A Swiss Company Says It Found Weakness That Imperils Encryption
Security experts have long worried that advances in quantum computing could eventually make it easier to break encryption that protects the privacy of people’s data. That’s because these sophisticated machines can perform calculations at speeds impossible for conventional computers, potentially enabling them to crack codes previously thought indecipherable.
Now, a Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption. The company believes it’s found a security weakness that could jeopardize the confidentiality of the world’s internet data, banking transactions and emails.
Terra Quantum AG said its discovery “upends the current understanding of what constitutes unbreakable” encryption and could have major implications for the world’s leading technology companies, such as Alphabet Inc.’s Google, Microsoft Corp., and International Business Machines Corp.
But some other security experts said they aren’t nearly ready to declare a major breakthrough, at least not until the company publishes the full details of its research. “If true, this would be a huge result,” said Brent Waters, a computer science professor who specializes in cryptography at the University of Texas at Austin. “It seems somewhat unlikely on the face of it. However, it is pretty hard for experts to weigh in on something without it being published.”
IBM spokesman Christopher Sciacca said his company has known the risks for 20 years and is working on its own solutions to address the issue of post-quantum security. “This is why the National Institute of Science & Technology (NIST) has been hosting a challenge to develop a new quantum safe crypto standard,” he said in an email. “IBM has several proposals for this new standard in the final round, which is expected in a few years.”
Brian LaMacchia, distinguished engineer at Microsoft, said company cryptographers are collaborating with the global cryptographic community to prepare customers and data centers for a quantum future. “Preparing for security in a post-quantum world is important not only to protect and secure data in the future but also to ensure that future quantum computers are not a threat to the long-term security of today’s information.”
Google didn’t reply to a message seeking comment.
Terra Quantum AG has a team of about 80 quantum physicists, cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and the U.S. “What currently is viewed as being post-quantum secure is not post-quantum secure,” said Markus Pflitsch, chief executive officer and founder of Terra Quantum, in an interview. “We can show and have proven that it isn’t secure and is hackable.”
Pflitsch founded the company in 2019. He’s a former finance executive who began his career as a research scientist at CERN, the European Organization for Nuclear Research. Terra Quantum’s research is led by two chief technology officers – Gordey Lesovik, head of the Laboratory of Quantum Information Technology at the Moscow Institute of Physics and Technology, and Valerii Vinokur, a Chicago-based physicist who in 2020 won the Fritz London Memorial Prize for his work in condensed matter and theoretical physics.
The company said that its research found vulnerabilities that affect symmetric encryption ciphers, including the Advanced Encryption Standard, or AES, which is widely used to secure data transmitted over the internet and to encrypt files. Using a method known as quantum annealing, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum computers that could be available in a few years from now.
Vinokur said in an interview that Terra Quantum’s team made the discovery after figuring out how to invert what’s called a “hash function,” a mathematical algorithm that converts a message or portion of data into a numerical value. The research will show that “what was once believed unbreakable doesn’t exist anymore,” Vinokur said, adding that the finding “means a thousand other ways can be found soon.”
The company, which is backed by the Zurich-based venture capital firm Lakestar LP, has developed a new encryption protocol that it says can’t be broken by quantum computers. Vinokur said the new protocol utilizes a method known as quantum key distribution.
Terra Quantum is currently pursuing a patent for the new protocol. But the company will make it available for free, according to Pflitsch. “We will open up access to our protocol to make sure we have a safe and secure environment,” said Pflitsch. “We feel obliged to share it with the world and the quantum community.”
The U.S. government, like China, has made research in quantum computing research an economic and national security priority, saying that the world is on the cusp of what it calls a new “quantum revolution.” In addition, technology companies including Google, Microsoft, and IBM have made large investments in quantum computing in recent years.