China now joins Google in claiming ‘quantum supremacy’ with new technology, creating RSA decryption concerns.
China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. Although an exciting development, the inevitable rise of quantum computing means security teams are nearer to facing a threat more challenging than anything previous.
Jiuzhang
Researchers from the University of Science & Technology of China explained in the journal Science they were able to get a system they named ‘Jiuzhang’ to perform a calculation in minutes, that would have taken a traditional supercomputer an estimated 10,000 years to solve.
Their team joins Google, which claimed it achieved quantum supremacy in Oct. 2019 using a “super cold, superconducting metal,” according to WIRED. IBM has also entered the quantum computing debate, while aiming criticism at Google’s claims of supremacy.
Gaussian Boson Sampling (GBS)
The Chinese researchers have now claimed quantum supremacy using a quantum computation called Gaussian Boson Sampling (GBS), their paper explained, which uses particles of light sent through an optical circuit, measuring the output. This means there are now multiple proven quantum-computing technologies, with surely more to come.
A major security concern is that quantum computers will be able to crack RSA public key cryptography, used to protect data in transit. That means security teams will have to design new post-quantum cryptography solutions. One 2019 estimate from a DigiCert report suggested teams will need to have protections from quantum computing breaches in place by 2022.
Decrypt
Quantum computing is not there quite yet. The Chinese are no closer to being able to decrypt RSA than Google or IBM, but it is only a ‘matter of time’, predicted experts.
“China’s new quantum-computing breakthrough is important for a number of reasons,” Tim Hollebeek, Industry & Standards Technical Strategist with DigiCert commented. “1st, China has invested heavily in funding quantum-computing research, & this new result shows that that investment is paying off.
2nd, it means 2 different approaches to building a quantum computer have now successfully achieved quantum supremacy. This could potentially speed up the arrival of commercially useful quantum computers, as 1 approach may succeed if & when the other runs into some technical roadblock.”
Quantum Computing & RSA
John Prisco, from Safe Quantum Inc., said the ability for quantum computing to beat RSA is the goal, not the claims of quantum supremacy.
“China’s GSB approach is interesting but cumbersome to implement,” Prisco stated. “Quantum supremacy is not the prize at the finish line. If it were, Google & IBM finished ‘light years ahead’ of China’s claim. The finish line is a quantum prime computer capable of breaking encryption as we know it.”
Chinese Approach
He added when it comes to widespread implementation, the Chinese approach has challenges.
“Scaling the GSB approach to quantum prime levels is not likely, due to the enormity of the integration of classical mirrors & beam splitters,” he explained. “Ion trap or super-conducting quantum computers championed by IonQ & IBM respectively are likely to finish the race to a quantum prime computer well ahead of the China approach in this announcement.”
Time Running Short
Nonetheless, Hollebeek warned that time is running short for security teams to prepare to combat malicious actors superpowered by quantum computing.
“While such quantum computers are not a threat to encryption today, they do remind us that the day is coming when that will no longer be true,” he commented.
Post-Quantum Cryptography
“It is important that security professionals start planning for the transition to post-quantum cryptography, as such transitions take many years to plan & implement.
The Chinese result probably does not materially change predictions of how soon that will be, but leading organisations still expect it to come within the next 10 years or so. So, it is important to start preparing now.”
The starting place would be a set of standards. That is been slow in coming.
Quantum-Computing Standards
The US National Institute for Standards & Technology (NIST) has not determined its guidance yet & is currently in a 3rd round of a competition to decide the final Post-Quantum Cryptology standard going forward. The final draft standards are not expected to be available until 2022 at the earliest, according to NIST’s tentative timeline.
While standards are still being worked out, there are things business & IT teams can do to get prepared, including gaining an understanding of the looming landscape.
“Factorisation of large prime numbers (RSA key cracking) by quantum computers is a real & huge problem,” Prisco warned. “Quantum literacy must improve in government agencies & corporations before a quantum prime computer exists. Creating a quantum-safe environment for data security will not occur overnight. ”
Today’s Threat from Quantum Computing
A harvesting attack right now could grab an RSA encryption key to be filed away until quantum computing catches up, he added.
“There is no time to waste, because of other classical security problems like harvesting attacks which occur today,” Prisco explained.
“A harvesting attack is the theft of encrypted data & the RSA encryption key used to encrypt that data. While the key cannot be hacked today with the currently available quantum computer, an adversary can steal the data & the key, store it inexpensively in memory, & decrypt the info when they have access to a more powerful quantum computer that can break the key.”
Agile Solutions
April Burdhardt from Quantum Xchage advised that security teams should deploy solutions agile enough to evolve along with both threats & still to-be-determined NIST standards — & they should do it now.
“Companies must start to prepare for the quantum threat now by deploying quantum-safe, crypto-agile solutions that can keep pace with the evolving threat landscape — not to mention guard against harvesting attacks,” Burdhardt outlined.
“We encourage companies & government agencies to adopt a multi-layered or defence-in-depth approach to secure-key transfer, protected by NIST post-quantum cryptography-candidate algorithms and/or quantum key distribution in a FIPS 140-2 validated implementation.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/