Why the NSA moving away from Suite B cryptography due to quantum computers makes total sense
TL;DR —Quantum computers could actually have been the trigger to begin the move to post-quantum cryptography. Even though the Snowden files released in 2013 showed limited progress from the NSA on quantum computers, the last 2 years since have been a storm of real, practical results, as well as funding poured into both companies and academic research.
One of the comments I most often hear is “Well, Snowden released documents in 2013 showing that the NSA has not had much progress on their quantum computer”, used as a justification why we shouldn’t worry about quantum computing now.
While this statement about the Snowden files is true, the last 2 years have been a storm of real, practical results, as well as funding poured into both companies and academic research in quantum computing. We know the tipping point of quantum computing research happened after the Snowden files were released.
Companies in the quantum computing race
Publicly driving the battle for universal quantum computing are Google andIBM.
IBM has had a quantum computing research group for over 20 years at the Watson center in New York, and works on theoretical work as well as practical results in all aspects of quantum computing. In April 2014, IBM announced a critical milestone with their 4-qubit chip — detecting both types of possible errors at the same time:
And IARPA, in December 2015, infused IBM with additional funding through the LogiQ program:
Google hired John Martinis and his research group in late 2014 and are focusing entirely on building a scalable, fault tolerant quantum computing chip. In March 2015, they announced their success in not only building 9 qubits, but also error correcting:http://www.nature.com/nature/journal/v519/n7541/full/nature14270.html
We are seeing Moore’s law for quantum computing, but even faster.
Both companies have stated that 10 years is a reasonable timeline for functional quantum computing.
Not the Only Ones
While Google and IBM have been very public with their plans, plenty of other companies are involved in various aspects of quantum computing:
Intel announced $50 million in funding to quantum computing development:
Alibaba plans to get 30 qubits working by 2020:
Northrop Grumman has an internal team working on quantum computing.
Lockheed houses a D-Wave computer and has partnered with University of Maryland quantum computing professors to work on non silicon based quantum computers in March 2014.
Microsoft has a quantum computing group, StationQ. They are working on a different approach, dealing with the software side of quantum computing and taking a “full-stack” approach. Recently, they released the LIQUi|> platform, a culmination of 3 years of hard work by the team. Right now, this platform simulates up to 30 qubits, but the approach could allow Microsoft to plug into quantum hardware and run the real qubits.
So where does D-Wave fit in?
While D-Wave is not a universal quantum computer and can only be used for a small class of problems, D-Wave was one of the first companies that brought widespread interest to the field. D-Wave has sold 3 quantum computers so far: to Google, Lockheed, and Los Alamos National Lab (and the NSA?).
In December 2015, Google released a “watershed” quantum computing announcement about their 100 million fold improvement in a specialized problem engineered to show the power of D-Wave (Read the articles below, and the independent analysis here on the speedup by Dr. Scott Aaronson)
However, the D-Wave machine cannot use Shor’s algorithm to break cryptography — but they were the first player in the commercial quantum computing field and accelerated interest in quantum computing applications.
In light of all these advances, the NSA preparing the move to post-quantum cryptography makes sense. And with all this quantum computing talk, the research into post-quantum cryptography, as well as quantum cryptography, has accelerated:
Since 2004, SECOQC has been active (http://www.secoqc.net/), with 11 million Euro invested into developing secure quantum communications protocols, and in late 2014 the GCHQ announced funding into post-quantum cryptography research.
Right now, there is no standard of encryption against a quantum computing attack, but there are known quantum-resistant algorithms.We might be late on the traditional timeline for establishing quantum security standards, but that just means we need to start now, and the NSA moving forward on this makes complete sense.