This week, a version of the announcement we all expected, eventually, was made: a quantum computer managed to break the RSA encryption algorithm that keeps most online communication safe from eavesdroppers.
Quantum computing as a security threat, in theory
Geopolitically, it could be devastating, especially to nations’ intelligence services.
Commercially, while this is not good news, nor is it terrible news as rarely does a company have secrets that are so valuable as to merit the attention of entities with sufficient resources to possess quantum decryption ability. In addition, given our perspective assessing operational risk, we can say many ostensibly sophisticated companies are already very sloppy in their approach to handling sensitive information. Indeed, the greater risk is an will remain a malicious insider or the more conventional breach methods of social engineering, system compromise or malware. There are general architectural and system changes that have to be made beyond updating encryption algorithms to solve many of these very clear and present risks.
It’s also important to realize organizations that actively keep their technology up to date with the latest security patches are the least vulnerable and will be the least impacted by practical quantum computing.
Quantum computing as a security threat, in practice
In short, we’re not too worried.
The researchers claim to have broken a 48bit encryption key, but standard keys are now 2048 or 4096bit, and computational complexity increases exponentially with the number of bits so it’s likely this is really just an interesting proof concept, lacking any practical utility. Indeed, the study itself leads with “to break the widely used RSA-2048 scheme, one needs millions of physical qubits, which is far beyond current technical capabilities.”
If this were practically useful, we suspect that some hard performance numbers would have been included — something akin to, “we cracked 1024bit RSA in less than a year.”
Finally, the strongest proof that this is only academically interesting and not practically useful is the fact that the paper — published by Chinese researchers — was allowed to see the light of day to begin with. Had the Chinese Communist Party developed an encryption-breaking tool of any real use, we would not be reading about it. The CCP is, after all, very effective at controlling strategically useful and sensitive information.
With regard to this development’s impact on blockchain technology, here too, it’s important to differentiate between theory and practice.
The threat to crypto
In theory, the ability to decode private keys would render the technology at the foundation of Web3 useless and we would all have to go find some other field to work in.
In practice, we believe that in the face of such a development, consensus on forking to systems employing quantum-resistant or quantum-impractical encryption would be arrived at rather quickly, assuming it doesn’t happen well before crisis time.
Also working in Web3’s favor: as attractive as cracking crypto may seem, state actors would most certainly prioritize their scarce quantum resources to gaining access to troves of encrypted data that’s been in storage awaiting the ability to access it.
We do live in interesting times. However we believe recent advancements in quantum computing to be more interesting than meaningful where Web3 is concerned and are confident that even if that changes, quantum attacks will rarely be the easiest way to break anything.