The $600 quantum computer that could spell the end for conventional encryption
Concerns that have been around for some time.
But now cybersecurity startup has built a password-hacking quantum computer to demonstrate that the dangers are very real.
Using easily available parts costing just $600, Active Cypher’s founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs recently open-sourced quantum algorithms capable of executing within a quantum emulator that can perform cryptographic cracking algorithms. Calculations that would have otherwise taken years on conventional computers are now performed in seconds on QUBY.
Gleason explains, "After years of foreseeing this danger and trying to warn the cybersecurity community that current cybersecurity protocols were not up to par, I decided to take a week and move my theory to prototype. I hope that QUBY can increase awareness of how the cyberthreats of quantum computing are not reserved to billion-dollar state-sponsored projects, but can be seen on much a smaller, localized scale."
The concern is that quantum computing will lead to the sunset of AES-256 (the current encryption standard), meaning all encrypted files could one day be decrypted. "The disruption that will come about from that will be on an unprecedented, global scale. It's going to be massive," says Gleason. Modelled after the SADM, a man-portable nuclear weapon deployed in the 1960s, QUBY was downsized so that it fits in a backpack and is therefore untraceable. Low-level 'neighborhood hackers' have already been using portable devices that can surreptitiously swipe credit card information from an unsuspecting passerby. Quantum compute emulating devices will open the door for significantly more cyberthreats.
In response to the threat, Active Cypher has developed advanced dynamic cyphering encryption that is built to be quantum resilient. Gleason explains that, "Our encryption is not based on solving a mathematical problem. It's based on a very large, random key which is used in creating the obfuscated cyphertext, without any key information within the cyphertext, and is thus impossible to be derived through prime factorization -- traditional brute force attempts which use the cyphertext to extract key information from patterns derived from the key material."
Active Cypher's completely random cyphertext cannot be deciphered using even large quantum computers since the only solution to cracking the key is to try every possible combination of the key, which will produce every known possible output of the text, without knowledge of which version might be the correct one. "In other words, you'll find a greater chance of finding a specific grain of sand in a desert than cracking this open," says Gleason.
Active Cypher showcased QUBY in early February at Ready -- an internal Microsoft conference held in Seattle. The prototype will also be presented at later this month.