The Quantum Menace
May 24, 2019
Effective quantum computing ? when it actually gets implemented ? will have profound and far-reaching implications.
Though they are entirely distinct from one another from a technology perspective, the way we think of quantum computing has some similarity to how we think about fusion power. It is one of those nebulous fields where a significant breakthrough always seems to be a long way in the future. The difference is that now the more enthusiastic forecasts are starting to suggest that useful quantum computing could appear within the next few years, rather than the multi-decade wait that is still expected for practical fusion power to finally arrive.
Effective quantum computing – when it actually gets implemented – will have profound and far-reaching implications. Some of these could require changes to commonly-accepted hardware and software development practices, as well as the replacement of installed infrastructure. The significant progression currently being made here may mean that we should begin thinking about such changes quite soon.
Quantum computing technology could hugely accelerate searches of large databases, help chemists simulate molecular behavior and perhaps lead to advances in other areas, such as artificial intelligence (AI) and machine-learning. Unfortunately, the technology could also punch significant holes in the formidable cryptographic algorithms that are employed to secure stored information, data communications, and financial transactions.
Some experts predict that a relatively powerful quantum computer using techniques such as Shor’s factorization algorithm should be able to crack hitherto-unbreakable crypto algorithms within a matter of days, or possibly even hours. The widely-used RSA-based public-key cryptography algorithm, even with a substantial key length of 2048bits (commonly referred to as RSA 2048) is seen as potentially vulnerable to quantum computing. AES and recent SHA cryptographic methods are also likely to be threatened by Shor’s algorithm running on an appropriate quantum computing platform.
Keeping Track of Quantum Computing Performance
Much as gigahertz (GHz) is used as a measure of classical CPU performance, a quantum bit (qubit) provides a standard measure of quantum computer performance. Both are easy-to-grasp units, but unlike GHz, the qubit count can often be misleading. For example, connecting a pair of 10qubit machines side-by-side does not automatically produce a 20qubit machine – mainly because their quantum bits are not working together (they are not entangled, to use correct terminology).
Another common issue with the qubit is that it can be somewhat unreliable. Processing the same problem may produce different answers on each run through the quantum computer. So, to be more meaningful, a qubit number should be accompanied by an indication of the error rate. Recent announcements from some companies have described quantum computers that claim more than 100 error-free qubits.
Is it Time to Start Worrying?
Despite these fears, it still seems relatively clear that we can delay rolling out quantum-resistant cryptography for a few years at least. In 2018, a panel of experts brought together by the U.S. National Academies of Science, Engineering & Medicine concluded that despite advances in the field, it was still ’highly unexpected’ that quantum computing methods would crack RSA 2048 within a decade.
Other incidents/events that forced expensive hardware and software changes to be carried out (such as the global Y2K issue and even major OS upgrades) give us some idea of the potential upheaval that quantum computing could cause in the future. However, the majority of these events were predicted well in advance, often down to the day they happened. In contrast to this, a significant quantum breakthrough is not possible to anticipate with such accuracy and might come much sooner, or much later, than initially estimated.
Mitigating the Quantum Threat
Back in 2016, the U.S. National Institute of Standards and Technology (NIST) issued a public call for post-quantum public-key cryptographic algorithms. There are indeed various methods that are theoretically far more resistant to being cracked by quantum computing as it is currently understood. However, most of the huge base of proven cryptography found in deployed devices does not rely on these methods. This is mainly because they are substantially more costly in terms of the energy they consume and hardware footprint they take up.
Sci-fi writer William Gibson famously noted that, "The future is already here – it's just not very evenly distributed." Should we be concerned that one country or company will take advantage of a secret quantum computing breakthrough? In November 2018, quantum computing entrepreneur William Hurley, downplayed this fear, telling Mouser’s Benchtalk how “Every single quantum researcher is working with others from around the world right now. So if you want progress, you can’t lock it down.”
Implications for Developers
If we accept that quantum computing advances could threaten our current generation of cryptographic algorithms, then we must be ready for a radical change. The first step will be looking into which algorithms are deemed quantum-resistant or can be upgraded to make them quantum-resistance – with an eye on recommendations from organizations such as NIST.
Software will need to be updated. Quantum-resistant crypto algorithms are likely to require more computing power – perhaps orders of magnitudes more. For example, one proposed RSA upgrade suggests going from a 4kbit key length to a rather daunting 1Tbit key length to ensure adequate quantum-resistance.
We should understand that quantum computers will certainly not replace traditional computing technology wholesale. A quantum computer might well be brilliant at working out the most efficient network route, but it won't replace the switches and other hardware responsible for carrying out that routing. In fact, widespread use of quantum computing will probably drive higher demand for traditional computing products. This is undoubtedly true in the short term – due to upgrade and replacement of potentially outdated and outclassed technology. It may also have some credence in the longer term too – because new, previously unexplored, applications will suddenly start to become feasible. So, while quantum computing is destined to be a disruptive technology, it will augment our current technological landscape rather than supplanting it.