The age of computers that can crack today’s encryption is approaching. A conversation with two crypto experts about new standards.
taz: Mr. Petri, Mr. Kreutzer, in online banking, in the messenger app for smartphones, in networked driving – encryption can be found in practically all digital applications today. Will we find out one day that all of this can be cracked using powerful quantum computers?
Richard Petri: We assume that quantum computers will be around in about 10 to 30 years, depending on the estimates. They will then actually be able to crack the current encryption methods that are currently in use.
Michael Kreutzer: It is not, however, that we wait idly for this day and are then surprised by the development. The fact that encryption processes age has always been the case. What was standard ten years ago is no longer standard today. Simply because more powerful computers can crack the old procedures or mathematicians discover weaknesses. Crypto researchers are therefore constantly working on new processes.
But then do we have a situation with quantum computers in which very suddenly a large number of processes become unusable?
Petri: Yes, when quantum computers come, it will be very sudden. All asymmetrical procedures that are used, for example, in online banking or messenger services, will then be crackable. It looks a bit better with the symmetrical ones, which are used for hard disk encryption, for example. They are also weakened, but not all of them can be cracked directly. Also, one has to assume that the first to afford such a device will be large state actors. So it is not the case that the neighbor can hack into their own device immediately.
But even a state should not necessarily be able to read everything from online banking to private messages. What is the status of quantum secure encryption?
Petri: A corresponding process is currently underway at the National Institute of Standards and Technology in the USA. In the process, new standards are developed and selected that are supposed to be robust against attacks with quantum computers – and of course also secure for current computers. The third round of the process is just over and it looks pretty good that there will be several good processes at the end.
But how do you know whether they are really quantum safe? After all, this cannot be tested until such powerful computers exist.
Kreutzer: Even if we don’t have powerful quantum computers yet – we know pretty well what they will be able to do. We already have access to small quantum computers and can also simulate their calculations. This makes it possible to estimate with great certainty whether our mathematical theories are correct.
When will we see the first new encryption methods in devices or software that we use every day?
Petri: As it stands, the first recommendations will be made this year as to which procedures are suitable. And I think we’re going to have post-quantum standards in the next two years. Then we will see them in applications very soon. The Chromebrowser had even built in a post-quantum method on a trial basis. However, that did not survive the standardization process.
How should consumers then be able to recognize whether their car or messenger is already encrypted for the future?
52, is a computer scientist at SIT and has been researching cybersecurity for 20 years.
33, is a computer scientist and cryptography specialist for embedded systems such as smartphones or cars at the Fraunhofer Institute for Secure Information Technology (SIT).
Petri: This is still a long way off at the moment, but I can imagine that there will still be some kind of seal or a recommendation from the Federal Office for Information Security (BSI). In any case, the industry will advertise it according to the motto: Our browser uses quantum-secure encryption.
Kreutzer: That will also differ greatly depending on which application we are talking about. Take an online shop, for example. It is comparatively easy to exchange the underlying encryption method. Things get much more exciting in the automotive industry, for example, because there are product cycles of 20 or even 30 years. The cars are on the road and a process cannot be easily replaced. So the question is: Do the vehicles then have to go to the workshop for an update? The smallest control units may not be able to support the new processes, which means that a software update is not enough.
So whoever buys a car of the current generation today, which is already quite networked, may have a problem in 10 or 20 years?
Petri: Yes. An attacker with access to a quantum computer could, for example, falsify the digital signatures used to protect software updates from changes and thus cause damage. And with networked vehicles, this could then happen remotely and potentially also with the general public. Corresponding quantum computers should initially only be available to a few. Many companies are now aware of the issue and are getting support to prepare for the risk.
Is it then to be expected that devices with many control instruments, such as cars, will become more expensive?
Petri: Probably. The methods that are used in post-quantum cryptography are usually more resource-intensive. Some have a higher memory requirement, others need more resources for the calculation. On the other hand, with chip technology, you get more and more performance for the same money. Nevertheless, faster chips or those with more memory are probably necessary, which then increases the costs.
Kreutzer: It could be that the companies that deal with the issue today will have an advantage later. This takes time, especially with such complex systems as a car or a factory. First you have to take a look: Where are cryptographic systems actually in the car? Where do you have to get there?
Whereby the automotive industry has so far not exactly attracted attention with its exemplary IT security.
Petri: It took a while for the topic to reach the automotive sector. But something is happening. We are currently seeing great demand for encryption solutions for these systems.
How will we actually know when the first quantum computer that can crack current encryption is online?
Petri: Of course, that depends entirely on who is running it.
Kreutzer: It is not just states that come into question, but also industry. Google, IBM, all the big names are working on it. I am currently seeing great progress in this area. And if a player from the industry is the first, he would of course make it public.
If the new processes will require more resources in the foreseeable future – does that also mean that energy consumption will increase?
Kreutzer: The procedures that are currently in the running are all very different. Some require more computing power on the device, others have to send more data over the network because the keys are so large. But calculating the life cycle assessment of the individual processes is an interesting research question. Let’s take it with us. And speaking of electricity consumption: When quantum computers come along, Bitcoin will also become vulnerable.
Kreutzer: Not the blockchain itself. But all digital identities that are needed to use the currency are based on a common asymmetric signature process. And this problem will affect the vast majority of cryptocurrencies.