720-891-1663

The End of Encryption as we Know It

Well sort of.

China has joined the club of quantum computing capable countries and companies.

Google and IBM were among the first members of that club and while we know that those two companies are evil (just kidding), we can assume that China has far more evil intentions in mind.

Researchers from the University of Science and Technology of China explained in the journal Science they were able to get a system they named Jiuzhang to perform a calculation in minutes that would have taken a traditional supercomputer an estimated 10,000 years to solve.

The Chinese researchers have claimed quantum supremacy using a quantum computation called Gaussian boson sampling (GBS), their paper explained, which uses particles of light sent through an optical circuit, measuring the output. This means there are now multiple proven quantum-computing technologies, with surely more to come.

This, assuming that they are not just lying, is merely a proof of concept and has lots of problems in order to scale up to what is required. However, the Chinese are willing to both spend a lot of money figuring it out and also spend more bags of cash to steal the answer.

While the end (of pre-quantum encryption) is near, it isn’t here yet, but give the Chinese (and others) a few years and they likely will be. Whether a few is 3 or 5 or 10 years, it is unlikely that it is any longer than that.

Some of you are probably saying well, I will worry about that in 3 or 5 or whatever years and you can certainly do that, but there is a REALLY BIG gotcha there.

Ready?

Any data that was encrypted with pre-quantum encryption techniques (which is ALL current encryption) will be decryptable virtually instantly once this capability has been perfected.

So all of those petabytes of data the the NSA has been collecting and not been able to read. They will be able to read it.

But I am less worried about what the NSA is going to do. That same amount of data (possibly more) is also being collected by the Chinese. What do you think they might do if they can decrypt personal information, health information, financial information, trade secrets and national security secrets?

This so-called protected information runs on non-secure links (also known as the Internet) by definition, so vacuuming this data up is very easy.

I will leave you to ponder the impact.

While we do not have a solution to this problem yet, we will soon, probably in the next couple of years and businesses will need to migrate relatively quickly in order to minimize business risk.

NIST is working on new encryption algorithms but do not expect those standards to be approved for another year or so.

Kind of scary.

Credit: Threatpost

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *