Google has apparently now broken through the quantum barrier to claim what many are calling “quantum supremacy.” This has sparked a lot of discussion about advances in quantum computing and how it may impact vital security functions like encryption.
In a nutshell, if Google has quantum supremacy in an application level this would mean that they can begin to execute complex computations at thousands of millions of times faster than conventional super computers. The Financial Times reported that Google’s quantum processor was able to perform a calculation in three minutes and 20 seconds that would take today’s most advanced supercomputer, known as Summit, around 10,000 years.
So what does that mean for encryption? Like any computational breakthrough, you will see adoption of its strengths in both building and breaking encryption.
Is your PKI agile enough to quickly migrate to quantum algorithms? See our buyer’s guide.
What does quantum computing mean for managing machine identities?
With classical public key (PK) cryptography, the strength and protection come from the computational power required to reverse the mathematics that make up an asymmetric keypair. The impact of quantum is that once we have a stable platform, we will be able to crack some of the classic PK algorithms. In 1994 Peter Shor proved on blackboard that we can find the factors of a number using Fourier transformation and the periodicity of prime numbers or their behavior to occur at regular intervals.
Shor’s algorithm takes every possible combination of a numbers that could make a big number and run the quantum algorithm against them and the way the waves either constructively or destructively interfere with each other. This results in only two spikes of probability for the possible numbers that could be the right answer. This could break through the most advanced PK in milliseconds and was proven on a 4-qubit photonic supercomputer.
"I have not seen true quantum crypto at this time"
That being said, I have not seen true quantum crypto at this time. The closest thing I see to this is Quantum Key Distribution (QKD), which is in some ways not unlike the traditional PK we use today. With QKD, the random secret is generated and only known to the creator, rather than the secret being protected by a mathematical function that is easy generate one way and hard to reverse. QKD leverages quantum mechanics based on the information theory where if a third party were to observe the secret it would instantly be destroyed and a new quantum secret would be generated to replace it.
The idea here is that we are generating a quantum secure key used to encrypt the secrets. So, this is going to supplement not replace traditional crypto in my opinion. We will just have to scale PK and adapt the way we manage it to be able to cope with the protection and integrations offered by quantum.
Quantum key distribution
Quantum key distribution is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key. In real-world situations, it is often also used with encryption using symmetric key algorithms like the Advanced Encryption Standard algorithm.
The main drawback of Quantum Key Distribution is that it usually relies on having an authenticated classical channel of communications. In modern cryptography, having an authenticated classical channel means that one has either already exchanged a symmetric key of sufficient length or public keys of sufficient security level.
If I were to guess, I would say that the major players like Venafi—that are already specialists at protecting millions of high-profile machine identities—will have the opportunity to quickly become market leaders in managing the quantum machine identities of the future. Since there is likely to be an even larger margin of human error while emerging technologies are being adopted, organizations will need to maximize their ability to request, track, alert, and act on the landscape in which such a critical asset is being brought into existence.
How would you gauge your organization’s readiness to transition to quantum cryptography?
See how Crypto4A is pioneering a way to secure your machine identities in a quantum present environment: