Quantum computing will break the encryption used in e-commerce and VPNs someday. The race is on to develop quantum-safe algorithms and procedures before that happens. The remedy will be found in physics or mathematics.

“When you come to the fork in the road, take it.” – Yogi Berra

For cryptologists, Yogi Berra’s words have perhaps never rang more true. As a future with quantum computing approaches, our internet and stored secrets are at risk. The tried-and-true encryption mechanisms that we use every day, like Transport Layer Security (TLS) and Virtual Private Networks (VPN), could be cracked and exposed by a hacker equipped with a large enough quantum computer using Shor’s algorithm, a powerful algorithm with exponential speed over classical algorithms. The result? The security algorithms we use today that would take roughly 10 billion years to decrypt could take as little as 10 seconds. To prevent this, it’s imperative that we augment our security protocols, and we have two options to choose from: one using physics as its foundation, or one using math – our figurative fork in the road.

The current state of encryption

To understand how to solve the impending security threats in a quantum era, we need to first understand the fundamentals of our current encryption mechanism. The most commonly used in nearly all internet activities – TLS – is implemented anytime someone performs an online activity involving sensitive information, like logging into a banking app, completing a sale on an online retailer website, or simply checking email. It works by combining the data with a 32-byte key of random 1’s and 0’s in a complicated and specific way so that the data is completely unrecognizable to anyone except for the two end-to-end parties sending and receiving the data. This process is called public key encryption, and currently it leverages a few popular algorithms for key exchange, e.g., Elliptic curve Diffie-Hellman (ECDH) or RSA (each named after cryptologists,) each of which are vulnerable to quantum computers. The data exchange has two steps: the key exchange and the encryption itself. The encryption of the data with a secure key will still be safe, but the delivery of the key to unlock that information (key distribution) will not be secure in the future quantum era.

To be ready for quantum computers, we need to devise a new method of key distribution, a way to safely deliver the key from one end of the connection to the other.

Option 1: Pre-shared key secrets using physics

Imagine a scenario wherein you and a childhood friend want to share secrets, but can only do so once you each have the same secret passcode in front of you (and there are no phones.) One friend has to come up with a unique passcode, write it down on a piece of paper (while maintaining a copy for themselves,) and then walk it down the block so the other has the same passcode. Once you and your friend have the shared key, you can exchange secrets (encrypted data) that even a quantum computer cannot read.

While walking down the block though, your friend could be vulnerable to the school bully accosting him or her and stealing the passcode, and we can’t let this happen. What if your friend lives across town, and not just down the block? Or even more difficult – in a different country? (And where is that secret decoder ring we got from a box of sugar-coated-sugar cereal we ate as kids?)

In a world where global information transactions are happening nonstop, we need a safe way of delivering keys no matter the distance. Quantum physics can provide a way to securely deliver shared keys quicker and in larger volume, and, most importantly, immune to being intercepted. Using fiber optic cables (like the ones used by telecommunications companies,) special Quantum Key Distribution (QKD) equipment can send tiny particles (or light waves) called photons to each party in the exchange of data. The sequence of the photons encapsulates the identity of the key, a random sequence of 1’s and 0’s that only the intended recipients can receive to construct the key.

Quantum Key Distribution also has a sort of built-in anti-hacker bonus. Because of the no-cloning theorem (which essentially states that by their very nature, photons cannot be cloned,) QKD also renders the identity of the key untouchable by any hacker. If an attacker tried to grab the photons and alter them, it would automatically be detected, and the affected key material would be discarded.

Option 2: Math secrets – the other fork in the road

The other way we could choose to solve the security threats posed by quantum computers is to harness the power of algorithms. Although it’s true the RSA and ECDH algorithms are vulnerable to Shor’s algorithm on a suitable quantum computer, the National Institute of Standards and Technology (NIST) is working to develop replacement algorithms that will be safe from quantum computers as part of its post-quantum cryptography (PQC) efforts. Some are already in the process of being vetted, like ones called McEliece, Saber, Crystals-Kyber, and NTRU.

Each of these algorithms has its own strong and weak points that the NIST is working through. For instance, McEliece is one of the most trusted by virtue of its longstanding resistance to attack, but it is also handicapped by its excessively long public keys that may make it impractical for small devices or web browsing. The other algorithms, especially Saber, run very well on practically any device, but, because they are relatively new, the confidence level in them from cryptographers is still relatively low.

With such a dynamic landscape of ongoing efforts, there is promise that a viable solution will emerge in time to keep our data safe.

Which side of the fork should we take?

The jury is still out. We at Verizon and most of the world rely heavily on e-commerce to sell our products and encryption to communicate via email, messaging, and cellular voice calls. All of these need secure encryption technologies in the coming quantum era. But whether we choose pre-shared keys (implemented by the awesome photon) or algorithms, further leveraging mathematics, our communications software will need updating. And while the post quantum cryptography effort is relatively new, it is not clear which algorithms will withstand scrutiny from the cryptographic community. In the meantime, we continue to peer down each fork in the road to seek the best option to take.

About the author(s):

William F. Copeland, Distinguished Engineer, Applied Research Lab, has been building networks for over 20 years and is part of the quantum technologies team at Verizon. He spoke at the 2019 ETSI Quantum Safe Cryptography Workshop, and his group has trialed quantum key generation, quantum key distribution (QKD) over fiber, and is looking at ways to use them to enhance Verizon’s data security.