The quantum menace

An arms race is on: Quantum computers will break the security measures that underpin the foundations of the internet. Mathematicians try to save the world (and TikTok). Government agencies and Big Tech chime in.

Join me and get up to speed on a conflict that is starting to make headlines.

Disclaimer: This post is probably riddled with inaccuracies. I am not a mathematician (as will quickly become apparent) nor a cybersecurity expert.

The first commercial quantum computer, an IBM Q System One. At 27 qubits, it will not crack much. But its grandchildren will.

Enigma's mechanical encryption would not bother a quantum computer.

What is going on?!

We usually do not care much about encryption, unless we have trouble with WiFi passwords or are into historical romance novels involving the gardener of the manager of a team busy cracking Germany's Enigma machines in WW2.

"Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents."

Cryptography no longer involves mechanics, because everything can be simulated. That would not be practical, either - only 50.000 Enigma machines had been built and you wouldn't want to have to buy one before you emailed. Modern cryptography is all about mathematical puzzles.

RSA - the mother of modern encryption

Encrypting (making something unreadable) works by scrambling text according to certain rules. Decrypting requires solving a mathematical puzzle - one that is very easy to solve when you have the key and impossibly hard to solve if you don't.

For example: "21 is the product of which prime numbers - given one number is 3?" Easy: 21 = 3 x 7. Your key is a the pair 3 and 7. If you are a first-grader, solving that puzzle without the "3" hint might take you years indeed. Now, modern RSA uses pairs with up to 300 digits each.

Shor's algorithm ruins it all - enter quantum computers

We read exciting news about quantum computers and the problems they solve.

Guess what else they will solve.

A gentleman called Peter Shor proved that quantum computers can break certain puzzles like twigs - RSA, for example. The estimate is that RSA-2048 (a current recommendation) won't stand up to a quantum computer with 4,100 qubits. Google, IBM and others have 1000 qubit quantum computer planned for 2025, up from 53 in 2019. Estimates give RSA until 2030.

What is at stake

Encryption is used for securing communications (making sure nobody can intercept your emails), but also to establish trust on the internet. You don't know that you are buying from an Amazon server - you trust it, because there is a server with a valid certificate that says it is an Amazon server. All of that would come become vulnerable without encryption.

One of the worst issues are "harvest now, decrypt later" attacks. If you plan on getting a powerful quantum soon, you can collect encrypted emails and web traffic of dissidents, journalists, heads of states and competitors today. You can buy encrypted health data nobody is able to read yet. That data is almost worthless today - but it may be dangerous years down the road.

What needs to be done

In short: The mathematical puzzles need to be replaced with ones that are ill-suited for quantum computers ("quantum safe"). Data needs to be re-encrypted, new certificates issued.

This situation is being called "Y2Q", after the year 2000 problem. Although many people ridiculed the bug ("nothing happened"), that was because years of work and over $500 billion in today's money were spent remediating it.

Different than Y2K, there is no fixed deadline and data can be harvested already. Oh - and nobody has yet seen a 4,000 qubit quantum computer to test which algorithm will make it sweat.

NIST steps in!

The National Institute of Standards and Technology (a US agency) recognized in 2016 that nobody will have cat videos unless things change. They called for mathematicians to submit new puzzles. And submit they did!

A competition for academic glory was called and 82 teams from around the world participated. Most came from universities, some from security companies or Big Tech. After 3 years (interrupted by the pandemic), the winners have just been announced and will become encryption standards.

Mathematicians have lots of humor

The winners are named after the crystals in Star Wars' light sabers (Kyber) and in Star Trek's Warp drives (Dilithium).
Star Wars reigns large in mathematics: SABER, NewHope, Falcon...
Calling a puzzle "GuessAgain" is just cool.
There even was a "satirical submission".

Mathematicians battle it out (written by someone who fails at maths)

Are you ready? The new, quantum-safe puzzles fall into several categories who work completely differently. You are lucky because I'm unable to understand mathematics, but what I understood was fascinating, beautiful and very creative. These are some categories:

Hash functions

A hash function reduces text to smaller text, according to certain rules. The smallest change in the original text will produce a completely different hash. This is used to verify that a file or a message has not been tampered with. Since hash functions produce a constant output, there will always be collisions (two inputs that result in the same output). Quantum computers able to find collisions is a nightmare - we need to keep their qubits out!

In this example, "John Smith" and "Sandra Dee" produce the same hash, a collision.

Lattices

A lattice is some sort of ... grid. A multi-dimensional grid based on vectors, something only mathematicians could cook up. Lattices are all the rage.

Imagine a paper with dots on it, like a bullet journal.

On that paper, computers have to solve puzzles. For example: "Here is the clue: I give you this point. Tell me the closest point on the grid." Very easy if you have the clue (and are good with lattices, which I'm not). Insanely hard if you don't - and being a quantum computer does not seem to help.

Supersingular elliptic curve isogenies (what?)

Calculate a fancy chart (in 3D, of course, or more). It looked like a brain in a video I saw. It is probably hellish to calculate (otherwise Mr. Quantum would eat you for lunch).
Solve puzzles on the surface of the brain, such as: Find the shortest path between two points, or: Find a circular path.

Error correcting codes

A completely different puzzle: Imagine you are sending CB radio messages (walkie-talkies) to a friend. Whenever they don't understand you, they ask if you can repeat. Now, imagine you talk to a spaceship on Mars, which takes up to 20 minutes. "Repeat!" quickly gets old - you need a way to foolproof your message. This is where error correcting codes come in! It's a mathematical technique to send just the right amount of extra data for the recipient to reconstruct your message in case of transmission errors.

Puzzles in this category contain information about how to reconstruct the message. Good luck if you don't have that information, quantum computer.

And the winner is...

We have several. So you can follow the news from now on, because they are in the news:

Type

Lattice

Message encryption

CRYSTALS-Kyber
NTRU
SABER

Signature

CRYSTALS-Dilithium
FALCON

Code-based (Error-correcting codes)

Classic McEliece

Multivariate

~~Rainbow~~ (since cracked - no longer viable!)

Alternate candidates

These candidates were kept for another round of certifications - because all puzzles continue under fire from mathematicians all over the world, trying to break them. And all will be under fire from quantum computers - if you look closely, these alternate candidates are from different categories. It's a hedge against the quantum onslaught: Better to have some aces up your sleeves than start a new multi-year competition. NIST hasn't gotten four Nobel prizes for nothing!

Lattice

FrodoKEM
NTRU Prime

Code-based

BIKE
HQC

Hash-based

SPHINCS+

Multivariate

GeMSS

Supersingular elliptic curve isogeny

~~SIKE~~ (cracked as of this week!)

Zero-knowledge proofs

Picnic

Things mathematicians have to deal with

Besides the quantum menace and Big Tech waving cash in their faces, there is also ...

Spies

One type of puzzle (elliptic curve cryptography) relies on a graph (pictured on the right). You draw a straight line and bounce around where it intersects the curve - then repeat. Do that enough times and it becomes very hard to crack. Cryptocurrencies like Bitcoin and Etherium use this encryption. It is not quantum safe, so they're also in trouble. The issue with these graphs is that it is very hard to know if they are truly safe to use - they have to be vetted. NIST got in trouble because it certified one of these graphs, submitted by the NSA and containing a backdoor.

Patents and export restrictions

Algorithms can be patented and sometimes are - which has hampered the NIST competition. And yes, quantum-safe algorithms and products that contain them fall under export restrictions in most countries.

Commercialization

Finally - what's in it for Big Tech and the consulting industry? You can't help feeling that they are playing both sides.

Building and renting quantum computers

Quantum technology can theoretically make communication un-eavesdroppable, the ultimate protection. Quantum technology solves many problems and speeds up progress.

But as a side product, quantum computing makes communication insecure and creates an arms race to build faster machines.

Selling you protection

At the same time, Big Tech and consultants are ~~stoking fear~~ preparing you for the very real necessity of upgrading your gear and data. IBM builds quantum-safe servers. Google and Microsoft will release quantum-as-a-service, and everyone will tell you their clouds are where you should be headed.

Mostly, Big Tech is interested in having standards defined quickly (Googlers participated in 3 of the winning algorithms) so they can be implemented, as their infrastructure will be at risk, like everyone else's.

For the moment, there is not much to do - except following best practices around passwords and backups. A fascinating battle is unfolding, and career opportunities are opening up that not even our 21 jobs of the future had foreseen (supersingular elliptic curve isogenies, anyone?). Thank you for indulging the output of 2 weeks of weekend research - I hope you had as much fun reading as I had writing it.

Join 2000+ people who read these tips twice a week. Subscribe now!

#singularityPublished 2022-08-04 by Holger Matthies.Modified 2022-08-04 by Holger Matthies.

IBM Research, CC BY 2.0, via Wikimedia Commons

Page updated

Report abuse