Cracking the Code: How Next-Generation Computing Could Upend Digital Security

Due to the unprecedented amounts of information being exchanged via new technologies, governments, and corporations pushed for the development of new methods to secure these communications, particularly in the latter half of the 20th century.  During this period, cryptographers established various algorithms to protect sensitive information, such as hash, Symmetric, and Asymmetric Key algorithms. Whilst Symmetric encryption is simple and fast, the approach’s traditional reliance on the transfer of keys causes scalability issues for these algorithms. Resulting from these drawbacks with symmetric cryptography, digital communications mostly rely on public-key cryptography (PKC). Also known as asymmetric cryptosystems, PCK algorithms include the RSA (Rivest-Shamir-Aldeman), ECC (Elliptic Curve Cryptography), and Diffie-Hellman approaches. Based on complex prime factorization problems, these PKC algorithms have historically been the gold standard of scalable internet security. 

In the Information Age, PKC is at the bedrock of digital communications. From validating digital identities to protecting the exchange of sensitive information, asymmetric cryptosystems provide a variety of highly scalable and secure cryptographic solutions. Of these widely implemented PKC systems, RSA is a digital security standard. Whilst lower-bit RSA keys can be cracked using brute force attacks, the National Institute of Standards and Technology (NIST) recommends that RSA keys should be 2048 bits long. The length of the 2048-character-long RSA key causes the algorithm to be protected from brute-force attacks from classical computers. For these digital devices, solving a 2048-bit prime factorization problem is an incredibly onerous process forecasted to take 300 trillion years. 

Quantum Computing and Classical Cryptography

As early as 1994, Peter Shor proved that quantum computers could decrypt RSA cryptosystems with a large N of bits in a key “with much less computational power” than classical computers. If powerful enough quantum computers were developed, Shor’s algorithm could dramatically reduce the time of factor decomposition. 

Whilst Shor’s algorithm only theoretically established that large-bit RSA keys could be decrypted using a quantum computer, his algorithm's validity has been corroborated by further study. Over the last decade, the number of qubits in new quantum computing systems has been scaling exponentially. When released in 2023, IBM’s Osprey (433 qubits) will be the most powerful quantum processor in the world. Previously, IBM’s most powerful quantum processor, Eagle, boasted 127 qubits. With the ever-increasing power of quantum computers, these systems could begin to practically threaten secure systems soon. 

During the waning days of 2022, a group of Chinese cryptography researchers published a paper where they alleged that a 2048-bit RSA algorithm could theoretically be broken with a 377-qubit device. Relying on an ensemble of prime factorization algorithms (e.g., Schnorr and QAOA), the authors rocked the cybersecurity world with their alleged results. Whilst the group was only able to decrypt a 48-bit RSA key with its quantum computer and methods, its projections claim that a quantum system slightly less powerful than IBM’s upcoming Osprey machine could crack RSA-2048. Even though this paper suggests that classical PKC methods could be rendered useless in the next year, the mixture of the leveraged mathematical methods causes their algorithm's quantum speedup to be unclear. Currently, further study on the scalability of these approaches suggests that the algorithm would not be able to crack RSA-2048 because of the exponential quantum speed for factoring integers. Even though the paper claims that decrypting a 2048-bit RSA key could be possible extremely quickly, critical engagement with the research reveals that it is implausible that their algorithm’s speedup speed is linear. 

Q-Day and the Race for Quantum Supremacy

Whilst the media coverage of this research project was overblown, the threat of quantum cryptography to classical digital security methods continues to become an increasingly pressing concern for cybersecurity experts and policymakers. In a report, NIST researchers claimed that the proliferation of large-scale quantum computers “would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere”. As advances in next-generation computing accelerate, the handling of the fallout from Q-Day becomes an increasingly important consideration. Since Shor’s cryptographic approach has already been established theoretically, once powerful enough quantum computing devices are developed, classical PKC systems will become scalably solvable. For this reason, there has been a drive to create post-quantum cryptographic systems. 

In late 2019, the U.S. government passed the National Quantum Initiative Act to supercharge domestic quantum computing investment and policy advisory. Additionally, a bipartisan consortium of U.S. Senators and House Members introduced a bill to audit and prepare government information systems for quantum cybersecurity risks in late 2022. Concerned about how competing powers could leverage quantum breakthroughs to comprise America’s national security, policymakers in D.C. are boosting the government’s cyber posture and public investment in quantum research. On top of government funding for quantum research, the U.S.’s strong private quantum research sector places the country at the forefront of the next-generation computing space. Against the backdrop of wider geopolitical strife, the U.S. has found itself on the end of an ever-intensifying race for emerging technologies. Primarily, quantum competition has accelerated as the result of tense Sino-American relations. After centralizing quantum research at the National Laboratory of Quantum Information Science in 2017, Chinese policymakers pledged to invest $14.76 billion from 2017 to 2022 in quantum R&D. 

On top of the threats that powerful quantum devices pose to classical cryptography, American and Chinese policymakers acknowledge that these systems could be leveraged to improve warfighting capabilities. Whilst this next-generation computing still has a ways to go before upending classical digital security, global powers are increasingly aware of the benefits and risks of these innovative systems. Even if scalable quantum-resistant cryptographic approaches are not discovered soon, a painstaking process of retrofitting legacy communication systems will have to occur to develop resilient digital security measures in the long term.