This post is also available in German.
tl;dr: yes, but only if we don’t make our products and infrastructure ready.
Sufficiently large Quantum Computers will indeed break the algorithms and protocols used today to encrypt communication over the internet. Such quantum computers are still far away, but we need to start replacing today’s algorithms and protocols with quantum-resistant alternatives.
Broken Security Levels over Time
To illustrate this, consider the widely used algorithm RSA-2048. Breaking the security level afforded by RSA-2048 can be considered breaking the internet today. Over the last 30 years, technological advances have solved increasingly difficult RSA challenges and have thereby broken corresponding security levels:
Projecting from this progress, we can expect to see RSA-1024 break within the next 10 years or so while RSA-2048 remains intact. With quantum computers, however, this can change quickly: breaking RSA-2048 today takes longer than the age of the universe, a large quantum computer can do this in 8 hours.
Cryptography Today
Experts predict that quantum computers capable of breaking today’s encryption will become available within 15-20 years. This will put many applications of today’s state-of-the-art cryptography in jeopardy, such as
- browsing the web (via TLS)
- messaging apps like WhatsApp, Signal and Telegram (which use X3DH)
- Smart Cards and Smart Keys
- Online Banking
- Cloud Storage
Research and development on post-quantum cryptography is ongoing. We talked about the state of affairs, the perspectives and our work at the Quantum Summit 2022:
Preparing Post-Quantum Cryptography
What needs to happen before quantum computers become available:
- Standardize quantum-resistant algorithms (finalization expected by 2024)
- Implement new algorithms (some early adoption available)
- Update cryptographic protocols to use new algorithms (ongoing research)
- Update infrastructure to support new protocols
- Update products to use new algorithms and protocols
- Retire products that can’t do step 5.
While step 1 won’t be finalized for a few more years, we’ve already been working on steps 2 and 3. neXenio is a project partner of KBLS, which has made the following results publicly available:
- an overview of quantum-resistant algorithms: PQDB
- implementations of Kyber and Dilithium for the open-source library botan
- a TLS 1.3 implementation for botan
- a post-quantum ready TLS 1.3 client
Note that while these implementations are peer-reviewed and ready to use, they aren’t ready for production. However, we expect further changes to affect only the internal workings. On the other hand, the eventually production-ready implementations won’t be drop-in replacements for today’s algorithms. To avoid a “big-bang style” migration in favor of a more controlled iterative migration, now is a good time to start with steps 4 and 5.
Adopting Post-Quantum Cryptography
This topic deserves its own blog post, which will follow soon. The fundamental steps are
- Identify what needs to migrate
- Prepare using PQC
- Migrate to PQC
You can already continue reading external resources about
- crypto agility
- migration strategies as described by aim42 and McKinsey
- how to do post-quantum key exchange with AWS
- performance impacts on TLS as measured by Cisco & University of Mexico, AWS, and SIDN Labs referenced in a post by CloudFlare
Image sources:
- generated with seaborn and matplotlib
- source code: GitHub Gist
- data for RSA challenges from Wikiwand
- projection for quantum threat based on ETSI Whitepaper No 8. (June 2015): Quantum Safe Cryptography And Security, Section 2.2
