Is Quantum Computing Threatening our Security?
July 26, 2021
Quantum computing has been getting a lot of attention recently, but more for what it promises and its potential than for what it is already known to enable. In fact, there is little consensus on what types of transformative solutions will come from quantum. While researchers and scientists have been working with quantum for years and excitement around it is growing, we don't know what impact the technology will have yet. However, this hasn’t stopped rumors and concerns from spreading. One concern we have heard often is how quantum will break current encryption techniques for security.
As a quantum scientist and the CEO of Intrinsic ID, a security company specializing in root of trust and authentication, I have a strong perspective to share about the role quantum may or may not play in the future and want to use this opportunity to establish a base line understanding so we can dispel any misconceptions. It all starts with the basics, getting a handle on the different definitions around quantum. It is important to understand that quantum mechanics are the foundation for quantum effects, which are used to create the quantum computers that can execute quantum algorithms.
This means that quantum computing is about building a computer and algorithms that exploit quantum phenomena, like superposition and entanglement. Quantum algorithms have the potential to solve some difficult problems (e.g., factoring a large number) much faster than an algorithm on a classical computer can, which makes quantum computing different from the classical computing we are used to. The fact that it allows certain operations that are impossible with classical computing is also where the impact on security comes in. Quantum algorithms can weaken the security of symmetric cryptography and even break public-key crypto, as you can see in the figure below. This is exactly where the fear of “everything quantum” comes from.
But there is also plenty of room for nuance. We need to be aware that there is no clear timeline on when these quantum computers will actually become useful and more commercially prevalent. The first quantum computers were already created in 1998, but up to now they still exist primarily in high-end research laboratories and are not yet impacting our everyday lives. Even though there have been breakthroughs in the field of quantum computing since the 1990’s, as of today a usable quantum computer still does not exist. Yes, research is speeding up with companies and governments investing billions of dollars, but we are still early in the lifecycle and we don’t expect quantum computing to be mainstream in the near term.
Preparing for what quantum will mean in the future is important and this is what the NIST’s “Post-Quantum Cryptography Standardization Process” is doing. This process is aimed at standardizing the new cryptographic protocols that will allow public-key cryptography once quantum computers break the current standards. This initiative and the challenges it must overcome in the years to come are something we all must keep an eye on.
Just like NIST, at Intrinsic ID we are watching closely how quantum computing evolves and how it relates to the technology that is at the basis of our security solutions, Physical Unclonable Functions or PUFs. What we know today is that quantum algorithms do not directly affect the mechanisms behind PUF technology. This means that all PUFs, including our SRAM PUFs, are quantum proof! However, quantum computing does impact the crypto that is typically used in combination with PUFs. So even though there is no need to make changes to PUFs themselves, the cryptography around them eventually has to follow the standards that will result from the Post-Quantum initiative of NIST. SRAM PUFs are ready to provide the crypto agility that is expected to be needed for the introduction of this Post-Quantum Crypto. As the strength of the keys will still be 256 bits, the same SRAM PUF mechanisms can be used with the same resources to provide the seeds for the Post-Quantum Crypto keys.
In summary I suggest that we embrace the development of quantum computing in a realistic manner. There is nothing to fear today. If you want to learn more about the basics of quantum technology or are interested to get a better understanding of the relationship between quantum and security, you can watch the webinar I created about this with some of my colleagues for the community website www.pufcafe.com. Don’t fear quantum, but make sure you are prepared for it!
Pim Tuyls, CEO of Intrinsic ID, founded the company in 2008 as a spinout from Philips Research. It was at Philips, where he was Principal Scientist and managed the cryptography cluster, that he initiated the original work on Physical Unclonable Functions (PUFs) that forms the basis of Intrinsic ID’s core technology. With more than 20 years experience in semiconductors and security, Pim is widely recognized for his work in the field of SRAM PUF and security for embedded applications. He speaks regularly at technical conferences and has written significantly in the field of security. He co-wrote the book Security with Noisy Data, which examines new technologies in the field of security based on noisy data and describes applications in the fields of biometrics, secure key storage and anti-counterfeiting. Pim holds a Ph.D. in mathematical physics from Leuven University and has more than 50 patents.