Quantum computers and security implications
Gradually we’re seeing Quantum computing become something concrete. In some years, Quantum computers will probably be available for sale to businesses or even for personal use. Fundamentally, bits in modern computers are a voltage signal of either null (0) or something else (1). Based on sequences of bits, instructions are formed to dictate a CPU what to do. The difference between bits and qubits (how the ‘bits’ in Quantum computers are called) is that a qubit can unlike regular bits be both a 0 and 1 at a time.
On the Internet, data is sent along cables from computers to computers. A lot of the data that travels needs to be encrypted so that third party users cannot access the data and thus decipher the original message. Encryption basically involves using a random algorithm to turn data into something meaningless. When this data is received at the other end, the original algorithm is used. Public and private keys which both the sender and receiver have are used coupled with the algorithm to encrypt and decrypt data.
Data is encrypted using a defined number of bits; the more bits is used for encryption, the harder it is to decrypt the data by a third party unauthorised entity. To decrypt the data, an authorised key is needed along with the proper algorithm. As the authorised key is private only to the sender or receiver, if one needed to decrypt the data without having a valid key, one could be made by trial and error. Of course, there are less possibilities if less bits are used for the encryption.
Modern computers could take months or years to decrypt data. Quantum computers could perform the same operation but faster; in hours or days. Now one could think that protection against this could be set up when Quantum computers will be around but what if businesses or individuals were already collecting and storing encrypted data? That’s why it’s important to start working on implementing these precautions right now.
One of the most important protocols on the Internet is SSH. Basically on the Internet, SSH
uses cryptographic methods to authenticate remote computers (servers) and using public-private
key pairs, encrypts the connection. Each encryption algorithm that can be used has an ID which
is agreed upon by everybody. These range from 1 to 5 in the following order
ssh-xmss, the latter being the one that has
post quantum (PQ) algorithms.
The majority of the tasks that the cyberstorm.mu organisation did was to
implement these PQ algorithms, more specifically
SSH-XMSS in some projects hosted on GitHub.
We planned tasks on Trello and many of us, did multiple ones. I personally
didn’t work on the original
SSH-XMSS algorithm since it is really complex at the moment.
I worked on these: