Spies may be storing data to decrypt with a future quantum computer

Intelligence agencies may be intercepting encrypted messages and storing them in the hope that they can eventually develop a practical quantum computer to crack them, a security researcher who has worked with the UK government has warned.

Although dozens of research groups are currently trying to build a practical quantum computer, none has yet publicly succeeded. Such a machine could quickly find the prime factors that serve as the multiplicative building blocks of a number – for example, 3 and 7 are the prime factors of 21.

This seemingly innocuous ability would fundamentally break encryption based on the difficulty of finding prime factors of large numbers, putting email, banking and cryptocurrencies at risk.

Researchers are already working on algorithms designed to keep data secure if this happens. But Andersen Cheng at cybersecurity firm Post-Quantum, who was a director at L3 TRL, a company supplying high-level encryption technology to the UK government, says that it could already be too late, as “harvest now, decrypt later” attacks are under way. This involves intercepting encrypted data and storing it ready for decryption once a quantum computer is developed.

Cheng points to instances when internet traffic has been routed on unusual global paths for no apparent reason before returning to normal, which are indicative of such attacks occurring. Often these errors have caused traffic within Europe and the US to be routed circuitously via Russia or China, at times through state-controlled telecommunications providers such as Rostelecom.

These relatively frequent errors could be accidental, but would also be the ideal way to select certain traffic and route it to a storage centre. Many key internet connections pass through Europe and the US, so similar attacks could occur there, says Cheng.

He believes these incidents were deliberate and that “the intelligence world has been collecting information, even though they cannot decrypt it today”. State secrets could still be invaluable years later, he says.

Exactly when quantum computers will threaten encryption isn’t clear, but Cheng says secret efforts may be ahead of public ones. “If you ask people in the public domain, they always say 10 to 20 years,” says Cheng. “If you ask the intelligence world… people are worried it will be below five years.”

A leak by Edward Snowden in 2014 revealed the US National Security Agency had spent nearly $80 million pursuing a code-cracking quantum computer.

Daniel Dresner at the University of Manchester, UK, says that intelligence agencies have long held encrypted data while waiting for ordinary computers to advance enough to crack it. For example, the UK gathered encrypted German messages well before it had developed the means to decode them during the second world war.

There is no reason to believe the same isn’t being done today with an eye to quantum cracking, says Dresner. “They’re collecting stuff all the time, some of which will be decrypted and will be useful.”

A spokesperson for the UK’s National Cyber Security Centre says work is under way to design algorithms that are safe from quantum computers. “Certain sensitive information may still be of interest to adversaries in two or three decades,” says the spokesperson, meaning this work needs to be done now.

Source: Link

Post a Comment

Previous Post Next Post