If you have not heard about quantum computing yet, you will very soon, from both likely and unlikely sources, including Canada’s Prime Minister Justin Trudeau. Staged or not, the explanation provided by Trudeau several months ago was probably much easier to understand than those provided by many of the experts in the field. If you are still scratching your head, this video may help untangling the concept:
In any case, the message is clear: quantum computing is coming, and when that happens, our digital secrets will be out. The most common mechanisms used today to encrypt the sensitive information you send over the Internet rely on how difficult it is for conventional computers to figure out the key necessary to decrypt it. But quantum computers, when (or if) they come in all their promised glory, would make breaking it as easy as pie – or, perhaps more accurately, as easy as pi 🙂 .
You may have read that Google will be there for your rescue, with its promising post-quantum cryptography currently being tested in Chrome, which would be immune to the power of quantum computers. But think again: even if cryptography advances sufficiently to create algorithms that are future proof, much of the online private matters that happened over the last couple of decades was protected solely by relying on how difficult it is for our current computers to guess our private keys.
In theory, if anybody is intercepting and storing that encrypted information that was (and still is) being transmitted over wired and wireless networks, that may become pure gold a few years from now if the promise of quantum computing materializes. Yup, that’s the future hacking your present. As Ron Weasley would say, “Can we panic now?”
Well, not yet. Some of us are old enough to remember being fooled by scientists and experts before. I still remember being a teenaged geek in Brazil counting down the days to see the Halley’s comet in 1986, only to be sorely disappointed after all the hype created not only by the press, but by many astronomers.
Many still recall the fear around the impending Y2K issue over the last couple of years in the 1990s, which prompted warnings like this one:
The Y2K problem is the electronic equivalent of the El Niño and there will be nasty surprises around the globe. — John Hamre, United States Deputy Secretary of Defense
In the end, countries like Italy and South Korea, who invested too little and too late to prevent the supposed problem, had pretty much the same insignificant number of issues as those early birds that spent many millions and years preparing for it.
One important thing to note: some of the most reputable experts in quantum computing use very measured, careful words when referring to the advent of powerful quantum computers capable of breaking today’s most used cryptography mechanisms. The typical expression used is that there is a non-zero possibility of it happening. Not exactly the way most of us would describe something that we strongly believe is coming.
On the other side, there may be scenarios not dependent on mind-boggling quantum physics that would turn cryptography on its head. Renowned mathematician and Princeton professor Manjul Bhargava, on a visit to Toronto earlier this year, made an interesting point: asymmetric cryptography relies on the belief that it’s easy for conventional computers to multiply large (~200-digit) prime numbers to generate an even larger (~400-digit) number to be used as a public key, but it’s very difficult to guess what those two original multipliers were, requiring a brute force approach that’s not practical today. But he said that nobody ever proved that it cannot be done using a different approach. It may be possible (a non-zero chance again!) that some brilliant math mind already figured this out and that our encrypted secrets are just being decrypted as we speak.
So, if the whole NSA debacle from a few years ago had not been sufficient enough to convince you, it may be time to think again and play it safe: don’t treat your online activities as if you are dealing with your most trusted confident. Just pretend you are talking to a moody counterparty that may sell your secrets to the highest bidder. While passwords and account numbers can be changed, personal information and content that you would not like having exposed to others may be better off remaining offline.