{"id":18886,"date":"2019-12-10T20:16:52","date_gmt":"2019-12-10T20:16:52","guid":{"rendered":"http:\/\/ci027cfe70f00a26c3"},"modified":"2019-12-10T20:16:52","modified_gmt":"2019-12-10T20:16:52","slug":"op-ed-quantum-computing-crypto-agility-future-readiness","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/technical\/op-ed-quantum-computing-crypto-agility-future-readiness","title":{"rendered":"Op Ed: Quantum Computing, Crypto Agility and Future Readiness"},"content":{"rendered":"
<\/div>
<\/figure>\n

Over the past few decades, we have seen almost unimaginable progress in computation speed and power. A watch today is a more powerful computer than the first Macintosh that my parents bought me in 1984 (I was very lucky). The weakest and lightest laptop today is more powerful than the computers that I programmed on during my undergraduate studies in university. Do you remember the days of computers with 64 kilobytes of RAM? Now we count in gigabytes and, soon, terabytes. <\/p>\n

Yes, I know that I\u2019m old (but at least I\u2019m not reminiscing about punch cards and vacuum tubes), but that\u2019s not really the point. The point is to understand where all of these extremely fast advancements in computing power came from. <\/p>\n

The answer is a combination of Moore\u2019s law (stating that the number of transistors on a chip doubles every two years, although this has now slowed down), together with many architectural improvements and optimizations by chip manufacturers. Despite this, the basic way that our most powerful computers work today is the same as in the 1970s and 1980s. Thus, although improvements are fast and impressive, they are all in the same playing field.<\/p>\n

Enter Quantum Computing<\/strong><\/h2>\n

Quantum computing<\/a> is a completely different ball game. Quantum computers work in a radically different way and could solve problems that classical computers won\u2019t be able to solve for hundreds of years, even if Moore\u2019s law continues. Stated differently, quantum computers don\u2019t follow the same rules of classical computing and are in a league of their own. This does not mean that quantum computers can solve all computationally hard problems. However, there are problems for which quantum computers are able to achieve extraordinary speedups. <\/p>\n

Some of these problems are closely related to much of modern cryptography, and include the number factorization problem that lies at the core of the RSA cryptosystem<\/a>, and the discrete log problem that lies at the core of Diffie-Hellman<\/a>, ECDSA<\/a>, EdDSA<\/a> and other cryptosystems (as used in cryptocurrencies and blockchains). <\/p>\n

The big question that still has not been answered, despite what you may have read, is whether or not such quantum computers will ever be built. I want to stress that this is still an \u201cif\u201d and not a \u201cwhen.\u201d The fact that small quantum computers have been built does not mean that quantum computers at the scale and accuracy needed to break cryptography will ever be built. The problems that need to be overcome are considerable. I am not saying that I don\u2019t think they will succeed; I\u2019m just saying that it\u2019s not a certainty. <\/p>\n

The next big question is: When<\/em> will such a computer that is powerful enough to break RSA or ECDSA be built? Or maybe more relevant \u2014 when do we have to start worrying about this possibility? I personally believe that this is many years away (I will say at least a decade, but I think it will be more like two decades at least).<\/p>\n

Google and Quantum Supremacy<\/strong><\/h2>\n

Recently, Google\u2019s scientists hailed what they believe is the first demonstration of quantum supremacy. This was widely understood to mean that quantum computers are now already faster than classical ones. And if this is the case, then modern cryptography may be broken very soon, in contrast to the time span that I predicted above. <\/p>\n

However, this claim by Google\u2019s scientists needs to be understood in context. \u201cQuantum supremacy\u201d is a technical term used by the academic community to mean when a quantum computer can do just one thing faster than a classical computer. However, this is really not what we think about when we hear \u201csupremacy,\u201d nor is it really relevant to cryptography and other application domains. In particular, what we are really interested in knowing is when quantum computers will be able to solve hard, important problems faster than classical computers, and when quantum computers will be able to break cryptography. <\/p>\n

Whether or not quantum supremacy was even demonstrated is not absolutely clear (see IBM\u2019s response<\/a>). However, in any case, this quantum computation has no effect whatsoever on cryptography, blockchains and cryptocurrencies. <\/p>\n

The Need for Crypto Agility<\/strong><\/h2>\n

So, what does this mean concretely for us as a community? First, we should rest assured that the cryptographic world is getting ready for any eventuality. In particular, we already have good candidates for post-quantum secure public-key encryption and digital signature schemes, and NIST is working on standardization<\/a> now. As such, we will not be surprised and unprepared if post-quantum computers that threaten our cryptographic infrastructure become close to reality. <\/p>\n

This does not, however, mean that our actual products and software in use are ready for the post-quantum era, and this is often a really hard problem. The solution to this problem is called crypto agility,<\/strong> and it relates to the ease (or lack thereof) with which cryptosystems can be replaced in existing deployed systems. <\/p>\n

The Value Proposition<\/strong><\/h2>\n

There are two main aspects to crypto agility. The first is how easily it is possible to change code so that one cryptosystem is replaced with another. The more the specific structure of the cryptosystem is relied upon in the code, the harder it will be to replace. The second is how to make this change while preserving backward compatibility and without introducing new vulnerabilities that can happen when new and old versions operate concurrently. <\/p>\n

These are (security) software engineering considerations, and there is no general right answer. However, asking your software team what the cost would be to swap out their crypto is a really important first step. <\/p>\n

The good thing about becoming more crypto-agile is that, even if the threat of quantum computing to cryptography never eventuates, it is still a good investment. Cryptosystems, key sizes, modes of operation and more change over time. This is a fact of life and will not change. Being more crypto-agile will enable you to respond faster to such changes and to be ahead of the market when new cryptography is introduced (whether it be for classic security systems or for cryptocurrencies and blockchains). That is always a good thing!<\/p>\n

This is an op ed contribution by Professor Yehuda Lindell. Views expressed are his own and do not necessarily reflect those of <\/em>Bitcoin Magazine or BTC Inc.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Crypto agility relates to the ease (or lack thereof) with which cryptosystems can be replaced in existing systems in a (potential) post-quantum computing era. Best to be prepared.<\/p>\n","protected":false},"author":3432,"featured_media":18887,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[3224,2648],"class_list":{"0":"post-18886","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technical","8":"tag-op-ed","9":"tag-quantum-computing"},"author_data":{"id":3432,"name":"Yehuda Lindell","nicename":"yehudalindell","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=robohash&r=g"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/crypto-agility.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/18886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/3432"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=18886"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/18886\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/18887"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=18886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=18886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=18886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}