(SSL.Store) Gary Stevens presents an overview of how digital encryption works in order to understand why quantum computers are such a threat.
There are two main types of encryption used on the web today: symmetric and asymmetric. Public-key cryptography relies partly on asymmetric encryption, in which some keys are public and others are kept private. This is necessary because it is impossible to exchange an encryption key securely between two users who are far apart. Symmetric encryption, in contrast, does not require keys to be sent in the open, where they can potentially be broken by quantum computing algorithms. Instead they require that the sender and recipient of a message exchange an encryption key in person.
MIT has pointed out that quantum computers are predominantly a threat to asymmetric encryption protocols and not symmetric systems. Finding a private, secure channel with quantum resistant algorithms to exchange encryption keys might present a challenge, but it might become necessary.
The cybersecurity sector, which is already struggling to deal with the security challenges of the Internet of Things (IoT) and the rise of encrypted malware. Such fears could completely undermine consumer trust in online encryption.
Online privacy surveys already indicate that many U.K. consumers are concerned that their personal data is not safe, with more than 52% of respondents indicating that they are more concerned about how their privacy is handled than they were a year ago. Headlines about the imminent rise of quantum computers do little to reassure them.
SSL and TLS certificates represent the most widespread use of encryption on the web. These certificates are required by web browsers in order to connect securely to websites: If you’ve even seen a warning in Chrome or Firefox about a website having out-of-date certificates, this is the SSL / TLS system in action.
When quantum computers are able to dramatically cut this time down, there will be a relatively simple way to keep the system secure: cut down the deadline for certificates expiring.
If quantum computers become feasible for the average hacker, it’s likely that even with one-year maximum validity, current encryption won’t be able to keep up. Hackers will be capable of saving intercepted data until they break the encryption, and then decrypt it even if the SSL certificate is expired and no longer in use.