Aqu\u00ed, en apenas el segundo Congreso Mundial Cu\u00e1ntico , hay entusiasmo en el aire sobre las perspectivas de todo, desde tiempos precisos de picosegundos hasta comunicaciones imposibles de piratear utilizando part\u00edculas entrelazadas. Pero una sombra acecha en el horizonte: la posibilidad de que las computadoras cu\u00e1nticas descifren los algoritmos de cifrado actuales que salvaguardan todo, desde las transacciones bancarias hasta los sistemas de armas.<\/p>\n
WASHINGTON \u2014 Here at only the second-ever\u00a0Quantum World Congress<\/a>, there\u2019s excitement in the air about the prospects for everything from\u00a0picosecond-precise timing<\/a>\u00a0to\u00a0unhackable communications<\/a>\u00a0using entangled particles. But a shadow looms on the horizon: the potential for quantum computers to crack the current encryption algorithms that safeguard everything from bank transactions to weapons systems.<\/p>\n \u201cIt is important to us to make sure we are investing in both sides \u2014 to make sure that we are protecting ourselves [from quantum attacks] while we are also seeking to figure out \u2026 how to leverage quantum technology\u201d for America\u2019s own use, said\u00a0Stacey Dixon<\/a>, Principal Deputy Director of National Intelligence, in a Q&A with conference attendees. \u201cAll systems need to be hardened.\u201d<\/p>\n This is not a problem for the distant future but today, said\u00a0James Kushmerick<\/a>, director of the Physical Measurement Laboratory at the\u00a0National Institute of Standards and Technology<\/a>, which is finalizing new \u201cquantum-resistant\u201d<\/a>\u00a0encryption standards. \u201cThe sooner we get this out,\u201d he told the conference, \u201cthe better off we\u2019ll be whenever a cryptographically relevant quantum computer is developed.\u201d<\/p>\n Such an all-conquering computer doesn\u2019t actually exist yet. But there lies the paradox of what\u2019s called quantum-resistant or \u201cpost-quantum\u201d encryption: You don\u2019t need a quantum computer to start laying the foundations for a quantum-powered hack \u2014 or, fortunately, to start building a defense.<\/p>\n The threat is a tactic called \u201ccollect now, decrypt later.\u201d Well-heeled foreign intelligence agencies (and the American NSA) already scoop up terabytes of encrypted communication. Whatever they can\u2019t crack today can just go into long-term storage, waiting for quantum computers to get powerful enough to break them.<\/p>\n Of course, some secrets will be irrelevant by then, such as the positions and immediate orders of military units: It doesn\u2019t help much to decode \u201cAttack Pearl Harbor Dec. 7\u2033 on Dec. 8. But other data remains relevant for decades, because that\u2019s how long the US military keeps many systems in service. Data like design details and test data from X-35 development in the late 1990s, for instance, will be of interest to adversaries until the\u00a0F-35<\/a>\u00a0retires circa\u00a02070<\/a>. And even out-of-date information on past operations could be fed into an artificial intelligence that looks for repeated patterns that might predict a future move.<\/p>\n \u201cThere\u2019s a long tail of how valuable information may be if it\u2019s collected now and decrypted later,\u201d Kushmerick told the conference, what the government has described as data with a \u201clong secrecy lifetime<\/a>.\u201d<\/p>\n How much \u201clater\u201d will someone get a quantum computer able to break existing codes? While\u00a0the public can\u2019t\u00a0know what\u2019s happening in secret government labs, IBM unveiled a\u00a0127-qubit<\/a>\u00a0(quantum bit) computer in 2021, hit\u00a0433 qubits<\/a>\u00a0in 2022, aims to reach\u00a01,121 qubits<\/a>\u00a0this year, and has talked of breaking\u00a04,000 qubits<\/a>\u00a0by 2025 \u2014 what\u00a0some<\/a>\u00a0experts<\/a>\u00a0(but\u00a0hardly all<\/a>) say is a critical threshold for codebreaking. By\u00a0one company\u2019s estimate<\/a>, a 4,000-qubit computer could to decrypt the widely used RSA encryption \u2014 which would take today\u2019s supercomputers \u201cmillions of years\u201d to crack \u2014 \u201cin a matter of hours\u201d;\u00a0another company<\/a>\u00a0says 10\u00a0seconds<\/em>.<\/p>\n So while widespread quantum computing remains many years away, cutting-edge intelligence agencies could apply it to high-priority targets much sooner.<\/p>\n \u201cYou want to do ChatGPT on quantum computers, that will require it to become commonplace\u2026 That\u2019s 10 years away, no doubt about it,\u201d said\u00a0Neeraj Paliwal,<\/a>\u00a0general manager at Rambus, a company developing quantum-resistant chips. \u201c[But] all they need, at the state level, is four or five functioning quantum computers, even if it is at the cost of $200 million.\u201d<\/p>\n \u201cThat\u2019s why NSA and government are all over it,\u201d he told Breaking Defense.<\/p>\n The good news, according to Paliwal and others in the field: You don\u2019t need a quantum computer to stop a quantum computer, just better encryption algorithms. And those new algorithms should be able to run on today\u2019s computers, although a lot of lower-power devices will need to be upgraded or replaced.<\/p>\n \u201cIt\u2019s not all that different from how we\u2019re doing it now,\u201d said\u00a0Michael Vermeer<\/a>, a senior scientist at RAND, in an interview with Breaking Defense. \u201cIt\u2019s just a new algorithm, [using] a different area of mathematics.\u201d<\/p>\n \u201cYou don\u2019t need a quantum computer to fight a quantum computer,\u201d agreed\u00a0Rebecca Krauthamer,<\/a>\u00a0co-founder of\u00a0 QuSecure, which develops quantum-resistant software. \u201cIt\u2019s not a quantum algorithm we\u2019re using to encrypt things,\u201d she told Breaking Defense. \u201cIt\u2019s still classical math, it\u2019s just math that\u2019s really hard for a quantum computer to solve.<\/p>\n That said, she warned, \u201cYou can\u2019t say anything is \u2018quantum-proof\u2019 because everything is always changing\u2026. It\u2019s going to evolve in ways we can\u2019t foresee.\u201d<\/p>\n DoD trying to prepare industry<\/strong><\/p>\n At first glance, the government timeline to deploy the new quantum-resistant algorithms looks outright stately.\u00a0Last year,<\/a>\u00a0the NSA set an official target of 2035, over a decade away, for all \u201cnational security systems\u201d across the US government to migrate to quantum-resistant encryption.<\/p>\n The\u00a0National Institute of Standards & Technology<\/a>\u00a0released draft standards for the first three algorithms\u00a0last month<\/a>\u00a0and will take comments on them until Nov. 22 before finalizing them next year. At that point, Kushmerick told the QWC conference, it\u2019ll be up to \u201cindustry [to] deploy into a product.\u201d<\/p>\n But that doesn\u2019t mean companies and agencies should sit on their hands until 2024, experts emphasized.<\/p>\n \u201cThe government\u2026 especially DoD, has been doing a lot on trying to prepare the defense industrial base and elsewhere in the government to transition as quickly as possible to the new standard,\u201d said RAND scientist Vermeer.<\/p>\n In August NIST, the NSA and and Homeland Security\u2019s\u00a0CISA<\/a>\u00a0published a factsheet<\/a>\u00a0urging industry, especially those who support critical infrastructure, to \u201cbegin preparing now\u201d to migrate to post-quantum defense.<\/p>\n The message\u00a0was, in essence, \u201cWe haven\u2019t fully signed off on the algorithms, so be careful, but you need to start\u00a0today<\/em>, [because] it\u2019s a really hard problem,\u201d said\u00a0Kaniah Konkoly-Thege<\/a>, head of government affairs at the\u00a0quantum computing firm\u00a0Quantinuum. \u201cTake that basic step of inventorying your date, inventorying your assets, [and] putting in proper policies for retention of data. You also should start testing aggressively, she told Breaking Defense: \u201cBreak your system and figure out what doesn\u2019t work.\u201d<\/p>\n \u201cWhen we move some aspects of our infrastructure to the new standard, it\u2019s going to break things,\u201d agreed Vermeer. That\u2019s something Google, Amazon, and other major companies have already found in trial runs with prototype post-quantum encryption, he said. \u201cThe point of these tests was to figure out where things fail, [but even so] they were surprised \u2013 things broke in places that they weren\u2019t expecting,.\u201d<\/p>\n \u201cThere is a lot of software that needs to be patched,\u201d he said. \u201cWe don\u2019t know where all of it is right now.\u201d<\/p>\n