By Christopher Mims
National-security experts and politicians have a message for
America: A significant portion of the sensitive data we have today
is going to be cracked by foreign powers in the not-too-distant
future, and there is nothing anyone can do about it.
But we might be able to stop them from decoding the data we
produce down the road, if we act quickly enough.
The danger comes from an ultrapowerful and still-experimental
technology called quantum computing -- which leverages the quantum
properties of atoms to quickly compute problems that no
conventional computer could crack. China has already launched the
equivalent of a Manhattan Project in order to achieve this end, say
experts, and companies like Google, Microsoft and IBM are all
pushing ahead with their own efforts to create quantum
computers.
Quantum computers, which are still in the very early stage,
could revolutionize any number of real-world tasks, from
researching new materials to picking the best route for delivery
drivers. But right now, what many experts worry about is the
problem of security.
"Whoever gets to true quantum computing first will be able to
negate all the encryption that we've ever done to date," Rep. Will
Hurd, R-Texas, has said.
The critical race
This is why China and Russia are hacking every system they can
get into, including banking, health care, military and
intelligence, and downloading huge troves of data, added Rep. Hurd.
The information is currently indecipherable to them, but could
become intelligible with quantum computers.
In the future, hackers could also intercept and decrypt new data
as it is produced. If we don't act in time, it is possible that a
foreign power with a sufficiently powerful quantum computer could
hack into central nodes of the internet, capture the fire hose of
traffic passing through them and start decoding much of what we now
consider secure.
Researchers and security agencies are trying to beat foreign
governments to the punch by coming up with quantum computers and
new encryption methods as quickly as possible. But they face
technical stumbling blocks, such as coming up with standards for
researchers to use and then rolling out new measures in time. There
are potential interim solutions, but some experts fear that even
those can't be implemented quickly enough, as quantum projects ramp
up overseas.
Quantum computers are so different from conventional computers
that, arguably, the only thing the two have in common is that they
both compute. Rather than circuits and processors, the new
technology uses complex physics to cram large amounts of
information into a single subatomic particle.
To completely mathematically describe a caffeine molecule, for
example, would require a conventional supercomputer so big that it
would occupy 1/10th the volume of the Earth, says Arvind Krishna,
IBM's senior vice president of cloud and cognitive software. A
quantum computer that could do the same would be the size of a
coffee table.
Today's data are encrypted using systems that can only be
cracked by software that can factor very large numbers, sometimes
over 300 digits. This is an extremely difficult problem for a
conventional computer but a relatively trivial problem for a
quantum computer.
Currently, even if someone obtained a copy of everyone's bank
record in the U.S., good cybersecurity practice means that the
information is almost certainly encrypted in a way that has
rendered it into incomprehensible gibberish. But once quantum
computers can crack the encryption that is typically applied to
data as it is transmitted and when it is at rest, all bets are off,
says Dr. Krishna.
Thus, if a quantum computer of sufficient power could be built,
passwords, financial transactions, emails, text messages,
intellectual property, secret communiqués within and between the
CIA, NSA, FBI, the rest of the federal government and all of our
most important military assets -- it would be as if all of it were
suddenly being sent in the clear, unencrypted.
Experts at work
The good news is that many of the smartest mathematicians and
cybersecurity experts in the world, employed by Google, Microsoft,
IBM and the federal government, as well as many other tech giants,
are well aware of the problem and have been cooking up solutions
for years.
They're working on a completely different scheme of encryption,
called quantum-safe encryption. This kind of encoding can be
achieved by today's computers, in about the same amount of time
that current encryption requires, but it can't be cracked by
conventional or quantum computers, hence the moniker "quantum
safe."
There are dozens of proposed algorithms for quantum-safe
encryption, but the most popular approach, called lattice
encryption, works by encoding information in a multidimensional
"lattice" of data. Picture a three-dimensional grid of dots, add
another hundred or so dimensions, and you get the idea.
But before quantum-safe encryption can get everywhere that it
needs to be, it must first become an agreed-upon standard, and then
developers, companies and government bodies must translate it into
code and insert it into countless services and systems.
A project to create standards at the National Institute of
Standards and Technology began in 2016, and probably won't be
completed until around 2022, says Dustin Moody, a mathematician at
the institute and the project lead for the institute's post-quantum
cryptography standardization project.
If history is any guide, rolling out this quantum-safe standard
will subsequently take five to 10 years, he adds. That transition
could be sped up if there were a greater sense of urgency around
this problem, and that is exactly what we need, says Dr.
Krishna.
"Quantum computers will crack today's encryption within a
decade," he adds.
IBM's researchers are working on lattice-encryption algorithms,
and some of the ones they have created are under consideration by
NIST, which is in the process of narrowing down a list of 26
possible quantum-safe algorithms.
It is important to note that 10 years is on the more aggressive
end of predictions for when dangerous quantum computers will come
online -- "Q2K," as Rep. Hurd has called it. Others think it could
take 15, 20, even 30 years, says Elsa Kania, an adjunct senior
fellow at the Center for a New American Security who has
interviewed dozens of experts on this topic and is a co-author of a
report on the threat of quantum technologies.
In a way, it is the Y2K problem all over again, except this time
it is about encryption instead of truncated dates. Of course, Y2K
wasn't the disaster everyone thought it might be, in part because
we updated critical systems in time; if we can do the same in
anticipation of quantum computers, things could continue humming
with the only inescapable outcome being a retroactive decoding of
decades-old data by foreign governments.
A December 2018 report from the National Academy of Sciences
cautions that there are many unknowns about how quickly physicists
and engineers will be able to achieve quantum computers powerful
enough to be a threat to current encryption schemes. Some of these
schemes can be made quantum safe even without complex fixes like
lattice encryption, simply by doubling the length of the "key," or
the large numbers used to encipher data, a solution that would be
easy to implement on current systems.
The report also allows, however, that the field of
quantum-algorithm design is still in its earliest stages. It is
possible that there are yet-to-be-discovered algorithms that are
much more efficient than the ones that have been proposed, which
could move up by years the date by which quantum computers will
defeat classical encryption.
The incentive to do so is tremendous, which is why "I think it's
widely believed that any government with a good amount of resources
would be actively working on this," says Dr. Moody.
China's government is nearing completion on construction of an
880-acre national laboratory for quantum information science and
technology in Hefei, and the country's scientists regularly set
world records for the size and power of their quantum computers.
China is spending tens of billions on researching quantum computing
and related application in communication and sensing, says Ms.
Kania, and U.S. spending is low by comparison, on the order of $1.2
billion at the federal level, through the National Quantum
Initiative Act. If there is a modern-day equivalent of the
Manhattan Project happening anywhere in the world in order to
achieve a quantum computer, it is happening in China and not the
U.S., she adds.
Yet even if Google, Microsoft, IBM, the NSA or the labs
provisioned by other governments revealed tomorrow a quantum
computer of sufficient power, "the transition to quantum-safe
algorithms won't happen instantaneously," Dr. Moody says. "Even
when there are urgent threats, it doesn't happen as easily and
quickly as people would like."
Mr. Mims writes The Wall Street Journal's Keywords column. He
can be reached at christopher.mims@wsj.com.
(END) Dow Jones Newswires
June 04, 2019 07:27 ET (11:27 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Apr 2024 to May 2024
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From May 2023 to May 2024