'Game over' for Internet security?

Computer scientist Tibor Jager on the development of quantum computers that could jeopardise the network we thought was secure

"The Federal Office for Security and Information Technology (BSI) says they expect that a quantum computer powerful enough to crack cryptography could be available in 16 years at the latest," says Tibor Jager, Professor of IT Security and Cryptography at the University of Wuppertal.
Experts from all over the world are worried because the Internet, which we thought was secure, could blow up in our faces at some point. But quantum computers don't even exist yet. "We know theoretically how these computers work," says Jager, "i.e. we can already describe how the algorithms on them work. But no one has yet built them in such a way that they can be used to crack real encryption." This is mainly because it is a relatively difficult engineering problem. You have to calculate in quantum states, which are extremely fragile, and if you don't build it really properly and carefully and maintain these quantum states with a great deal of energy, then it won't work.

Secure communication on the internet

"Secure communication on the internet is based on encryption processes and other components such as digital signatures," explains the expert. When we connect to an online shop, for example, our secure web browsers ensure that the password and credit card details we enter actually end up on the server and not with someone who has copied the page. And this works as follows, explains Jager: "There are two categories. One is these encryption processes that keep this actual data secret and a second, at least equally important component is these digital signatures that ensure that we know who we are talking to." The security of both methods is based on the fact that certain calculation problems are very difficult. The computer scientist explains this using the example of the factorisation problem (the factorisation problem is one of the unsolved problems in computer science, editor's note): "If I say the numbers 3 and 5, you can immediately add them together in your head and the product of them is 15. You can also get the backwards direction for the number 15 reasonably quickly, but you have to think a little longer. However, if you then have large numbers with 1000 digits, it is a very difficult problem to add them back again. The calculation is so difficult that even the best supercomputer in the world can't crack it in a realistic time at the moment." Security on the internet is therefore largely based on the cryptographic mechanisms on the internet, especially in this authentication between the user and the server mentioned in the example. And the list could go on and on. Whether it's tax returns via ELSTER or our health insurance app with all our medical data, "it's all the same process," says Jager, "all Internet communication. The whole security is based on the difficulty of problems such as the factorisation problem of large numbers. Another example is the so-called discrete logarithm problem. And now these quantum computers are coming at some point."

'Game over' for security

"Quantum computers have already been built that have, for example, broken down the number 15 into its factors 3 and 5 in experiments," says Jager, "and now development is continuing. There are constantly new records for how many qubits (memory size in quantum computers) they can handle and at some point they will be so large that they will be able to solve the discrete logarithm problem and the factorisation problem. And that means 'game over' for security on the Internet."

Quantum computers solve difficult optimisation problems

In contrast to conventional PCs, quantum computers do not calculate with bits, i.e. zeros and ones, but are based on quantum bits. Such a 'qubit' can not only be one or zero, but one and zero at the same time. "Now you naturally ask yourself where quantum computers get this speed advantage from. It comes from the fact that they don't calculate faster, so the word speed doesn't really fit, but they calculate differently. They have different instructions available to them than a classical computer. This means that you can also run other algorithms on these quantum computers, such as the Shor algorithm (in 1994, maths professor Peter Shor developed a quantum algorithm for generating prime factors of large numbers that was much more efficient than classical computers, editor's note)." There are certainly good reasons to build it, states Jager, because it is capable of solving difficult optimisation problems. "Let's say you want to optimise the national economy with the framework conditions that nobody is unwell, the minimum income is regulated, etc. and then find the perfect solution. These are very difficult calculation problems that are absolutely out of reach for conventional computers. It would also be immensely interesting for research to be able to work with these computers, because you could create simulations that are impossible today due to the computing capacity." The differences in the calculation times of the two systems are almost incomprehensible to the layman. If a classical computer would need several billion years to solve a problem, requiring an immense amount of energy, a quantum computer could deliver results in just a few weeks. By analogy, the differences could perhaps be compared with the performance of a modern smartphone, which today easily puts a supercomputer from the 1960s in the shade.

Systems still very prone to errors

The central challenge in the realisation of quantum computers is their susceptibility to errors. Quantum systems are very sensitive to interference and therefore require complex error correction. One of the biggest challenges in the transition are the security aspects, which cannot be guaranteed at the moment. "In order to use quantum computers to crack cryptography on the internet, you have to run the Shor algorithm," explains Jager, "but this works particularly badly if errors occur." Development is continuing steadily and the susceptibility to errors will also decrease. However, Jager points out: "If we still want to communicate securely over the internet in 16 years' time, then we need to do something now. The biggest challenge in terms of security is the question of how to build processes that are also secure against quantum computers." Even if we don't yet know exactly how these computers can be built, we can work on them using today's methods. The main focus is on the development and standardisation of quantum computer-resistant alternatives. "Quantum computer-resistant means that we know that some problems can be solved well on quantum computers, and over the past 40 years we have built cryptography from factorisation problems and the discrete logarithm problem and used it in the network. And they are now breaking down. So we have to think about what alternative problems we can find in mathematics that have properties that allow us to build cryptographic processes, digital signatures, encryption processes etc. in a similar way and that are similar. But at the same time, these problems must be structurally different so that the quantum computer cannot crack them." Lattice-based methods, for example, are now being used at universities, both in research and, more recently, in teaching.

Competitions and university teaching on the topic of post-quantum transformation

Many players are involved in the major topic of post-quantum transformation, whether in basic research at universities or in industry to protect their own products. Authorities are also focusing on this future topic. "The NIST (National Institute of Standards and Technology) is particularly important in the course of post-quantum transformation," says Jager. The central large-scale research institution in the USA organises competitions. There was an initial call in 2017 for researchers to submit new cryptographic methods. This competition ended last year. "Teams from universities and industry from all over the world submitted many proposals, which were then published. Others analysed them and after several rounds, some methods were eliminated. In the subsequent NIST competition, the first methods were then selected, standardised and made available to everyone." And new cryptography methods are also beginning to be offered in university teaching. Jager explains: "We did this for the first time last semester. We offered a post-quantum cryptography lecture that focussed specifically on lattice-based cryptography. You will need more and different tools in the future."

Transition to post-quantum cryptography is tricky

In November 2024, the German Federal Office for Information Security (BSI) published a joint declaration on post-quantum cryptography together with partners from 17 other European Union member states. In it, they call on industry, operators of critical infrastructure and public administration to initiate the transition to post-quantum cryptography and describe the necessary steps for this transition. At the same time, however, they continue to warn of the threat to information security posed by quantum computers. "This is a very difficult problem, especially because the internet is global. You can't just take out one factorisation-based process overnight and use a new one. You need a simultaneity that you can't achieve worldwide. And even if all server operators were to switch over at the same time, they would still have to get their best friend, their mother or whoever else they know to download their mobile phone at the same time. It can't work like that. So there has to be an orderly transformation."

There is currently a lot of talk about the feasibility of this transformation. Companies are currently in the process of researching where they are using crypto processes at all or hiring consultants to carry out a kind of crypto inventory in order to find the construction sites. The compatibility of the new procedures and the new computing methods also had to be properly checked. But that's not all. "You also need engineers who understand this new maths, because it works completely differently. And so far, there are only a few universities that offer teaching in this area." In general, the new, so-called post-quantum methods are robust, but the slightest error could result in a complete security failure.

Systems should already be made quantum-proof today so that patents, property rights and company secrets, for example, remain encrypted after the introduction of these devices.

Cryptographic processes need to be adapted

Cryptographic processes that have so far been implemented on conventional hardware must be adapted to quantum computers. This also means new research priorities. "We are looking for new procedures that are based on new mathematics, that is the adaptation," says the scientist. "We want to train computer scientists at the highest level and one of the biggest construction sites on the Internet is post-quantum transformation. It is essential that we anchor this aspect in the degree programme. We will therefore soon be offering specialisation areas for this area in computer science studies, on the subject of security, robustness and trust. We are looking at the construction of these processes and considering how we can move from theory to practice. With our current knowledge, we can better prepare for the post-quantum transformation and put more internet security on a much more robust footing from the outset. On the one hand, it's a curse because we have to rebuild a lot, but it's also a blessing because we can clean up a lot of things and prepare them the way we want them to be in the future."

Quantum computers will not replace conventional computers. "They are simply different machines," emphasises Jager in conclusion. "You will probably never be able to run programmes like Excel or Word on a quantum computer. But if you want to solve certain specialised problems that would overwhelm a conventional computer, then you could perhaps use a quantum computer."

Uwe Blass

Prof Dr Tibor Jager heads the IT Security and Cryptography section of the Faculty of Electrical Engineering, Information Technology and Media Technology at the University of Wuppertal.