Quantum Computing: The (Eventual) End of Online Privacy

There was a story that came out of China last week about how researchers over there had used quantum computing to break a certain type of common encryption algorithm.

The claim was somewhat debunked later, but here is a problem with digital secrets. As time goes on, there is a “natural” decay in how secure secrets are, because computers get faster year-on-year.

There are two ways to unlock encrypted data. You either have the key, or you have to guess the key. (Assuming there are no problems with the encryption algorithm, you have to guess the actual key. If there are problems with the algorithm, you can find some “exploity" hack.)

Guessing the key is computationally expensive in terms of time. The principle is to have a key strength that is so strong that to go through every possible combination would take a period of time measured as “how close is this period to the heat death of the universe?” But, as computers get more powerful, the “time to crack” period steps back exponentially.

There is also another wrinkle to all this in terms of quantum computing. The pun is not intended, but quantum computers promise to be a “quantum leap” in terms of clipping that “time to crack” time back. (Long time 80s kids might be interested to know that NBC rebooted Quantum Leap last September, but the reviews aren’t great.) The worry is that quantum computing can take – making up numbers here – encryption that would millennia to crack conventionally, take a few days.

These days, we roughly encrypt data in two ways – data in motion (as it moves from client to server), and data at rest (as it sits in storage somewhere). The former is used to prevent eavesdropping and is a simple problem to solve as all you have to do is change the method used for encryption.

The former is substantially spicier. If you happen to have some stolen data today that would take millennia to crack, if you have that data and a quantum computer (that works) that data is no longer secret.

Imagine if you will SPECTRE having an encrypted list of all the world’s spies, which it can’t open, and then one day someone builds a quantum computer under a volcano and, suddenly, not to secret. (This is why security services gather data today that they know they can’t open, and why security services also try to make their encryption methods resistant to quantum computing pressures.)

To tie this back to real world issues – a few weeks ago LastPass had their customer vaults stolen. Today, not an issue. Tomorrow, that will get cracked. That data is out there, in the same way those embarrassing photos of you at Brian(ne)’s stag/hen night might cause you some problems if you’re trying to become an MP.

The issue is this – digital secrets aren’t secrets forever. There might be some classifications of data where exfiltration carries some risk even if it is encrypted. No, no one is probably going to care about an encrypted Excel file of mattress deliveries that your mattress shipping company made. But, if you happen to support women to get terminations in a country where it’s illegal to have one, it’s probably never safe to record that data digitally.

Like every secret that we human’s keep, there’s no such thing as an unleakable secret. The question is then, is there some data that you have that you can’t ever risk getting out there?

By Matthew Reynolds