Quantum computers keep hitting the headlines with actual or alleged breakthroughs. This summer, a research team from IBM published a paper postulating the practical usefulness of existing quantum computers. The researchers claim to have found a way to recognize the high susceptibility to errors of existing devices precisely and to take them into account consciously. This means that quantum computers could be used even before the problem of their increased susceptibility to errors can be technically overcome. At some point, this will happen, and the new computer concept will realize its full potential. To understand why this scenario can be dangerous, we first dive into the principle of quantum computing and how current encryption works.
One bit assumes either the value one or the value 0. Our entire digital technology is based on binary code. In the mysterious, tiny quantum world, binary code no longer applies. Quantum objects can assume two states simultaneously or an undefined intermediate state. A well-known example of the quantum world is probably Schrödinger's cat. The thought experiment describes that a hypothetical cat in a box has the status of being both dead and alive at the same time - until someone opens this box and takes a look. The situation is similar with quantum bits. Their state can only be determined by a measurement. Until this takes place, they are in an undefined state or assume the values 1 and 0 at the same time.
This property of quantum objects, superposition, which is inconceivable in our macroscopic world, ensures that very complex mathematical problems can be solved much faster. Or even make it possible to solve problems that cannot be solved in real-time today. That is precisely what the current state of research suggests. The developers of the Canadian "Borealis" computer claim to have solved a problem in 36 microseconds that would have taken a conventional supercomputer thousands of years. Solving problems faster - it sounds convincing but can be dangerous.
On the Internet and today's digital world, superior quantum computers could attack asymmetric cryptography. The system uses an algorithm to generate a public key from a private key, and only the public key is transmitted over the Internet. The connection between the private and public keys is established using complex mathematical operations that are difficult to reverse. This can be, e.g., the multiplication of huge prime numbers. This calculation is simple. However, the reverse prime factorization of the result is very complex. Today's encryptions are based on the fact that the most powerful conventional computers cannot perform such calculations in a reasonable amount of time. Quantum computers could change that. They would suddenly make it possible to calculate private keys from public keys.
In theory, special algorithms developed for quantum computers already exist. As soon as the appropriate hardware is available, you can perform search processes much faster. The Grover algorithm speeds these up by a factor of two. With a linear search, it would take 2128 calculation steps to crack an AES-128 encryption - with the Grover algorithm, on the other hand, 'only' 264 steps. In this case, the key length could be doubled, and the encryption would be secure again. But it only applies to the Grover algorithm. Suppose even more powerful methods for quantum computers are found in the future. In that case, longer and longer keys will no longer be sufficient, and completely new concepts will be needed - problems whose reversal is too complex even for quantum computers. Work is already underway on the corresponding post-quantum algorithms. These will deal with problems within algebraic geometry or high-dimensional lattices, for example.
When mathematicians and computer scientists rack their brains over the most complicated problems and new algorithms, it initially seems anything but relevant to everyday life. However, asymmetric cryptography is now part of everyday life for almost everyone - albeit mostly unconsciously. Secure connections between websites and users (HTTPS) are based on this technology, as is end-to-end encryption in messengers such as WhatsApp. Digital documents, such as those to be stored in an ID wallet that the EU is currently developing, would also function according to the pattern of asymmetric cryptography. The idea is that anyone can check them with a public key, but only authorized persons with private keys can issue them. Qualified electronic signatures also use asymmetric cryptography.
This could pose a potential threat in the future: Criminals with access to a quantum computer with superior computing power could crack the conventional algorithms that form the basis of all these encryptions in a short time. It allows them to read encrypted data traffic and messages and forge digital documents and signatures. This would also render existing digitally signed contracts worthless in one fell swoop.
Although this danger is still hypothetical and not acute, we should not ignore it. The development of quantum computers continues unabated, and at some point, they will come into practical use - be it in 10, 20, or 30 years. Then, Murphy's Law will strike at some point, and the devices will fall into the wrong hands, for better or worse. In other words, we must be prepared. Therefore, IT security and trust service providers must design their hardware and software so that they can integrate new, quantum-safe algorithms in the future. The US standardization authority NIST has already published the first algorithm candidates for such a post-quantum cryptography world, but they still have to prove their strength. In any case, the race has already begun.