Quantum Computing will not be able to crack Encryption Keys until the 2030s

In September, Satya Nadella announced that Microsoft is working on a quantum computer (QC) architecture. Since then, Intel also has announced it is working on a QC architecture. Microsoft and Intel join Alibaba, Google, IBM, Tencent and a host of academic and national research labs (including China, the European Commission, Russia and the US) in a quest to build working QC hardware and software that can solve real-world problems.

What is quantum computing and why will it make a difference?

Quantum Computing is a practical application of quantum physics using individual subatomic particles at sub-Kelvin temperatures as compute elements. It presents many research and development challenges, but the potential payoff is orders-of-magnitude faster compute acceleration for specific types of problems.

QC is like computing with a graphics processing unit (GPU) accelerator, in that GPUs and QC systems must be connected to a traditional processor that can run an operating system and schedule programs to run on the accelerator.

QC has the potential to quickly solve problems that are impossible to calculate in useful timeframes (or even human lifetimes) today.

One of the marquee potential applications for QC is breaking cryptographic keys—in other words, compromising security encryption that protects sensitive data. While a lot has been written about that, it is unlikely QC will be capable of cracking encryption keys until the 2030s. Here’s why it will take so long.

Challenge 1: Programming QC

QC architecture is based on “qubits” instead of binary computer bits. I am not a quantum physicist, so I’m not going to tell you how or why a qubit works. The analogy I use to describe how a QC program works is that multiple qubits interact like the waves generated by throwing a handful of small floating balls into a pool of water.

Assume that the distances between balls and the timing of when each ball hits the water are purposeful: the relative position of each ball and the order in which they hit the water is the program. The intersecting wave fronts between the balls then changes the up/down position of each of the balls in interesting patterns. At some point the position of each ball is measured, and that collection of measurements is the result of a QC program.

My analogy is easy to visualize but far too simple. It doesn’t explain how to write a QC program, nor does it tell you how to interpret the results.

However, that lack of connection to real-world programming talent and domain experience is actually just like real QC architectures! I’m not joking. Look at IBM’s Quantum Experience Composer, as an example. It looks like a music staff. But I’m not a musician, or in this case I’m not a quantum physicist who understands IBM’s QC system. For a mainstream software professional, it’s difficult to understand how to use IBM’s composer and how it is useful in solving a real-world problem. Programmers can place notes on the staff, but those notes won’t make any sense. Even after reading the detailed instructions, programmers will not be able to translate a problem in their real-world domain into a program in the QC domain.

The challenge in finding a quantum physicist who understands how to program a specific QC architecture and who understands the problem you want to solve is much worse than finding a Masters- or PhD-level data scientist to analyze all that big data you’ve been hoarding. It would be like trying to find a needle in a thousand haystacks.

Because of this challenge, QC ecosystems will have to create application programming interfaces (APIs) and then create libraries of useful functions with those APIs to hide QC complexity and enable programmers to use QC systems without knowing how QC systems work or how to compose programs for QC. For example, IBM’s QISKit enables QC acceleration through Python language APIs. However, those APIs still depend on programmers understanding quantum physics. The next step is to create libraries of useful QC acceleration functions.

Challenge 2: Getting a stable result from a QC program

One of the key challenges for QC is to make sure that the qubits are all working properly when a program starts and that they continue to work correctly until each qubit’s end-of-program state has been observed.

This is a lot harder than it sounds.

First, it requires freezing the qubits to nearly “absolute zero” just to have a fighting chance of keeping them in proper working order until a calculation is finished. Absolute zero (0°Kelvin / -459.67°Fahrenheit / -273.15°Celsius) is an ideal absence of any heat or movement at all; it is impossible to achieve in our universe, due to fundamental laws of thermodynamics. Qubits require 0.01°K / -459.65°F / -273.14°C, vanishingly close to absolute zero. That is a lot colder than deep space and expensive to achieve.

Because it is so difficult to get qubits to behave properly for long enough to finish a program, even at these low temperatures, QC architectures need to design error detection and correction into each qubit. Qubits with error detection and correction are interchangeably called a “fault-tolerant” qubits or “logical” qubits.

Directly observing a qubit ends a program. QC architectures must entangle extra qubits with a computing qubit, so a QC program can infer the state of a computing qubit without directly observing it (and thereby stopping a calculation). If an error is observed, then the erroneous qubit state can be corrected and the QC calculation completed.

Today, a lot of extra physical qubits are needed to create a logical qubit, on the order of 10s to thousands of extra physical qubits depending on the architecture. A single physical qubit is possible, if the structure of the qubit itself is fault-tolerant. Microsoft is claiming a breakthrough in materials-based fault-tolerant qubit design called “topological” qubits. Microsoft’s topological qubit contains only one physical qubit, based on a pair of Majorana fermion particles, but that breakthrough has not yet been confirmed by outside labs.

Challenge 3: Assembling and programing qubits as a QC accelerator

Today’s state-of-the-art is that no one has publicly shown even a single functional logical qubit. All demonstrations to-date have only used physical qubits. Public demonstrations are getting more complex as labs learn to orchestrate the manipulation and measurement of tens of physical qubits. For example, a Russian team implementing 51 physical qubits now leads the field.

Solving useful real-world problems, such as breaking 128-bit encryption keys, will require assembling and orchestrating thousands of logical qubits at near absolute zero temperatures. It will also require learning how to write complex programs for QC architectures. There are QC algorithmic frameworks for writing programs that can help speed up cracking encryption keys, such as Shor’s and Grover’s algorithms, but QC researchers still don’t understand how to frame those algorithms as an expression of qubit interactions (intersecting wave fronts in my example above).

Researchers are learning to build QC systems that can reliably orchestrate thousands of logical qubits. And they are learning how to usefully program those qubits. Then they must build a software ecosystem to commercialize their QC systems. Of course, it also requires building thousands of qubits.

Using graphics processing units (GPUs) compute as a model, QC must implement layers of software abstraction and easy to use development environments, so average programmers can use QC systems as compute accelerators without having to understand how to program any specific QC system.

Caution: QC objects through the looking glass are farther than they appear

There are some near-term applications for physical qubits: mostly solving optimization and quantum chemistry problems. Many of these problems can be solved using hundreds to thousands of physical qubits.

A raft of companies that are heavily invested in deep learning are also counting on physical qubits to accelerate deep learning training. Alibaba, Google, IBM, Microsoft and Tencent are all focused here. Integrating QC into the deep learning model creation process would be a neat way of side-stepping challenge #1 (programming), because QC programming would be hidden from human programmers by deep learning abstraction layers.

Many of the companies investing in physical qubits are striving to commercialize their QC architectures within the next five to ten years. This seems doable, given the level of investment by some of the larger competitors but still relies on several research breakthroughs, and breakthroughs cannot be scheduled.

All the QC researchers I have talked with say that shipping a commercial QC accelerator based on logical qubits is still at least 15 years away, pointing to commercialization in the early 2030s at the soonest. There is still a lot of fundamental science left to be done. Commercializing that science will take time. So too will building a programming ecosystem to make QC accelerators accessible to a wide range of programmers.

Breaking the code on quantum cryptography futures

The US National Institute of Standards and Technology (NIST) is working on detailed recommendations for a post-QC cryptography world. NIST issued a formal call for proposals last December; November 30, 2017 is the deadline for submissions. NIST’s intent is to issue draft standards on post-quantum cryptography in the 2023-2025 timeframe, about halfway through an industry consensus minimum 15-year QC development and commercialization period.

NIST has quantum physicists on staff. Many of its customers build and deploy systems that will spend decades in the field. Between now and NIST’s draft post-quantum cryptography standards, NIST published a concise summary of interim cryptographic safety measures.

QC will not break encryption keys this decade. Without massive research and development breakthroughs, the QC researchers I have talked with do not believe that QC will break encryption keys during the next decade, either.

It will happen at some point, but there are reasonable steps that can be taken now to keep data safe for at least a couple of decades. In a few years NIST, and presumably sibling governmental organizations across the globe, will publish stronger recommendations that will directly address post-quantum computing cryptographic safety.

Still confused? You are in good company. A key fact to remember is that QC is still at the beginning of a very long road to commercialization.

Researchers develop quantum-computing safe crypto

Practical implementation of secure key exchange for TLS.

A team of researchers claim to have developed secure, quantum computing-proof encryption that can be practically implemented today.

The paper, Post-quantum key exchange for the TLS protocol from the ring learning with errors problem [pdf] is written by Joppe Bos from NXP Semiconductors in Belgium, Craig Costello and Michael Naehrig at Microsoft Research, and mathematician Douglas Stebila from Queensland University of Technology.

Quantum computers have long been thought to be able to guess encryption keys much faster than traditional computers, which in turn would make it possible to unscramble the vast majority of internet-borne communications.

The researchers constructed ciphersuites for the Transport Layer Security protocol commonly used on the internet, providing digital key exchanges based on the ring learning with errors problem accompanied with traditional RSA and ellliptic curve cryptography signatures for authentication.

Using traditional RSA and EC signatures would speed the implementation of quantum-safe key exchanges among digital certificate authorities, the researchers believe.

There is a performance penalty of 21 percent compared to the non-quantum-safe key exchange, the researchers noted. However, that is is considered minimal, and demonstrates that provably secure post-quantum key exchanges are practical.

A theorem published by mathematician Peter Shor in 1994 and further work by other researchers has shown that quantum computers could break public-key cryptography, something which is not feasible with today’s binary devices.

As quantum computers are under development currently, the researchers believe it is important to strengthen today’s encryption protocols against future attacks using these far more powerful devices.