About twice a year, the post-quantum computing (PQC) niche of the cybersecurity industry pushes out truckloads of press releases and articles about the coming quantum computing apocalypse. In all of this content, there is little explanation regarding what this means for most people.
It seems like everyone should be concerned, based on the level of urgency the companies present. The reality, though, is no one has yet built a quantum computer capable of breaking even the most basic 256-bit encryption. The industry emphasizes, “Yet.”
NIST issues standards
This year, however, the National Institute of Standards and Technology (NIST) issued the first, approved algorithm standards to produce encryptions capable of fighting off quantum computing attacks. So we thought it would be a good idea to put together a batch of experts to explain why the rest of us should care.
The invitation was put out to a dozen experts in the PQC industry, but also to the companies tasked with implementing their products into the internet. Unfortunately, none of the PQC companies ended up accepting the invitation when they learned they would on the same platform discussing their approaches. But we did get acceptances from representatives from the other group. Our final panel was Karl Holqvist, CEO of of Lastwall;; Tim Hollebeek, industry strategist for Digicert; and Murali Palanisamy, chief solution officer for AppviewX.
The three companies both compete with and complement each other services, but all were active in the development of the standards with NIST. Our conversation is available on our podcast Crucial Tech.
Wait a minute…
However, there are still questions regarding the urgency, timing, and whether the introduction of quantum computing on an encryption-busting level is even possible in the near future.
The rest of this story is available with a subscription only.
The three panel members all agreed that the biggest problem facing us is all the encrypted data that has already been stolen on behalf of nation-state actors. Presently it is impossible to decrypt all that data, but once a powerful enough quantum computer all that data would be available to exploit. The current gold standard is 2048-bit, which would take 300 trillion years to decrypt with the world’s most powerful supercomputer. Theoretically, a quantum computer could break it in 8 hours. In reality, we won’t see that kind of computer exist for another 10 years.
Still, it is encouraging to think that we are working on solving the problem long before it actually becomes a problem. Whether that problem is a short-term or long-term issue was another argument the panel made. They said, along with many PQC companies we talked to, that level of computing might already exist, we just don’t know about it. It is doubtful, however, that a quantum computer that powerful could be created in secret.
Where do they plug in?
Like all powerful computing systems today, a quantum computer consumes an enormous amount of power. Current quantum processors, such as those developed by IBM or Google, are minuscule compared to what’s needed to break RSA-2048 encryption. They require large cryogenic cooling systems that can consume 10-25 kW. A quantum computer powerful enough to break 2048-bit encryption would, need as much as 100 MW of power. This estimate accounts for the qubit count needed, error correction overhead, cooling systems, and control electronics. The average data center consumes 10-50MW daily. Once a powerful quantum computer was fired up to break one encryption key, the power surge and heat bloom would be noticed by every spy agency in the world. But the size of the facility would be visible from space.
Even if someone was able to mask that physical signature, there is the human element to deal with.
On Oct. 23, 2019, Google published a groundbreaking scientific research article announcing, for the first time ever, a quantum computer had solved a mathematical problem faster than the world’s fastest supercomputer. The Google team had kept the article tightly under wraps. But a month earlier, a NASA employee involved with the research accidentally posted a draft of the article on NASA’s public web site. It was taken down in a few hours, but once something goes on the internet, it is there forever.
Don’t cry wolf
Encryption is core cybersecurity. The U.S. National Security Agency said (PDF) that “the impact of adversarial use of a quantum computer could be devastating to [National Security Systems] and our nation.” Encryption protects everything including medical or criminal records, bank account and credit card numbers, cutting-edge commercial research and development, and classified national security information.
However, the environmental impact of quantum computing on the environment and the ability to generate enough power is at least a great as that of artificial intelligence. The US Congress is debating the Artificial Intelligence Environmental Impacts Act of 2024, mandating the EPA to monitor and moderate effects of AI on energy, water and computing resources. This bill follows similar already enacted legislation in the EU and China.
With that in mind, corporations may want to downplay the imminence of encryption-busting quantum computers. There is already more than enough reason to upgrade our communications systems to resist attacks from quantum computers as soon as possible without scare tactics.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.