Remember Y2K? Now, get ready for Y2Q.
It’s shorthand for “years to quantum” – the advent of superfast quantum computers that will break encryption faster than a U.S. Marine can disassemble an M-16 weapon.
Quantum computers are still largely theoretical. But the U.S. government, China, Russia and big companies such as Google, IBM and Microsoft are working feverishly, and some estimates are that quantum computers will become a reality perhaps within eight years.
“It’s not science fiction,” said Scott Totzke, chief executive of ISARA, a Waterloo, Canada, company that applies unique mathematical codes to construct quantum-safe solutions. “We now know that a quantum computer will break public key cryptography, and that if we do nothing that we will no longer be able to protect the integrity of all the digital transactions that we participate in on a daily basis.”
The implications for consumers, businesses and national security are vast; essentially, nothing would be safe. Your Netflix account? Toast. Self-driving cars? Think demolition derby. Office swipe cards? Useless.
“Behind the scenes, there’s all this complex infrastructure which has to be updated. … Everybody who’s providing something over the internet to your house relies on strong encryption to make sure it is really you,” Totzke said. “Changing all that is a very complex thing.”
So now the race is on to build new quantum-safe software and install it on tens of millions of classic computers. Experts say it’s not too early to prepare. Otherwise, digital bank transactions, health records, email and even encrypted U.S. military secrets that enemies have hacked and stored, waiting for a quantum computer strong enough to decrypt them, will be vulnerable.
It’s not science fiction.
Scott Totzke, chief executive of ISARA
Quantum computers don’t use binary code — ones and zeros — to hold and process information. They’ll actually use atoms, photons and other quantum matter. Only prototypes exist, but experts already know how fast they will be. Really, really fast.
“If it takes a classical computer one day to crack a particular 56-bit encryption, it would take the quantum computer just 0.322 milliseconds — or one-thousandth the blink of an eye,” Linus Chang, the founder of a Melbourne, Australia, software company, Scram Software, wrote in a recent blog post.
In short, Y2Q will require a massive software update and alterations to the nuts and bolts of the internet to allow for more complex mathematical formulas that can stump even a quantum computer, experts said.
The search for those formulas is on. A U.S. government agency, the National Institute of Standards and Technology, has launched a global competition for algorithms that can provide security in a pending world of hyper computers. Submissions are due by the end of November. Money isn’t the motive for researchers.
“They get a lot of fame and acclaim. The people who end up designing the winning crypto systems are kind of renowned in the crypto community,” said Dr. Dustin Moody, a mathematician working on post-quantum cryptography.
Once standards for quantum-safe software are established, maybe in five years, it will take additional years to customize and roll out the updates across the billions of devices and computers in the U.S. alone. Even parts of the internet backbone will need to be overhauled to handle the tougher, more lengthy formulas.
That’s why maybe it’s a good thing that quantum computers are years off.
If a quantum computer were built one year from now, all of a sudden, yes, we’d have some problems.
Dr. Dustin Moody, mathematician and cryptographer
“If a quantum computer were built one year from now, all of a sudden, yes, we’d have some problems,” Moody said.
Luckily, quantum computers have an Achilles heel. They are extraordinary at many types of hard math. But not all. Totzke said five areas hold potential for creating problems that will confound even a quantum computer. They involve things like multivariate polynomials and lattice-based crypto.
“There are things that we wouldn’t expect that it could do any better than a conventional computer,” Totzke said.
It will take years to sort out which complex algorithms can provide adequate safety. And further years designing updates for software.
You can’t do that in two, three, four years. It’s a massive project.
Scott Totzke, chief executive of ISARA
“You can’t do that in two, three, four years. It’s a massive project,” Totzke said, adding that companies and governments need to make preparations sooner rather than later.
“The risk is going to go up dramatically because you’ll have to do this in a much less controlled manner with less testing. You’re going to be in panic mode,” he said.
Moody said his agency believes it is acting in a timely manner.
“We hope to solve all the problems before we get there (to Y2Q),” Moody said. “But it’s not just a simple, easy fix.”
For some in the private sector, he added, “It is going to be a very important transition and a very painful one, we believe, too.”