If you have been following my blogs over the past few months, you’ll know there has been a flurry of activity around quantum computing. An overwhelming consensus now exists that quantum computers of sufficient strength to break RSA and Elliptic Curve (ECC) are going to be available in the foreseeable future. But exactly when will quantum computers be available? Nobody knows for sure, but here are some observations that may help you draw your own conclusions.
The news that first made many people aware of quantum computing’s looming threat on cryptography was the NSA announcement on August 2015, in which they broadcast preliminary plans for transitioning to quantum resistant algorithms. The NSA did not include any dates as to when organizations should transition, but they were clear that no new effort should be spent switching from RSA to ECC. One could infer from this that the recommended evolution to quantum resistant crypto should take place sooner rather than later.
The second clue comes from the European Telecommunications Standards Institute (ETSI) who now predict a less than 10 year horizon in its June 2015 Whitepaper, which stated, “if the organization has a need to archive certain information or protect the privacy of online transactions for more than 10 years, and currently uses encryption techniques, then these security methods should be upgraded to known quantum safe algorithms and techniques in order to protect long-term privacy.”
And in October 2015, Microsoft agreed with the ETSI prediction, saying that “practical” quantum computers should be available within 10 years.
The European Commission PQCRYPTO project also concurred, issuing a press release that said, “The expectation is that large quantum computers will be built sometime after 2025.”
In July, at the ISC 2015 supercomputing conference, Vadim Smelyanskiy, a Google scholar working on quantum computing was even more aggressive, stating that by improving error correction, a powerful quantum computer could become available sometime between 2020 and 2025.
So the NSA, European Commission, Microsoft, ETSI and Google all seem to agree that the horizon for large scale quantum computers capable of breaking today’s cryptographic algorithms is between 2020 at the early stage and after 2025 on the more conservative side. Of course this does not take into account potential advancements made by the US Department of Defense or FBI, the UK GCHQ, China’s Ministry of State Security or Russia’s Foreign Intelligence Service, none of which will be issuing press releases when they have working quantum computers.
You may conclude that you have another 5 years before you need to worry about this quantum computing problem. Even if your organization were capable of making an immediate decision to switch to a quantum resistant algorithm and replace it quickly (which is much, much harder than one might expect) – waiting 5 years is far too late.
There is an attack methodology known as Harvest & Decrypt, in which sensitive data is collected and stored today and decrypted once quantum computers become available. This attack can potentially make all of our current secrets available in a few years. I’ll discuss this possible attack in detail in my next post.