True quantum computers don't exist yet, but cryptography needs to evolve for when they do, according to NIST scientists.
True quantum computers may be powerful enough to steamroll today’s cybersecurity protections, government researchers warn.
Quantum computing, which relies on “qubits” that occupy more simultaneous states than the "bits" used in classical computing, could break through algorithms designed to protect sensitive data online, according to the National Institutes of Standards and Technology.
Large-scale quantum computers will easily knock down the "public-key" cyptographic systems that allow Internet users to visit new websites, linking their computer with the site's servers without letting third parties intercept the interaction, NIST mathematician Dustin Moody told Nextgov.
So, any organizations with an online presence, including retailers, need to be "quantum resistant," Moody said. That transition will be "somewhat painful," because current Internet protocols will need to accept new security algorithms.
To prepare for the new era of “post-quantum cryptography,” Moody's team wants to ask the public to propose quantum-resistant security algorithms that could become the industry standard. NIST plans to issue evaluation criteria by the end of 2016, and to gather proposals in 2017. NIST also plans to subject those proposals to several years of "public scrutiny" before they're standardized.
The goal is for organizations to improve "crypto-agility," easily and rapidly switching out their security algorithms for newer ones as threats evolve.
But it’ll be several years -- maybe decades -- before scientists build a fully functioning quantum computer, Moody predicts.
Even the groups investing in quantum research are still experimenting with the building blocks, including the Los Alamos National Laboratory, the first federal group to buy a quantum system from manufacturer D-Wave last year. The Intelligence Advanced Research Projects Activity has only recently in creating the foundation for a quantum computer -- a qubit that can withstand environmental factors.
"If everything goes well, and that's what we're planning for by doing this so far in the future ... the average person won't even notice that anything has happened when they go online," Moody said.