably not (for now). However, large organizations and institutions with legacy systems should probably start adapting sooner rather than later.

But we’re getting ahead of ourselves. Before we talk about how quantum computing may change cryptography in the future, we first need to define what quantum computing actually is. Read on for a basic overview of quantum computing that everyone can understand, and how it will affect cryptography going forward. 

What is quantum computing?

Quantum computing involves machines that use features of quantum mechanics to carry out computations and store data. But what exactly does that mean? The most straightforward way to explain is by comparing it to how the regular, everyday computers we use currently work.

Quantum computers run on subatomic particles called quantum bits, also known as qubits, while regular computers use bits, which are pulses of electricity that are represented by 1s and 0s. While bits are basically strings of binary digits, qubits can represent numerous combinations of 1s and 0s simultaneously. This is known as superposition. While this might not sound very exciting if you’re not immersed in the world of computers, let us tell you right now that it really is. Essentially, qubits allow for more powerful processing, the likes of which we’ve never seen.  

How does that translate to the real-world? Quantum computers have the potential to simulate the behavior of matter almost perfectly. In the pharmaceutical industry, this could help with the creation of new drugs. It could also lead to innovations in aerospace, while in the automobile industry, IBM and Daimler have teamed up to use quantum computing to produce the next generation of batteries. 

Very cool, right? Right. But what’s this got to do with the sunset of encryption as we know it?

Why a quantum cryptographic solution will become necessary

To explain, let’s talk about the latest version of TLS, 1.3. Without delving too far into it (read this for an overview of how SSL certificates work), with TLS 1.3, data is encrypted and decrypted through the use of a 256-bit key. 256-bit refers to both the length of the key and how strong it is. The longer the key size, the harder it is to crack. 

This 256-bit key is what turns plaintext into unreadable ciphertext. In order for a third party to decrypt the ciphertext using brute force, turning it back to plaintext, they would need to figure out 2×256  different number combinations. As you can imagine, that’s no walk in the park. Currently, it would take the world’s strongest supercomputer millions of years to crack that key and break encryption.

A powerful quantum computer could reduce this time significantly. A recent study from MIT showed that a 2048-bit RSA key— another widely used encryption key — could potentially be broken by a powerful quantum computer in 8 hours.

The future of cryptography

To prepare for a more quantum future, we’ll need to phase out traditional encryption methods and adopt quantum-safe cryptography. Quantum safe cryptography is cryptography that is resistant to both classical and quantum computers. However, standards for quantum-safe algorithms are still being figured out. Despite this, many organizations have already begun upgrading to post-quantum systems in preparation. 

Such upgrades will take a lot of time, money, and resources. Organizations are unlikely to upgrade all their systems at once, but bit by bit. However, hybrid digital certificates may be an effective way of bridging the gap meanwhile. A hybrid digital certificate is basically a standard X.509 digital certificate featuring some quantum-safe components. So a hybrid certificate contains both a traditional key and signature as well as a quantum-safe key and signature. This will ensure systems will be able to use both traditional cryptography and more traditional methods as needed. 

Should I be worried?

Probably not. Currently there are 15 publicly available quantum computers in the world, none of which are powerful enough to do what we’ve been discussing in this article. It’s estimated that a 6,681 qubit-quantum computer would be needed to break AES-256 bit encryption. At the moment, the most powerful quantum computer in the world is 32 qubits.

A lot of the hubbub surrounding quantum cryptography is based on the assumption that quantum computing will become mainstream, when the reality is this is unlikely to happen any time soon. Quantum computing is highly volatile and needs very precise conditions to work. Only organizations with the capacity to harness these conditions (for example, by storing qubits in supercooled fridges in vacuum chambers) can use them right now. In short, it’s going to be an extremely long time before the average hacker will be able to get their hands on a quantum computer. 

That said, many experts, including Google CEO Sundar Pichai, predict that quantum computers will be able to break traditional encryption methods in the next 5-10 years. Although the average person may not need to worry too much, organizations with computers that need long-term protection, such as government computers with classified information, will need to think about upgrading to quantum-safe cryptography sooner rather than later.

Wrap up

Quantum computer adoption is likely to be a drawn out process that will take at least a decade. And even then, everyday use of quantum computers for the average person doesn’t seem likely. With quantum computing needing such precise conditions to actually work, quantum computers will probably remain in the realm of government organizations and institutions, and some large business enterprises. 

That being said, similar assumptions were made about modern computers we use today back in the 40s, when the chairman of IBM at the time said, “I think there is a world market for maybe five computers”. When we think of how well that prediction turned out, who knows what’s on the cards for quantum computing. 
For now, though, the average Joe website owner doesn’t need to worry about the so-called “quantum apocalypse” just yet, and can just stick to regular SSLs for their site. For larger enterprises with an eye on the future, they may want to  start migrating to quantum safe cryptography sooner rather than later. To learn more about quantum computing, check out this article from MIT.

Share on Twitter, Facebook, Google+