Those working on site The conference room Us working on our tasks Example on something I worked on

Quantum computers and security implications

Gradually we’re seeing Quantum computing become something concrete. In some years, Quantum computers will probably be available for sale to businesses or even for personal use. Fundamentally, bits in modern computers are a voltage signal of either null (0) or something else (1). Based on sequences of bits, instructions are formed to dictate a CPU what to do. The difference between bits and qubits (how the ‘bits’ in Quantum computers are called) is that a qubit can unlike regular bits be both a 0 and 1 at a time.

On the Internet, data is sent along cables from computers to computers. A lot of the data that travels needs to be encrypted so that third party users cannot access the data and thus decipher the original message. Encryption basically involves using a random algorithm to turn data into something meaningless. When this data is received at the other end, the original algorithm is used. Public and private keys which both the sender and receiver have are used coupled with the algorithm to encrypt and decrypt data.

Data is encrypted using a defined number of bits; the more bits is used for encryption, the harder it is to decrypt the data by a third party unauthorised entity. To decrypt the data, an authorised key is needed along with the proper algorithm. As the authorised key is private only to the sender or receiver, if one needed to decrypt the data without having a valid key, one could be made by trial and error. Of course, there are less possibilities if less bits are used for the encryption.

Modern computers could take months or years to decrypt data. Quantum computers could perform the same operation but faster; in hours or days. Now one could think that protection against this could be set up when Quantum computers will be around but what if businesses or individuals were already collecting and storing encrypted data? That’s why it’s important to start working on implementing these precautions right now.

SSH-XMSS

One of the most important protocols on the Internet is SSH. Basically on the Internet, SSH uses cryptographic methods to authenticate remote computers (servers) and using public-private key pairs, encrypts the connection. Each encryption algorithm that can be used has an ID which is agreed upon by everybody. These range from 1 to 5 in the following order ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519 and ssh-xmss, the latter being the one that has post quantum (PQ) algorithms.

The majority of the tasks that the cyberstorm.mu organisation did was to implement these PQ algorithms, more specifically SSH-XMSS in some projects hosted on GitHub. We planned tasks on Trello and many of us, did multiple ones. I personally didn’t work on the original SSH-XMSS algorithm since it is really complex at the moment.

I worked on these: