It is true that adversaries are collecting our encrypted data today so they can decrypt it later. In essence anything sent using PKI (Public Key Infrastructure) today may very well be decrypted when quantum computing becomes available. Our recent report identifies the risk to account numbers and other “long tail” data (data that still has high value 5 years or more into the future). Data you send today using traditional PKI is “the horse that left the barn.”
But this article describes a scary scenario where an adversary’s quantum computer hacks the US military’s communications and utilizes that advantage to sink the US Fleet – but that is highly unlikely as long as government agencies follow orders. The US government specifies that AES-128 be used for secret (unclassified) information and AES-256 for top secret (classified) information. While AES-128 can be cracked using quantum computers, one estimate suggests that would take 6 months of computing time. That would be very expensive. Most estimates indicate that using AES-256 would take hundreds of years, but the military is already planning an even safer alternative it just isn’t yet in production (that I am aware of):
“Arthur Herman conducted two formidable studies on what a single, successful quantum computing attack would do to both our banking systems and a major cryptocurrency. A single attack on the banking system by a quantum computer would take down Fedwire and cause $2 trillion of damage in a very short period of time. A similar attack on a cryptocurrency like bitcoin would cause a 90 percent drop in price and would start a three-year recession in the United States. Both studies were backed up by econometric models using over 18,000 data points to predict these cascading failures.
Another disastrous effect could be that an attacker with a CRQC could take control of any systems that rely on standard PKI. So, by hacking communications, they would be able to disrupt data flows so that the attacker could take control of a device, crashing it into the ground or even using it against an enemy. Think of the number of autonomous vehicles that we are using both from a civilian and military standpoint. Any autonomous devices such as passenger cars, military drones, ships, planes, and robots could be hacked by a CRQC and shut down or controlled to perform activities not originally intended by the current users or owners.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
