Aspectre is haunting our networked world. It’s the prospect of quantum computers. These are machines that harness some of the weirder properties of subatomic particles in ways that would make them exponentially more powerful than the computers we use today.
Existing computers are based on manipulating digital bits that can be either 1 (on) or 0 (off). Quantum machines, in contrast, work with qubits, which can be on and off simultaneously. (And, yes, I know that seems nuts, but then so does much of subatomic physics to the average layperson.) Such machines are fiendishly difficult to build, but about 80 or so small-scale ones already exist, with qubit counts ranging from five to 400. So that looming spectral presence is beginning to put on weight. And if researchers find a way of reliably scaling up these machines, then we will have moved into uncharted territory.
Why? Basically, because we have become a networked species, and as our lives and industries have moved online, all of our communications have become vulnerable to surveillance and manipulation by bad actors, public and private. To counter that, we have developed end-to-end encryption systems for making our communications – whether personal or commercial – more secure.
The key tool for providing that protection is a technology called public-key cryptography. It was originally conceived by British engineer and cryptographer James Ellis at GCHQ in 1970, but only broke into the public domain in 1976, when his US counterparts Whitfield Diffie and Martin Hellman came up with a practical method for establishing a shared key over an open communications channel without using a previously shared secret code. This approach was then formalised by three Massachusetts Institute of Technology scientists, Ronald Rivest, Adi Shamir and Leonard Adleman, and became the RSA algorithm (based on the first letters of their respective surnames).
Public-key systems work on what mathematicians call “one-way functions”. For RSA, it’s multiplication. It’s easy to multiply numbers, but hard to factorise them. And if the individual numbers are very large prime numbers, then deducing the two factors that produced them rapidly becomes very difficult. In the RSA system, the big number becomes an individual’s public key, which they can release to anyone (for example, in an email footer), and one of the primes becomes their private key. Anyone who wishes to communicate securely with them encrypts their message using the public key. But because only the recipient knows the private key, decryption is easy.
In practical encryption systems (such as the ones that secure Signal, Telegram, WhatsApp, iMessage, etc), all this stuff happens invisibly, through computation. What makes it secure is that the public key is, to all intents and purposes, uncrackable by brute-force computing. One estimate I’ve seen of how long it would take a 2019-era supercomputer to break a 256-bit key runs into trillions of years!
So essentially the security of our networked world rests on the inability of computers to break the encryption systems we use. For a long time, that was a comforting thought. But the advent of quantum computing has somewhat undermined such complacency. A large quantum machine may make light work of a task that defeats even a conventional supercomputer. Worse still, it’s possible that some bad actors are already hoarding encrypted messages in anticipation of being able to break them when a suitable quantum machine arrives.
A pressing question, then, is when that moment may arrive. At present, nobody really knows. It’s a bit like nuclear fusion. Quantum evangelists claim that it’s only a few years away. At the high end, some observers think it’s 30-plus years away and there are sceptics who find the whole idea implausible. But then it’s not that long since people thought that large language models were pie in the sky. So it may be prudent not to be too complacent.
That’s certainly the view taken by Signal, one of the providers of the encrypted messaging service that I and many of my colleagues use. “We are not in a position to judge which timeline is most likely,” says a recent post on the Signal blog, “but we do see a real and growing risk which means we need to take steps today to address the future possibility of a large enough quantum computer being created.”
The folks at Signal are taking one of the four post-quantum cryptography algorithms that have been chosen by the US National Institute of Standards and Technology to withstand attacks by quantum computers, but instead of using it to replace their existing public-key encryption system, they are layering the new algorithm on top of what they already have. “We are augmenting our existing cryptosystems,” they say, “such that an attacker must break both systems in order to compute the keys protecting people’s communications.” And they will be rolling out this augmented system to all users in the next few months.
Sounds prudent. “Belt and braces” is how my grandfather would have described it. And his trousers never fell down.