With all the talk about AI slurping computing and energy resources — plus all the interesting times lived in the Middle East and Ukraine — there's a serious world issue that's flying under the radar. Quantum computers might be breaking most — or all — current cryptography in an estimated three years, and not nearly enough is being done. Filippo Valsorda, the current maintainer of the cryptography library in the Go language and former lead of the Go Security team at Google, is adding his voice to the choir of alerts.
Valsorda's exposé builds on other contemporary reports about the situation, including a days-old report in which Google's engineers point out that all cryptocurrency will suffer a quick explosion. For months, the Go developer was readying a post about deploying post-quantum (PQ, or quantum-computer-proof) cryptographic key exchanges at a relatively leisurely pace to give the software and hardware system time to adapt.
However, in his own words: "that other article is now wrong [...] we don't have the time if we need to be finished by 2029 instead of 2035." Valsorda goes on to state that "it makes no more sense to deploy new schemes that are not post-quantum", while simultaneously acknowledging that adding PQ to extant infrastructure is hard and frustrating, particularly as the move to the currently used ECC (Elliptic Curve Cryptography) itself took long enough.
Valsorda states the computing world must be ready for a fast "hard cut," rather than relying on extended-schedule transitional solutions. The engineer doesn't mince words, saying that "any non-PQ key exchange should now be considered a potential active compromise," and adding that "hybrid classic+post-quantum authentication makes no sense [...] and will only slow us down."
These hybrid "band-aids" are suggested as stopgaps due to the fact that PQ key exchanges take up a ton more space than conventional ECC methods. One such example is your bog-standard secure website connection using a digital certificate (X.509 format), whose key exchange requires only some tens of bytes for transmitting signatures with ECC.
When switching to PQ, that figure easily grows to multiple kilobytes, increasing bandwidth, and, perhaps most importantly, latency — particularly when accessing a certificate chain containing multiple signatures. There are workarounds for this, such as Merkle Tree Certificates, but those will take a while to implement worldwide.
Although X.509 certificates are a worst-case scenario, the problem extends to just about any area of computing you can think of: secure shell connections (OpenSSH already alerts users if they're not using PQ key exchange), code signing, secure DNS, email signatures, and the blockchain. Many IoT devices, for example, tend to run with very limited memory and storage, so they might not be able to even use PQ effectively at all.
Valsorda calls out some particularly troublesome examples. Intel's SGX and AMD SEV-SNP trusted execution environments will be fully broken, and encrypted files are a prime target, as data using today's encryption methods will potentially be easily broken tomorrow. You can read the entire article here for all the technical details.
