
Intelligence agencies may be intercepting encrypted messages and storing them in the hope that they can eventually develop a practical quantum computer to crack them, a security researcher who has worked with the UK government has warned.
Although dozens of research groups are currently trying to聽build a practical quantum computer, none has yet publicly succeeded. Such a machine could quickly find the prime factors that聽serve as the multiplicative building blocks of聽a聽number 鈥 for聽example, 3 and 7聽are the prime聽factors of 21.
This seemingly innocuous ability would fundamentally break encryption based on the difficulty of finding prime factors of large numbers, putting email, banking and cryptocurrencies at risk.
Advertisement
Researchers are already working on algorithms designed to keep data secure if this happens. But Andersen Cheng at cybersecurity firm Post-Quantum, who was a director at L3 TRL, a , says that it could already be too late, as 鈥渉arvest now, decrypt later鈥 attacks are under way. This involves intercepting encrypted data and storing it ready for decryption once a quantum computer is developed.
Cheng points to instances when internet traffic has been routed on聽unusual global paths for no apparent reason before returning to normal, which are indicative of聽such attacks occurring. Often these errors have caused traffic within Europe and the US to be , at times through state-controlled telecommunications providers such as Rostelecom.
These relatively frequent errors could be accidental, but would also be the ideal way to select certain traffic and route it to a storage centre. Many key internet connections pass through Europe and the US, so similar attacks could occur there, says Cheng.
He believes these incidents were deliberate and that 鈥渢he intelligence world has been collecting information, even though they cannot decrypt it today鈥. State secrets could still be invaluable years later, he says.
Exactly when quantum computers will threaten encryption isn鈥檛 clear, but Cheng says secret efforts may be ahead of聽public ones. 鈥淚f you ask people in the public domain, they always say 10 to 20 years,鈥 says Cheng. 鈥淚f聽you ask the intelligence world鈥 people are worried it聽will be below聽five years.鈥
A leak by Edward Snowden in 2014 revealed the US National Security Agency had spent nearly $80 million pursuing a code-cracking quantum computer.
at the University of Manchester, UK, says that intelligence agencies have long held encrypted data while waiting for ordinary computers to advance enough to crack it. For example, the UK gathered encrypted German messages well before it聽had developed the means to decode them during the second world war.
There is no reason to believe the same isn鈥檛 being done today with an eye to quantum cracking, says Dresner. 鈥淭hey鈥檙e collecting stuff all the time, some of which will be decrypted and will be useful.鈥
A spokesperson for the UK鈥檚 National Cyber Security Centre says work is under way to design algorithms that are safe from quantum computers. 鈥淐ertain sensitive information may still be聽of interest to adversaries in two聽or three decades,鈥 says the spokesperson, meaning this work聽needs to be done now.