Quantum Threats to Modern Cryptography
Key Points
- The belief that encrypted data is safe even if leaked is challenged by the prospect of future quantum computers that could break today’s encryption, rendering all privacy and transaction integrity unreliable.
- Cryptographic schemes fall into two categories: symmetric algorithms (e.g., AES) using single short keys (128‑256 bits) and asymmetric algorithms (e.g., RSA) using paired long keys (1024‑2048 bits) based on mathematically hard problems like large‑number factorization.
- Quantum attacks, particularly Grover’s algorithm, effectively halve the security strength of symmetric ciphers, while algorithms such as Shor’s algorithm can dramatically reduce the difficulty of breaking asymmetric keys.
- As a result, current key sizes become insufficient against quantum adversaries, necessitating either substantially larger classical keys or the adoption of quantum‑resistant (post‑quantum) cryptographic methods.
- Preparing for this quantum threat is essential to preserve confidentiality, authentication, and trust in digital systems before quantum computers become capable of executing these attacks.
Sections
- Quantum Threat to Cryptography - The speaker explains how future quantum computers could break today’s encryption—rendering encrypted data vulnerable, undermining privacy and trust—and outlines the differences between symmetric (e.g., AES) and asymmetric (e.g., RSA) algorithms.
- Quantum Threat to Asymmetric Cryptography - The speaker explains that Grover's algorithm only halves symmetric key strength (remediable by longer keys), whereas Shor's algorithm can entirely compromise current asymmetric schemes, creating urgent demand for quantum‑safe cryptographic algorithms as projections suggest viable quantum attacks could emerge by 2026–2031.
- Preparing for Quantum‑Safe Cryptography - The speaker stresses immediate data discovery and classification as interim safeguards while NIST‑selected quantum‑resistant algorithms (with IBM contributions) are vetted and deployed.
Full Transcript
# Quantum Threats to Modern Cryptography **Source:** [https://www.youtube.com/watch?v=ecvCfTPRBrI](https://www.youtube.com/watch?v=ecvCfTPRBrI) **Duration:** 00:09:15 ## Summary - The belief that encrypted data is safe even if leaked is challenged by the prospect of future quantum computers that could break today’s encryption, rendering all privacy and transaction integrity unreliable. - Cryptographic schemes fall into two categories: symmetric algorithms (e.g., AES) using single short keys (128‑256 bits) and asymmetric algorithms (e.g., RSA) using paired long keys (1024‑2048 bits) based on mathematically hard problems like large‑number factorization. - Quantum attacks, particularly Grover’s algorithm, effectively halve the security strength of symmetric ciphers, while algorithms such as Shor’s algorithm can dramatically reduce the difficulty of breaking asymmetric keys. - As a result, current key sizes become insufficient against quantum adversaries, necessitating either substantially larger classical keys or the adoption of quantum‑resistant (post‑quantum) cryptographic methods. - Preparing for this quantum threat is essential to preserve confidentiality, authentication, and trust in digital systems before quantum computers become capable of executing these attacks. ## Sections - [00:00:00](https://www.youtube.com/watch?v=ecvCfTPRBrI&t=0s) **Quantum Threat to Cryptography** - The speaker explains how future quantum computers could break today’s encryption—rendering encrypted data vulnerable, undermining privacy and trust—and outlines the differences between symmetric (e.g., AES) and asymmetric (e.g., RSA) algorithms. - [00:03:12](https://www.youtube.com/watch?v=ecvCfTPRBrI&t=192s) **Quantum Threat to Asymmetric Cryptography** - The speaker explains that Grover's algorithm only halves symmetric key strength (remediable by longer keys), whereas Shor's algorithm can entirely compromise current asymmetric schemes, creating urgent demand for quantum‑safe cryptographic algorithms as projections suggest viable quantum attacks could emerge by 2026–2031. - [00:06:16](https://www.youtube.com/watch?v=ecvCfTPRBrI&t=376s) **Preparing for Quantum‑Safe Cryptography** - The speaker stresses immediate data discovery and classification as interim safeguards while NIST‑selected quantum‑resistant algorithms (with IBM contributions) are vetted and deployed. ## Full Transcript
Today, you assume that if your data escapes, as long as it's encrypted, it's no problem, because if someone gets the data, they still can't read it.
But imagine a case where if you could jump into a time machine
and go a hundred years into the future and bring back one of their computers with all its capabilities and use it to crack today's crypto systems?
Well, guess what?
They would fall.
In fact, nothing would be secret anymore.
Privacy would go out the window.
Transactions would no longer would be reliable and records couldn't be trusted.
Well, that's the threat that we're facing with quantum cracking of crypto algorithms.
So let's take a look at not only the threat, but why is this a problem and what's the nature of the problem?
Well, first of all, as you may be aware, there are different types of crypto algorithms.
There are symmetric algorithms and there are asymmetric algorithms.
Symmetric algorithms use one key; you encrypt with that key, you decrypt with the same key.
The most common example of this is the AES encryption standard, and the key links are normally in the 128 to 256 bit range in terms of their size.
So that's how that works.
Asymmetric is different.
Asymmetric, we use two keys.
One is a public key and one is a private key.
So if I encrypt with one, I decrypt with the other.
Most common example of this is the RSA algorithm.
And what's different here is the algorithms operate differently and the math behind them is different.
The key lengths for asymmetric algorithms tend to be much longer.
For instance, RSA, we're typically using 1024 to 2048 bits in length.
So really 10x the size of the keys that we were using for symmetric algorithms.
Now, just as an aside, why does this stuff work?
Well, for instance, if you're looking at an asymmetric algorithm like RSA--
Now this is not an exact example, so this is a gross approximation, just to give you an idea.
But they're strong because they rely on underlying mathematical problems that are hard to solve.
One of those is trying to do factorization.
If, for instance, I give you an example of a number like 21.
And I say, tell me what are the prime factors of 21?
Well, 7 and 3, not so hard to figure out.
Those are both prime numbers and they multiplied together, become 21.
But what if I give you a really big number like this and say, tell me, what are the two large prime factors that will multiply together to equal that?
Much more difficult to determine.
Now, again, RSA uses a lot more complexity than that, but it gives you a taste of what's involved mathematically.
Well, so let's take a look.
If our asymmetric algorithm is like this and we get a key length, that's of this size, well, then what happens if we put a quantum computer on this problem to crack it?
I'll tell you what turns out is, the algorithm effectively becomes half as strong because of a thing called Grover's algorithm.
Grover's weakens symmetric algorithms by half.
Now, the good news is, if we want to go ahead and overcome the cracking capabilities of the quantum computer,
all I have to do is just make the key twice as long.
So that's not such a hard problem to solve.
The thing we're much more worried about is in these cases with asymmetric algorithms,
even though we have really long keys, it turns out that these things fall like a house of cards against a thing known as Shor's algorithm.
Shor's algorithm is optimized for a quantum computer.
A traditional computer can't do nearly as much with that.
So with Shor's, the whole thing falls.
So what we need here is a new crypto algorithm that is going to be quantum safe.
And the good news is, we have some of those now, and I'll talk more about those in a minute.
But first of all, why do you care about this?
Because today's quantum computers are limited.
They can't crack this at the moment.
At the moment that I'm saying this.
Now, this could all change tomorrow, if somebody finds a new back door.
But just consider that today, it's okay.
But if we look into the future, crypto experts tell us, for instance, some of the projections are that there's a 1 in 7 chance that by the year 2026,
we'll be able to break these asymmetric algorithms with Shor's algorithm using a quantum computer that has enough qubits,
that is a relative measure of the power of the quantum system.
Further, the numbers look like it's 1 in 2 by the year 2031.
So if we're looking at these kind of projections, that's not so far off into the future.
So if we want to even just estimate and say, well, maybe 5 to 10 years, we'll be okay.
You might say to me, "Jeff, why do you care?
Wake me up in five years or ten years when the quantum systems get strong enough to actually break this."
And I'm going to tell you, you have to care now, because remember that time machine example in the beginning of the video?
That's what's going to happen.
We have this kind of attack where we harvest the data now and we decrypt later.
In other words, I put a sniffer on your network and I start collecting all the encrypted data that's going across your network.
Or I get a copy of your database, even though it's encrypted.
Maybe it's a backup copy of the database and it's encrypted. And we're going on that assumption
I said at the beginning, that as long as it's encrypted, we think we're safe.
Well, if I go and grab one of these systems from the future and I've kept this data, eventually the future comes to us.
And eventually I can start cracking all of the data that I harvested in the past.
All of those records now become publicly available.
That becomes a huge problem for us.
So the time to start thinking about this problem is in fact now.
In fact, if you could get into a time machine and go backwards, the time to start thinking about the problem would have been before now.
But what can we do for now?
Well, there's a number of things that we can do.
And there's there's some good news in this story.
So, for instance, what we ultimately want to get to is quantum safe cryptography.
That is a new set of algorithms that are not vulnerable to Shor's.
And those will allow us to continue to encrypt data with confidence.
But until we get there and where we're actually using these in production, then there are some things we could do to set up.
Now, first of all, to say we're not having to wait for this necessarily.
The good news is the National Institute of Standards has actually picked four algorithms that they believe are quantum safe.
Now, just as a point of pride, IBM contributed to three out of those four.
So we're doing a lot of really important research to try to protect the world against this kind of threat.
It's going to take some time to vet these algorithms fully and actually get them implemented, so what did we do before then?
Well, some of the things we should do first is basically discover where is my data.
See where all of the important information is.
Classify it and know what levels of sensitivity I'm dealing with.
Not everything is the same level of sensitivity.
Some data, maybe if someone decrypts it later and it's two years into the future, or even tomorrow, it might not matter anymore.
It's time sensitivity has expired.
But some other data has a very long shelf life and we need to protect it for decades.
So we need to understand that.
The next thing is to do an inventory.
Where is all of that data?
Once I've looked at the kinds of data I have, where is it all located?
Because eventually I'm going to need to go back and protect all of that stuff.
If I don't know where it is, I can't protect it.
And then, ultimately, I'm going to look at trying to create an ability that we call "crypto-agility".
That is, when I'm coding new algorithms, when I'm putting new functions into place, I want to make sure that I'm not just hard coding crypto algorithms in.
I want to be able to do a plug-and-play-- pull that algorithm out and put a new one in.
Pull RSA out and put it in the new quantum safe algorithm.
So crypto-agility means creating the right kinds of interfaces into our systems so that we'll have that kind of protection.
And then ultimately, when we get the quantum safe crypto, we can put that in place and now we'll have the protection going forward.
But again, this is a problem that is going to affect us in the future and we're laying the seeds for how we will deal with that right now.
Remember harvest, now decrypt later.
This is what the quantum future holds for us.
So be prepared.
Thanks for watching.
If you found this video interesting and would like to learn more about cybersecurity, please remember to hit like and subscribe to this channel.