Sign In

Communications of the ACM

ACM News

Hackers' Delight: Does Quantum Computing Spell the End for Encryption?

Will quantum computers mean the end of unbreakable encryption?

Many of us are likely to become victims of technology's ongoing evolution if a solution to security in the age of quantum computers is not found.


Security researchers warn that hackers are currently gobbling up encrypted data, and patiently waiting for the day when quantum computers will easily break their encryptions.

"Intelligence agencies are already recording massive amounts of encrypted data sent over the networks in the hope to successfully decrypt them with powerful quantum computers in a few years," says Tim Guneysu, chair for security engineering at Germany's Ruhr University Bochum.

Today's encryption methods used to send data securely over the Internet are expected to be no match for the power of tomorrow's quantum computers.

High on the radar of the data thieves: corporate trade secrets, health records, criminal records, and any other sensitive data that hackers believe they will be able to sell, trade, or leverage in the quantum era.

"Think of the secret recipe for Coca-Cola, or blueprints for a supersonic plane," says Tanja Lange, chair for Cryptology at Eindhoven University of Technology in the Netherlands. "Such trade secrets are often held close by companies and never published or patented," she said, to prevent replication by competitors.

Also at great risk are the encrypted communications of dissidents the world over. "Identifying dissidents and decrypting their communication will be worthwhile to some regimes, even years later," Lange says.

Such nightmare scenarios—and many more—are Lange's stock-in-trade.  She currently leads PQCRYPTO, a European research consortium of 11 universities and companies put together by the European Commission, which has been charged with the development of a preventative solution to the looming threat of widespread data theft.

Essentially, PQCRYPTO operates under the assumption that many of us are likely to become victims of technology's ongoing success if a solution to security in the age of quantum computers is not found. The group anticipates encryption methods currently considered impenetrable by individuals, companies, and many governments—including the RSA public key cryptosystem, and elliptic-curve cryptography (ECC)—could become child's play to decrypt as soon as quantum computers become hacker tools.

"RSA and ECC belong to the class of asymmetric cryptography that is known to be broken by tomorrow's quantum computers," Guneysu says. "Hence, for both schemes, we need replacements as soon as possible."

Lange agrees. "Sadly, none of the currently used public-key crypto—e.g., in https—is safe."

Researchers like Lange and Guneysu have made some progress coming up with alternative encryption technologies they believe could defeat tomorrow's quantum wonders. Granted, they may not have quantum computers to work with right now, but they are able to extrapolate how quantum computers will be able to neutralize today's encryption, and they have come up with alternative encryption methods they believe will quash the most formidable of quantum technologies.—

"While we do not have big, scalable quantum computers yet, it is clear what operations they can execute," Lange says.  "When analyzing the security of proposed cryptosystems, we take these extra operations into account."

In fact, IT security researchers the world over began engaging in a friendly competition sponsored by the U.S. National Institute for Standards and Technology (NIST) late last year to come up with encryption alternatives designed to fend off quantum computers. Lange says 69 new encryption methods have been submitted so far.

All of the new encryption methods submitted have withstood the scrutiny of other researchers, while another seven submitted by other researchers have been shown to have flaws, and still other methods are considered questionable, according to Lange.

Yet even the methods that have withstood extreme vetting come with a problem: preliminary tests indicate it takes longer to transmit data over the Internet using the newer encryption methods, which makes the solutions unattractive to some users.

The remaining challenge, Lange says, is for researchers to come up with a new encryption method that is both bulletproof and practical enough to be used by individuals and organizations that are currently in the crosshairs of opportunistic hackers.

"The NIST competition is something that keeps the community busy right now, and on the attack and implementation side this is very much an ongoing project," Lange says.

Adds Daniel Gauthier, a professor of physics at The Ohio State University exploring a different method for securing Internet communications (using quantum key distribution), "We really need to be thinking hard now of different techniques that we could use for trying to secure the Internet."

Joe Dysart is an Internet speaker and business consultant based in Manhattan, NY, USA.


No entries found