Here are some trends on quantum computing regarding what to look out for in 2020.
* The National Institute of Standards and Technology (NIST) will have standardized a PQC algorithm by 2022-2024, kicking off a global effort to deploy it. Companies that have inventoried their cryptographic systems and emphasized cryptographic agility will have a relatively easy time deploying it; others, not so much.
* A quantum computer to solve an economically important problem next year. This will kick off a new era of investment in accelerating quantum computing development based on the demonstration of practical benefits. Adoption of post-quantum cryptography will need to keep up.
* In the near term, R&D into commercial applications of noisy intermediate-scale quantum computers will probably drive progress in this area. How useful these computers turn out to be, and what problems they are able to solve, will probably be the driver for increased investments in improving quantum computing technologies.
* DigiCert has estimated that it takes several quadrillion years to factor a 2048-bit RSA key using classical computing technology, an estimate that is referenced in the National Academy’s report. However, a sufficiently capable quantum computer can break the same key much faster, perhaps in only a few months.
There are still many technical challenges that must be overcome before it is possible to build a quantum computer that threatens RSA and ECC, the two main asymmetric cryptographic algorithms that the internet’s security is based on.
The report estimates that such a quantum computer must be five orders of magnitude larger, with two orders of magnitude lower error rates, than the first-generation quantum computers that exist today, and likely requires technological advancements that haven’t been invented yet.
* Industry standards groups are also preparing for a post-quantum future, and DigiCert is very active in these efforts. Most well-known is the NIST post-quantum cryptography project, which is working with researchers around the world to develop new cryptographic primitives that are not susceptible to attack by quantum computers. However, it will be several years before those algorithms are ready for standardization.
A simpler technology (hash-based signatures, RFC 8391) has been standardized by the Internet Engineering Task Force and will soon be standardized by NIST. While it has some drawbacks compared to more advanced algorithms, namely larger signatures and a limit on the total number of signings, it has the advantage of being well-understood, quantum-safe and available now.
- Tim Hollebeek.
— The author is the Industry and Standards Technical Strategist at DigiCert.