Since Peter Shor published his eponymous algorithm for factoring composite numbers in 1994, cryptographic experts have speculated over whether and when the quantum computer needed to execute his algorithm on numbers of the size used in present-day public-key cryptosystems would become a reality.  If and when it happens, the implications for much of the information security business will be profound. Expert opinions cover the full range, from: “It’ll never happen” to: “You-know-who already has one”. An unscientific survey places the median estimate in the late 2020s. So, we would appear to have ten years to monitor and react. Now, we are in a race: developing and evaluating new cryptographic algorithms takes deep expertise over an extended period of time. And substituting new algorithms for the ones that have become deeply embedded in information systems over the last thirty years takes an almost inexplicable amount of time. And don’t forget that, by recording key-exchange messages, a future quantum computer will be able to decipher plain text that existed any time in the then-past.

Harder to assess is the amount of time it will take to overcome the substantial engineering challenges remaining before a large-scale quantum computer can be put to work on the problem. Earlier this year, a team from the University of Sussex announced the first blueprint for a large-scale quantum computer, inviting other researchers to collaborate on the remaining practical problems. Without further advances, their machine would occupy the area of a football field and consume megawatts of power. So, we should not expect such machines to be commonplace in the near future.  But, given time, further advances are inevitable.

As Yogi Berra astutely reminded us: “It’s tough to make predictions …” But, what is a prudent course of action today? At the very least, we need to follow developments and understand how we must react as researchers get closer to their goal.

Entrust Datacard researchers explore the state of the science and its implications for public-key cryptography in this new white-paper: