When quantum physics calls Internet security into question.

What is a quantum computer?

Since information technology is part of daily life, everybody now knows that a computer operates using a binary system with the “bit” having a value of ‘0’ or ‘1.’

A quantum computer operates in a completely different way.
Matter has astonishing properties in a sub-atomic state. One of them is “superposition.” That is to say that a particle may be ‘0’ or ‘1’ but also both at the same time and this, in proportions varying from 0 to 100%. It is on this characteristic that the qubit (or quantum bit) is based and it may thus have a considerable number of values. This gives the quantum computer extraordinary processing powers.

However, working in a sub-atomic state presents certain constraints and technological challenges. Among others, in order to maintain the value of a qubit in a stable state, it is necessary to work under extremely low temperatures in the order of -273°C, i.e. close to absolute zero.

When will we see quantum computers on our desks?

At the end of 2015, the company D-Wave presented the second version of its “quantum computer,” the D-Wave 2X. It was a black box the size of a garden shed that Google and NASA acquired for 15 million dollars. Difficult to imagine on your desk!
Google researchers announced that they had performed calculations 100 million times faster than with a conventional computer. And that is only the beginning: the quantum computer should be able to execute in one second what current machines would take 10,000 years to do.

Unfortunately, the D-Wave 2X is effectively nothing more than a quantum calculator, not a quantum computer. It is a very specialised machine that is only capable of resolving a single optimisation algorithm (simulated quantum annealing) unlike a conventional computer.


Increased risks of hacking?

Internet security – regardless of whether it concerns online purchases, electronic signatures, SSL connections, etc. – is based on encryption keys (RSA). The length of these keys makes their decryption by brute-force attack impossible within a reasonable period since the attack consists of trying all combinations of a code in order to “end up” with the right one. With current technology, asymmetric encryption keys require approximately a decade of processing time to “crack.”

This same exercise would be performed by the future quantum computer within a period of approximately one second with a constant key length. Thus, all Internet exchanges, both by private individuals and by companies, would be weakened.

Obviously, taking their cost into account, these computers will be initially reserved for big businesses and governments. What about remote takeover of such machines for malicious purposes? Moreover, like many technologies, this one will undoubtedly have to democratise.

Protection measures already under study

Although the quantum computer does not therefore totally exist, considerable advances have been made. NSA itself takes the subject very seriously and considers that the progress made in this field is sufficiently significant to merit reinforced security standards.

“There is growing research in the area of quantum computing, and enough progress is being made that NSA must act now to protect NSS by encouraging the development and adoption of quantum resistant algorithms.”
NSA, January 2016

Matching words with action, it raised its cryptographic standards by considerably increasing the size of its encryption keys.

For their part, mathematicians have not been left out. Since 2016, they meet regularly at the international “Post Quantum Cryptography” conference to reflect on algorithms capable of resisting attacks from future quantum computers.

Although the quantum computer is not exactly for tomorrow, it nevertheless represents a race against the clock that has been undertaken to preserve Internet security.


Olivier Gévaudan
NTIC risks loss adjuster, GM Consultant Group