Submission
Privacy Policy
Code of Ethics
Newsletter

Why are Today’s Encryption Methods Not Secure? The Relationship Between RSA and the Quantum Threat.

In a previous post, we learned how the calculations are done in the computational model used by quantum computers. We have learned about the fundamental differences between bits and quantum bits (qubits) and how these differences have consequences. This makes the situation look quite ideal, as it gives us new architecture capable of performing calculations at astonishing speeds. This is true, but the devil is in detail.

As mentioned, we cannot directly access the information stored in Qubits in superposition. Once we try to read the information stored in the qubit, this previously probabilistic system will “collapse” into a single state. So not only will we not be able to access all the information, but what we can extract will be mostly completely random. At this point, of course, the question arises, why do many people consider the development of quantum computers so dangerous, and why do they pose such a threat in terms of information security?

Quantum informatics does not really affect any of the everyday ways we use computers today. Web pages won’t be loaded faster, videos won’t be more responsive, and hackers won’t steal our passwords by using mysterious quantum computers. But there are some specific uses of quantum computers that could pose a threat soon. These are mathematical problems that can already be solved by algorithms that can be run on a quantum computer and drastically reduce previous computing times. One of these problems is precisely related to the public key cryptography methods widely used today.

Public key encryption (also known as asymmetric encryption) is an encryption method that uses two keys: a public key that anyone can use to encrypt the message, and a private key that only the recipient knows, and which is used to decrypt the same message. The method allows encrypted messages to be sent securely without the encryption key having to be shared in advance between the two parties. This is also practical because we cannot just send such information online.

In public key encryption, the algorithm is based on mathematical operations, one of the most common of which is the RSA algorithm, which relies on the difficulty of decomposing large numbers into prime factors. The essence of RSA encryption is that the public key is the product of two large prime numbers, and since the factorization of large numbers is a very time-consuming task for classical computers, encryption is considered secure[1]. But quantum computers work in a radically different way from classical computers. Using Shor’s algorithm, quantum computers can efficiently factorize large numbers into prime factors, as they can perform multiple computational paths in parallel using superposition and entanglement. This means that while a classical computer tries a sequence of possible solutions, a quantum computer can explore multiple possibilities in parallel.

The Shor algorithm is therefore essentially a quantum algorithm that can factorize large numbers efficiently in polynomial time, which gives it a significant advantage over classical methods. The necessary information stored in the superpositions can then be read out, which means that this calculation is a practical use of quantum machines that already exists today.

But why does it matter? After all, if we know that RSA encryption will soon be inadequate protection for our data, why not just replace it? In fact, there are already active developments underway to replace RSA and other current public-key encryptions, known collectively as quantum-resistant or post-quantum cryptography.

The root of the problem is that data protected by RSA encryption can already be obtained by attackers today. The captured data can be stored in encrypted form and the attacker can try to decrypt it later, especially if they have access to quantum computers in the future. This is the basis of the “Store Now, Decrypt Later” (SNDL) strategy. Attackers can break into a server or other databases where encrypted data is stored. Although they cannot decrypt and interpret the data today, they can make a copy of it. With the advent of quantum computers, this encrypted data can then be easily decrypted.

SNDL poses a particular threat because:

  • Current encrypted data may carry sensitive information for years or decades, so decryption later could have the same consequences as if the data were released today.
  • This also means that, given the capabilities of quantum computers, today’s encryption is no longer considered secure enough to store sensitive data over the long term.

The greatest risk for SNDL is therefore data that remains valuable and sensitive in the long term. Typically, this is information that does not lose its relevance over time or whose decryption could be harmful to the data subjects in the long term. Examples include:

  • Classified government documents: At government level, a lot of secret data is stored that is relevant for military, national security, diplomatic, or intelligence purposes. This may include military strategies, diplomatic communications, spy network data, federal negotiation documents, etc.
  • Health data—patient data and health information: health data, such as electronic health records, clinical trial data, and other medical information are also considered sensitive in the long term.
  • Financial and banking data—bank transactions and account information: Banks and financial institutions encrypt a lot of data, including transactions, credit card information, and corporate and personal account information.

Research is already underway in the field of post-quantum cryptography to defend against the threat posed by quantum computers. These new encryption methods are based on mathematical problems that are difficult for quantum computers to solve because they cannot be parallelized or there is no efficient algorithm for reading the results of the calculations. However, we should not forget that a lot of data that was previously thought to be secure could still be in the wrong hands. The biggest risk of quantum computing is essentially the decryption of all encrypted data that has already fallen into the wrong hands.

Advances in quantum computing and quantum computers are revolutionizing the world of computing, but they also pose a serious threat to current encryption methods. RSA and other public-key encryption methods have been considered secure for many years, but the capabilities of quantum computers will soon challenge this. The development of post-quantum cryptography is vital to ensure future data protection, but it is also important to remember the huge amount of sensitive data that could already fall into the wrong hands. What seems certain is that we are about to enter a new era of data security, where precaution and rapid adoption of technological innovations will become the most important aspects.


István ÜVEGES, PhD is a Computational Linguist researcher and developer at MONTANA Knowledge Management Ltd. and a researcher at the HUN-REN Centre for Social Sciences. His main interests include the social impacts of Artificial Intelligence (Machine Learning), the nature of Legal Language (legalese), the Plain Language Movement, and sentiment- and emotion analysis.


[1] Today’s encryption methods are since they cannot be broken at all. The bottom line is that with today’s computing power, a try-based hack would take on average, millions of years, so the chance of someone succeeding within a reasonable amount of time is negligible. That is why we consider these methods to be safe, and this is precisely what quantum informatics can override.

Print Friendly, PDF & Email