Make no mistake about it, the future of computing is quantum,
‘Quantum computers… make direct use of quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data… Large-scale quantum computers will be able to solve certain problems much more quickly than any classical computers that use even the best currently known algorithms… There exist quantum algorithms, such as Simon’s algorithm, that run faster than any possible probabilistic classical algorithm.’
What this means is that computers in the not distant future will be able to perform calculations and solve mathematical problems much faster than any conventional computer around today.
To cryptographers this is a big problem, because although strong modern cryptographic algorithms (ciphers) are regarded as being secure for tens if not hundreds of years against conventional computer-based decryption methods (we have calculated that it would take one of the fastest supercomputers currently in existence around 1 billion years to crack a 128-bit AES key by brute force,) a quantum computer could (at least in theory) make mincemeat of them.
According to Michele Mosca, co-founder of the University of Waterloo’s Institute for Quantum Computing,
‘The cryptography tools that are the foundation of cybersecurity are all threatened by quantum computation. Once we fully harness the quantum world it could complete shatter the currently deployed public key cryptography… and it can sufficiently compromise symmetric key ciphering. That’s the catastrophe looming.’
This would allow someone with access to a quantum computer to readily decrypt vast amounts of highly sensitive and classified information. Of course, no-one has yet developed a quantum computer capable of this, but the NSA is throwing vast resources at developing as ‘a cryptologically useful quantum computer,’ and even commercial projects are beginning to show promising results.
Not one to take chances (and who would know better about the current state of play when it comes to quantum computing?), the NSA has announced plans to retire the algorithms it currently uses to protect classified and unclassified information, and to transition towards ‘quantum resistant algorithms’,
‘IAD [Information Assurance Directorate] will initiate a transition to quantum resistant algorithms in the not too distant future. Based on experience in deploying Suite B, we have determined to start planning and communicating early about the upcoming transition to quantum resistant algorithms. Our ultimate goal is to provide cost effective security against a potential quantum computer.’
While it will continue for now to use its current recommended toolkit of cryptographic algorithms (called ‘NSA Suite B Cryptography’), it recommends that partners and vendors no longer bother transitioning them.
Suite B Cryptography includes the NIST approved ciphers currently regarded as gold standards in encryption, including Advanced Encryption Standard (AES -128 and AES-256), Elliptic Curve Digital Signature Algorithm (ECDSA), Elliptic Curve Diffie–Hellman (ECDH) , Secure Hash Algorithm 2 (SHA-256 and SHA-384), and RSA. As regular readers of these pages may note, these are standards widely used by the VPN industry because they are currently considered among the very best available.
‘Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be.’
Rather alarmingly, Mosca predicts that by 2026 there is a 1-in-7 chance that a quantum computer could break RSA-2048 encryption (the US government has declared RSA-2048 safe until 2030).
So what does this mean for VPN encryption? Well, it’s not time to panic yet, as a quantum computer capable of defeating modern encryption does not yet exist. However, VPN users (and indeed all users of services that rely on encryption) should be aware the NSA stores collected communications that it cannot now decrypt (or is too arduous for it to decrypt) on its vast data banks, with a view to decrypting it at some future time.
Now this does mean that when the NSA eventually develops a quantum computer (and it is likely to be one of the first organizations in the world to do so, and may even keep such a development secret from the public), it will spend an awful lot of time and resources decrypting, however, should be aware that although they may be protected by encryption now, their actions may come back to haunt them.
In the long run it is almost certain that as quantum computers become more common, and access to them democratized, quantum encryption techniques will be developed that match quantum decryption capabilities and will become available to ordinary internet users. There will, however, be a window of time in which the likes of the NSA have a near monopoly on quantum computing technology, and which will give it a terrifying advantage over ordinary people who simply wish to keep their activities private, and do not like the idea of big brother looking over their shoulders at all times…