Cracking online security in a
post-quantum world
Reimagining the role of cryptography
The hidden role of Cryptography
Virtually all aspects of our daily lives are now conducted at least partly online. That includes our work lives, social lives, shopping, finance and even health – with things like fitness trackers and e-consultations.
We’re increasingly wary of fraudsters phishing for our details, often pretending to be who they are not. We often place a great deal of trust and faith in legitimate organisations and you've probably bought something online recently without a second thought.
That’s all down to an unsung hero called cryptography.
An emerging threat
When we send private and sensitive information over the internet, such as passwords, credit card numbers, and personal correspondence it is encrypted so that eavesdroppers and hackers are unable to snoop in.
The main cryptographic protocol used today is called Transport Layer Security (TLS). As long as we’re vigilant it works well at keeping us safe online.
But there is a new technology on the horizon that will make it so easy to crack all our current cryptographic protocols, it will basically render them useless.
That technology is quantum computers.
We need to prepare now
Quantum computers work in a completely different way to regular computers. They take advantage of some of the special properties and behaviour of subatomic particles. They can solve problems that no existing computer could solve, even if you ran them for thousands of years. One of the problems quantum computers will be good at is cracking internet encryption protocols.
We don’t know when the first fully functional quantum computers will be ready. It could be in the next five years or as far off as thirty years. We also don’t know who will own and operate them. But we have to prepare now.
That means developing what we call post-quantum cryptography.
Cryptography explained
Let’s uncover how cryptography works based on something called secure key exchange.
Imagine you (person A) and a friend (person B) want to be able to send each other messages in a metaphorical locked box over an insecure channel. You’ll both need copies of the same key.
Since it’s often not practical to exchange keys in person with everyone you want to send messages to, you also need a way of agreeing on a shared secret key, with nobody else besides you and your friend being able to figure out what that key is.
The key can be anything, so long as it’s the same for all the parties involved. Using the protocols we have at the moment, the key is encoded as a ‘bit string’ of noughts and ones.
How secure key exchange works
How secure key exchange works
Illustration of bit string
Illustration of bit string
The impact of quantum computers
If a third party (Person C) wants to intercept the message shared between Person A and B, they can gain access to their public keys and use these to try and crack the encryption and reveal the private keys.
Using a traditional computer, a "bit string" encryption requires trying many different combinations of 1s and 0s, which could take an unfeasible length of time.
However, quantum computers use Qubits, which exist like a spinning coin, neither 1 nor 0.
This allows them to bypass encryption very easily. Third parties can then access one of the private keys, open the folder and access the information.
Classical versus quantum computers
Classical versus quantum computers
Illustration of Qubits
Illustration of Qubits
Exploring solutions
We're now looking at a new way of generating this "bit string" key. Many of the protocols we use at the moment use something from the field of geometry called an elliptic curve. These have many special properties and have attracted thinkers and mathematicians for centuries.
However, we can use things called "isogenies" to link huge numbers of elliptic curves together - typically more than there are atoms in the universe - to build special graphs called isogeny graphs .
Each point on these graphs represents one of these curves. The math behind it is tricky, but here's the basic idea.
It would take thousands of years for a computer to find a path between two points on this graph by trying lots of possibilities, but there's still enough order to use it to make a secret key for sending messages securely.
Introducing isogenies
Introducing isogenies
Illustration of isogeny graph
Illustration of isogeny graph
There's still work to do...
There are different approaches to post-quantum algorithms – some are very secure but unwieldy to implement, others are slightly weaker but more streamlined.
In 2016, the US National Institute of Standards and Technology – NIST - launched a competition for encryption algorithms which reopened again in 2023. Their goal is to standardise a wide variety of algorithms to decrease the chance that all the standards get broken.
There’s still a lot of work to do and no doubt we’ll have to constantly keep working on new encryption algorithms once quantum computers go mainstream. But there’s more recognition among scientists, tech firms and policymakers about the need for post-quantum cryptography.
Hopefully we can carry on safely enjoying all the benefits and conveniences that the digital world provides, for many decades to come.
Meet the researcher
Dr. Chloe Martindale, a Lecturer at the University of Bristol's School of Computer Science, specialises in Cryptography.
Her research focuses on developing algorithms for secure communication on basic devices, resistant even to powerful quantum computers.
She is part of the University's Cryptography research group, which together spans post-quantum cryptography, machine-checked cryptography, and hardware/software security.
Explore publications relating to Cryptography and Information Security here.
Dr Chloe Martindale
Dr Chloe Martindale
Feeling inspired?
Ready to advance in online security or dive into the quantum industry?
Take your next step by exploring our range of postgraduate opportunities.
Computer Science opportunities
MSc Computer Science (Conversion)
Designed for a range of backgrounds, learn core computer science principles, industrial software methods whilst gaining insights into future technologies.
MSc Cyber Security (Infrastructures Security)
Learn to apply foundational cyber security techniques to infrastructure and develop the skills to engineer scalable safety solutions.
Cyber Security Centre for Doctoral Training
Engage in a 4-year interdisciplinary PhD programme at the Universities of Bristol and Bath. Learn from research leads from a range of disciplines.
Quantum opportunities
MSc Optoelectronic and Quantum Technologies
Gain the knowledge to design and utilise next-gen integrated systems, sub-systems and systems, combining optics, electronics, and quantum engineering.
Quantum Engineering Centre for Doctoral Training
Experience an exceptional training and development opportunity to support your career in the quantum technologies whether that's in industry or in academia.
Built with Shorthand