Why super-fast quantum computers could spell big trouble for the internet

When Google announced in the summer that it would add an update to its Chrome browser, it sounded like many of its other incrediblly technical and specific changes.

"Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," it wrote in a blog post. "This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection."

Needless to say, this was not meant for your lay user. It was a high-level change, communicated in deeply technological language that betrays the complexity of the systems that underpin it. But while the change might be specialised, its ramifications could be vast: it is an attempt to address a problem that, if not fixed, could potentially undermine the security of the entire internet.

The update was part of the world's years-long and highly important attempt to move towards "quantum-resistant cryptography". Without it, the coming future of quantum computers and the vast processing power they represent could undermine the internet as it works today.

Cryptography is at the very heart of the way the internet works – ensuring information is only seen by those intended to see it and checking that websites really are what they say they are. It does so by hiding information behind puzzles that are functionally impossible to solve without the right keys, and those keys are only held by the people sending and receiving messages.

Hard puzzles get easier as computers become better, however. Even before the advent of quantum computing, security researchers had to make those algorithms stronger to ensure that they could resist increasingly sophisticated attacks from more powerful adversaries.

Quantum computing – a long-promised technology that uses quantum mechanics to make computers vastly more powerful than the classical systems we have today – will make that problem significantly more difficult, however. Much of today's encryption relies on what mathematicians call "hard" problems, which can't be solved efficiently. Quantum computers could make those problems much less hard, and so mean that breaking encryption is relatively easy.

In response, security experts have spent recent years developing ways of moving to "post-quantum cryptography", or PQC. It has been ongoing for more than a decade, and has required substantial work from governments, companies and security researchers. Much of that work involves building new cryptography systems that will resist attack from quantum computers – those which rely on hard mathematical problems that will stay hard even on new technology – and then stress testing them to ensure they are secure.

Recently, those efforts have started arriving in the real world, as in Google's recent update. And the work has increased, with Joe Biden last year signing the "Quantum Computing Cybersecurity Preparedness Act" that requires US government agencies to work towards systems that can resist the new technology. But the work to move to PQC could take decades or more, and experts urge that it needs to happen now.

One of the most helpful things about quantum computing is that it doesn't yet exist: there is plenty of time to plan. But also one of the most worrying things about quantum computing is that it doesn't yet exist; we don't know when it will actually happen, or what capabilities might be possible when it does.

"The question of when a large-scale quantum computer will be built is a complicated one," the US National Institute of Standards and Technology says. "While in the past it was less clear that large quantum computers are a physical possibility, many scientists now believe it to be merely a significant engineering challenge.

"Some engineers even predict that within the next twenty or so years sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.

"Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing."

One of the big reasons that governments in particular are concerned about hurrying their adoption of PQC is "store now, decrypt later" attacks. Nation states are constantly stealing information from each other, but for now much of it is useless: unbreakable puzzles hiding important secrets. But in the future those puzzles might be trivial to solve, and the data will become useful again. Today's data must be capable of resisting tomorrow's attacks.

New security technologies do not only represent an opportunity to make data safe. They also might offer a way for loopholes and security issues to be introduced, too. This week, Daniel Bernstein from the University of Illinois Chicago, the cryptography expert who coined the phrase PQC, alleged that the new generation of security algorithms were being intentionally weakened by the US National Security Agency. He also said that NIST's calculations about how secure the standards are were flawed, in an interview with the New Scientist.

That is one reason that many involved in the project to move to PQC have urged that it is done as openly and transparently as possible. "The work of developing new cryptosystems that are quantum-resistant must be done openly, in full view of cryptographers, organisations, the public, and governments around the world, to ensure that the new standards emerging have been well vetted by the community, and to ensure that there is international support," says Microsoft.

But even as it happens openly, it will most likely develop quietly; it mirrors the recent move away from passwords to biometric passkeys, which has been introduced into iPhones and other technology with their users having to do very little. Google's introduction of its new post-quantum cryptographic algorithm arrived in a version of Chrome earlier this year, in an automatic update that might be installed in the very browser you are using to read this article.

The threat of new technology undermining security has sometimes been referred to as a "quantum apocalypse". But security experts will hope that this is the way to avoid the world ending – not with a bang but with a whimper, or a software update.