Quantum computer security cracked

Even best online banking security today is vulnerable to quantum computing attacks
Even best online banking security today is vulnerable to quantum computing attacks

Researchers at Eindhoven University of Technology have managed to crack an encryption system for internet traffic in the age of the quantum computer, before the super-powerful machines even exist.

Professor Tanja Lange used a large number of linked computers to break the McEliece cryptosystem, which many hoped would prove strong enough to secure online communications and transactions for years to come.

The McEliece encryption system is over 30 years old but had been touted as a possible defence against future quantum computers, whose immense number-crunching powers make them well-suited to cracking even the most sophisticated encrypted content.

Cluster crack

However, Professor Lange's team wrote software that decrypted a McEliece ciphertext in just one week, using a cluster of 200 computers.

The software was run recently on several dozen computers in Eindhoven, Amsterdam, France, Ireland, Taiwan and the United States. A lucky computer in Ireland found the ciphertext.

The researchers said that the McEliece cryptosystem can be scaled to larger key sizes to avoid their attacks and remains a leading candidate for post-quantum cryptography.

At present, banks use the RSA code from 1977 for securing electronic transactions. A single modern PC needs only three weeks to break the parameters from the original paper, yet a quantum computer would have no problems cracking even the improved current version, in a much shorter time.

Mark Harris is Senior Research Director at Gartner.