In a recent publication, written by ICANN (Internet Corporation for Assigned Names and Numbers), distinguished technologist Paul Hoffman discussed the hot topic of Quantum Computing and the DNS.
NANOG had the opportunity to talk to Hoffman to better understand the current status + future of quantum computing.
Are quantum computers worth discussing?
Yes, quantum computers are worth discussing. They have been a topic of conversation by the security community lately, and for a good reason.
Quantum computers could have the ability to breach international long-term and short-term secret security by undermining currently popular cryptographic algorithms.
"All security properties of all the common signature and key exchange algorithms in common use on the Internet today would be significantly weakened. Such a result would be terrible: signatures using those algorithms could be forged, and secrets that were protected by those key exchanges would be revealed," Hoffman said.
How much time should be spent talking about this?
Currently, there are no quantum computers powerful enough to do this. According to Hoffman, we are at least decades away from the technology being sophisticated enough to build. Not to mention the expense would scale up into tens or hundreds of billions of dollars.
Hoffman compares it to the invention of transistors in the late 1940s and early 1950s.
"They were like, 'oh my God, they will be able to do these crazy things,' but they weren't for decades," he said.
"The way that they dreamed about classical computers was wrong; they thought there would be a zillion little physical transistors on a giant circuit board, which was true for a little while until VLSI (very large scale integration) became a reality.”
“So, it's easy to dream about quantum computers, but building ones that are large enough to do the things we want is the challenge, and it's a multi-decade challenge," Hoffman continued.
Would the cost be worth it?
"Why spend a hundred billion dollars on building a quantum computer? I could understand spending a billion, or even 10 billion, but hundreds of billions of dollars?" Hoffman asks.
World domination could potentially be worth hundreds of billions of dollars.
While "possible, not likely," Hoffman said.
"For it to be useful, it needs to be able to do either of two things. One, sign something that everyone was assuming that no one would ever get the private key for (and there isn't anything currently, for which the value of the private key is a hundred billion dollars) or (which is more likely) discover secrets that are worth hundreds of billions of dollars."
Hoffman adds that "none of us work in the secret areas of governments" and therefore would be able to determine "that one particular secret which if went over the Internet, is going to be worth hundreds of billions of dollars, thirty or forty years from now."
Why are we "just far enough away" that it is interesting?
We are far enough away from the cryptographically relevant quantum computers to be interesting to watch.
As the technology gradually improves, there may come a day when this new type of computer will easily break some of the algorithms.
"But we are just far enough that the progress is still interesting. And because it is far away, we have plenty of time for users of digital signatures to pick a post-quantum cryptographic algorithm."
Hoffman does mention a stipulation for professionals who are concerned about keeping secrets.
"We are not speaking for those folks. Suppose they want to pick a post-quantum algorithm key exchange tomorrow. That's fine. They have a very different threat model than those who are thinking about signatures. And in the span of our community, it mostly isn't intelligence, it's more organization, and so that's a different level of threat, as well."
What questions should our community be asking?
As stated by Hoffman, if an organization is concerned about digital signatures, more rational questions are:
- When is a reasonable time that we should start looking at changing algorithms?
- Should we be discussing this now, or should we wait until we know more about the post-quantum signature algorithms?
Why would starting now lead to big mistakes?
"If we start now, there's a good chance that we're going to pick wrong. We are going to get all excited that we're doing things ahead of time, and we could easily be very, very wrong," he said.
For example, one of the finalists in the widely-followed NIST (National Institute of Standards and Technology) Post-Quantum Cryptography project where finalists chose a post-quantum signature algorithm was shown to be significantly weaker than anyone thought.
So, how should the industry handle the "sky is falling" articles?
Hoffman said the reasonable questions are:
- What is your track record of predicting this stuff when you have said it in the past?
- Have you been correct?
He emphasized that we have plenty of facts about how quantum computer technology is progressing, and we can use that as a basis for our planning.
Why should we put quantum computing on the backburner for now?
"You don't need to pay attention to it until you hear that things have changed significantly. It's fine to be thinking about how post-quantum algorithms might affect us, but we don't need to jump on one any time soon."
And you will be the first to know.
"The people who are pouring money into this are going to want to get credit for making advances so that you will hear about it," he said.
Read Hoffman's full PDF, entitled Quantum Computing and the DNS, here.