(Protocol.com) Cncerns about a code-breaking cataclysm have grown after Google’s announcement of quantum computational supremacy in November 2019, with some even calling it a “quantum apocalypse.” Such a scenario isn’t science fiction, but it is unlikely, in part because researchers are already hard at work developing countermeasures to quantum computers.
“Once we have a quantum computer at scale in a future world, cryptography will have to be different,” says Kristin Lauter, a cryptologist at Microsoft. “We’ll have to choose different systems in order to be secure.”
Right now, Google’s Sycamore computer has about 50 working qubits. Breaking 2048-bit RSA, a standard encryption scheme, would take a quantum computer with 20 million qubits 8 hours. Most researchers estimate it will take somewhere between a decade and two decades to reach this point.
There are two main approaches to securing communications from powerful quantum computers: quantum key distribution and quantum-resistant algorithms.
Quantum key distribution, or QKD, uses principles of quantum mechanics to create a secure key. Jon Dowling, a physicist at Louisiana State University, playfully likens it to a wax seal that’s “guarded by the ghost of Heisenberg.” The downside is that QKD requires expensive new infrastructure including new satellites and new fiber optics.
Since 2016, the National Institute of Standards and Technology has been holding what amounts to a competition to figure out which quantum-resistant algorithms will become the new standard for public-key encryption.
On the other hand, quantum-resistant algorithms would invisibly replace current algorithmic security. Also known as post-quantum cryptography, or PQC, these algorithms would operate like current public-key encryption. One worry is that none of the quantum-resistant algorithms has been proven to be quantum-proof, and they may never be. “Here’s the worst-case scenario: You could spend billions rolling out post-quantum cryptography, and then Shor 2.0 comes along and says, ‘Actually, this is hackable on a quantum computer,'” Dowling says.