The expectation is that quantum computers will be built some time after 2025. Such computers make use of quantum-mechanical properties and can therefore solve some particular problems much faster than our current computers. This will be useful for calculating models for weather forecasts or developing new medicine. However, these operations also affect protection of data using RSA and ECC. With today's technologies these systems will not be broken in a hundred years but a quantum computer will break these within days if not hours.
Without protection a lot of sensitive information will be out in the open, even data from years back. "An attacker can record our secure communication today and break it with a quantum computer years later. All of today's secrets will be lost", warned Tanja Lange, professor of Cryptology at Eindhoven University of Technology. This concerns private data, bank and health records, but also state secrets. Tanja Lange saw the importance of alternative systems already back in 2006 and is busy with creating awareness and developing new systems. "Fairly recently we're seeing an uptake of post-quantum cryptography in the security agencies, e.g., the NSA, and companies start demanding solutions."
Tanja Lange leads the research consortium PQCRYPTO consisting of eleven universities and companies. PQCRYPTO started in 2015 with 3.9 million euro funding from the European Commission to develop new cryptographic techniques. "This might seem like a lot of money, but is a factor of 100 less than what goes into building quantum computers", stated Tanja Lange. She cautioned that it is important to strengthen research in cryptography. "Bringing cryptographic techniques to the end user takes often another 15 to 20 years, after development and standardization."
In theirNaturepublication Tanja Lange and Daniel J. Bernstein explain that a certain quantum algorithm, namely Shor's algorithm, breaks all cryptographic techniques that are currently used to establish secure connections on the Internet. Candidates for post-quantum cryptography can roughly be categorized into two types: they are either very well understood and confidence-inspiring but require a lot of bandwidth or they are more convenient to use but provide more questionable security.
The publication appears in an issue of Nature with special attention to topics related to quantum computers: from different candidates of elementary building blocks of quantum computers till, e.g., the development of new algorithms. The journal invited Tanja Lange to write the article on post-quantum cryptography.