Today’s quantum computers can’t break current cryptography schemes, but it is only a matter of time when newer generations do, given the nature of quantum computing. Classical computers store information in binary bits, represented by ones or zeros; they can address one set of inputs and one calculation at a time and can thus process information sequentially. Quantum computers, on the other hand, are based on a different paradigm, quantum physics, and use quantum bits (qubits) that can store data in a state of superposition; the data can be zero, one, or both simultaneously. As such, quantum computing can explore all possible paths in parallel, solving some of the most complex problems in minutes versus the potentially thousands of years that classical computers and supercomputers would require.
However, this computing prowess also means that quantum computers will eventually be able to break the public-key cryptography schemes that are commonly used to secure sensitive data on the internet today. Also known as asymmetric cryptography, public-key cryptography uses a public key and a corresponding private key generated by cryptographic algorithms. While public keys can be distributed openly without compromising security, the private key must be kept secret to maintain the level of security. Data can be encrypted with a public key and decrypted only with the corresponding private key.
Asymmetric cryptography provides confidentiality, authenticity, and non-repudiation. It’s part of the foundation of many internet standards, including Transport Layer Security (TLS), Secure Shell Protocol (SSH), S/MIME, and Pretty Good Privacy (PGP). Public-key cryptography is also used for email traffic and digital signatures.
Common public-key cryptography implementations utilize algorithms from Rivest-Shamir-Adelman (RSA) and Elliptic Curve Cryptography (ECC). These algorithms rely on the difficulty of solving mathematical problems such as factoring large numbers in the case of RSA and solving the discrete logarithm problem over large groups in the case of ECC.
Quantum computers will not break symmetric algorithms but will weaken their security level. To mitigate this, larger key sizes will be required. Symmetric encryption uses the same key to encrypt and decrypt the message. While faster than asymmetric encryption, symmetric algorithms provide confidentiality and are typically used for larger amounts of data. One example algorithm is the Advanced Encryption Standard (AES). To protect the integrity of messages, hash algorithms are used such as Secure Hash Algorithm (SHA). Similar to the symmetric algorithms, hash algorithms will also have their security level weakened by quantum computers; however, with larger output sizes, they can still be made quantum safe.
The largest quantum computer so far today is around 400 physical qubits; it will take 1,500 logical qubits, which translates into millions of physical qubits, to break ECC-256 and 4,000 qubits to break RSA-2048.