The Imminence of 'Elegant Force'​ Decryption...

...and the End of Public Key Cryptography?

A research paper released by Google last week (referenced here by CNET) suggests that the mega-tech company may have recently achieved 'Quantum Supremacy' in quantum computing, surpassing IBM and other leaders in the field. While there has been much hype regarding the revolutionary potential of quantum computing, this particular development, if confirmed, will have far-reaching implications for computer-based security, consumer and corporate privacy and, particularly, crypto-currency.

A (Really) Brief Introduction to Quantum Computing

Today's computers, for lack of a better description, are REALLY fast, REALLY powerful, and, for the most part, very reliable. This is good because computers play a fundamental role in almost every aspect of daily life from waking us up in the morning to processing the payment for the six-pack of beer you buy on the way home from a long day at the office.

Because computers are so pervasive and ubiquitous, we have come to rely on them for almost everything. In particular we trust technology to contain, protect, and -- when we choose --share our personal information (identity information, bank account numbers, credit card data, etc.). Those actions, by and large, are protected by sophisticated algorithms and protocols that are intrinsically difficult to subvert through traditional means. For example, breaking a common encryption protocol known as AES-128 would take about 1 billion years using contemporary technology. That's pretty reliable...

Enter 'quantum computing' -- most of us have heard the term in recent years, largely in the domain of future science or science fiction. It is a revolutionary and somewhat poorly understood approach to computing, relying on the 'fuzzy' reality of sub-atomic physics to perform amazingly fast computations. Until very recently, the various claims of creating a working quantum computer have been met with mush suspicion and considered impractical at best.

That began to change in 2010, when the first confirmed quantum computing device was announced, comprised of a single electron quantum-bit (or 'qubit'). It couldn't do much in terms of computational power, and was mostly seen as a curiosity with no immediate real-world use. From there, however, steady advances were made, and, in March 2018, Google announced the development of a 72-qubit quantum computer code-named Bristlecone. It was heralded at the time as the most sophisticated functional quantum computer ever built.

And just last week, in a released-then-recalled research paper Google claimed to have made a substantial breakthrough using Bristlecone to demonstrate quantum computing as a true and realizable capability. What is it, and why is it so important? We'll get there shortly...

Quantum Computers - 'All' Solutions, All-at-Once

Why can quantum computing achieve so much more than traditional computers? Put simply -- and foregoing any of the really complex math needed to demonstrate it -- quantum computers can calculate all possible solutions to a problem and eliminate the wrong solutions almost immediately. This means that, where a traditional computer would have to perform billions of calculations one-after-the-other, a quantum computer performs them all at once or in just a few passes.

In the aforementioned research paper, Google claims to have used the Bristlecone platform to demonstrate that concept by solving a complex mathematical problem --one that would take the most powerful conventional computer 10,000 years to solve -- in just three minutes. Yep, that, folks... is a big deal.

Is Modern Cryptography Toast?

So why is this potentially game-changing in the world of cryptography? Current cryptographic methods rely on very complex, very large algorithms to encrypt and protect data. The newest of these algorithms is essentially impervious to brute-force hacking using contemporary technology. As such, this approach has become a very heavily relied upon defense against information theft (e.g., most crypto-currency wallets use only a public/private key pair for storing and transferring coins among individuals and institutions).

Google's recent accomplishment in quantum computing, if confirmed, implies that the algorithms underlying current cryptographic methods will become almost trivial to crack. This, in turn, suggests that public key cryptography is in jeopardy of becoming far less secure and, perhaps, obsolete.

Granted, this new quantum computing platform is by no means easily reproducible; the scientific knowledge required, along with the cost of building such a platform present tall barriers to acquisition. However, the fact that it has been demonstrated successfully in the wild would suggest that it will soon be available to those who can afford it (I'll leave imaginative conclusions to the reader).

Holy Crud! What Now?

If nothing else, this development highlights the fact that people and organizations should not rely solely on cryptography as a means of securing data. That's true regardless of this new technology, and is in fact good practice in general; crypto-keys, after all, can be 'acquired' through other means like social hacking. Implementing additional measures like VPN, firewalls, etc. are ever-important to a solid security/privacy policy. Perhaps this development will, at the very least, encourage more diligence and tighter adherence to best practices.

And, of course, information scientists and cryptographers are already working on algorithms and methodologies that are resistant to quantum computing attacks, in many cases leveraging the same quantum techniques to share encryption details securely. So, the ecosystem will continue to evolve much as it has in the past with ongoing progress made on each side.

Bottom Line

It's probably too soon to convert all of your financial assets to cash and hide it in your mattress. It is, however, time to take a hard look at your company's overall security policy and make sure that it is robust and that it leverages a layered approach to protecting digital assets.

Multi-layer, multi-factor security protocols not only protect against sophisticated physical and social attacks, but allow for seamless enhancement or replacement of individual layers as it becomes necessary.

Published by:

Joe Fuqua

Information Strategist | Data Scientist | Public Speaker