Prof. Kannan Srinathan explains why the current frenzy about the post-quantum cryptography apocalypse is unwarranted.
There has been a great deal of buzz about post-quantum cryptography. This is because quantum computers are expected to be ready in the immediate future with the purported ability to break current encryption methods. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is therefore to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.
Even as India nears completion of its first small-scale quantum computer at the Tata Institute of Fundamental Research (TIFR), there is a parallel discourse about the vulnerability of current systems and upcoming associated risks to security. One can argue that the paranoia associated with the latter is not justified simply because of a unique facet of quantum computing. Consider this: if a 2n-qubit quantum computer is required to break a cryptosystem and the maximum you have built is an n-qubit quantum computer; how many such n-qubit computers are required to break the cryptosystem? It is mistakenly thought that one just needs to juxtapose two such machines. But one really needs 2^n such quantum computers which are never going to be available!
Uniqueness Of Quantum Computers
Unlike in the classical world, where in order to have the computational power equivalent of a 64-bit machine, but the prevalent technology is that of a 32-bit one, all you have to do is to add the two 32 bits together and simulate a 64-bit machine. The quantum world does not work that way. Adding every qubit potentially doubles its power. So having two 32-qubit machines is only as powerful as one 33-qubit machine and not 64.
As a direct consequence of the above fact, if n-qubit machines are the maximum available, the ‘key’ (pun unintended) to protecting an algorithm from being broken is to use a large enough key so that say only >2n-qubits machines can break it, which is exponentially beyond the reach of an n-qubit machine.
Currently, quantum computers that break the prevailing cryptosystems exist only on paper. They don’t exist in the industry or in reality. At the risk of sounding controversial, it is not even ruled out that they may never ever exist. The shift to post-quantum cryptography could actually be never necessary, because the human race may never be able to build a quantum computer that will break the current cryptosystems. And there’s a reason for that. As already pointed out, we need a technology that can design n-qubit quantum computers, for any given value of n, without a pre-set bound! This is beyond just technology, as there is a distinct possibility that Nature may not even permit it beyond a limit!
Old Wine In New Bottle
There is another perspective with regards to post-quantum cryptography. That it has nothing to do with either quantum mechanics or with quantum cryptography. In fact it refers to those classical, mathematical algorithms (some of) that were discovered long before Feynman suggested quantum computing in early 1980s. It is just that their security is based on NP-hard problems, which are conjectured to be beyond the reach of efficient quantum algorithms. One can only speculate about their non-usage then despite their discovery and a probable reason could be due to the large size of the public key. Advances in this respect are happening at a rapid clip, and are certainly welcome, with (or without) their post-quantum nature.
Conclusion
It is not our intention to either argue for or against research in post-quantum cryptography. All we are saying is that the ability of quantum computers to crack existing cryptosystems is moot at the moment. And the likelihood that it will happen in the immediate future is also unclear. Hence, I don’t see the need for banking or other financial institutions to be in a rush to overhaul or change anything that is working perfectly fine right now.
This article was initially published in the September edition of TechForward Dispatch
