The quantum threat to your encryption is coming – act now or say goodbye to your data
Last December, Google introduced its latest quantum chip, Willow. This announcement might have slipped under the radar for many. But Willow made waves in two big ways. First, Google revealed that with this chip, they were able to scale up the number of qubits — the building blocks of any quantum computer — while also halving the error rate. Since high error rates and the challenge of scaling up qubits have been major hurdles to making quantum computers practical, this is a huge leap forward.
The second big win? Google proved quantum computers’s “supremacy.” “Quantum supremacy” means that Willow did something a classical computer couldn’t: It solved a complex math problem in under five minutes. To put it in perspective, it would have taken one of today’s fastest supercomputers a mind-blowing 10 septillion years — or, as Google helpfully put it, 10,000,000,000,000,000,000,000,000 years (that's 24 zeroes). However, there’s a catch: the problem Willow solved wasn’t a real-world issue, but one contrived specifically to demonstrate the power of quantum computing.
And just a few days ago, Microsoft announced another breakthrough — it had unveiled its own new quantum chip, Majorana 1. According to Microsoft, this chip offers “a clear path to fit a million qubits on a single chip,” paving the way for quantum computers capable of solving “meaningful, industrial-scale problems.” The timeline? It expects it to happen already “in years, not decades.”
This sounds fascinating and like music to tech enthusiasts’ ears, and for a good reason. All these advances in quantum computing have practical applications that could change the world. Beyond expected breakthroughs in drug discovery, materials science, financial modeling, optimization problems, and weather forecasting, quantum computing is expected to lead to advancements in quantum cryptography. However, this will come with a hidden cost.
The quantum countdown: how new computers will challenge our defenses
While the advances in quantum computing open up exciting possibilities for many fields, they also pose a significant threat to our current systems of encryption. As quantum computers develop, they would be able to easily break existing encryption methods, rendering our current data protection mechanisms obsolete. The thing is encryption relies on complex math problems that are tough for regular computers to solve. However, a powerful quantum computer could quickly work through all possible solutions to these problems and arrive at a solution in days instead of millennia. This is because of how a qubit is structured. Unlike a classical bit, which can only represent one value at a time (either 0 or 1), a qubit is a superposition of multiple possible states, including 0, 1, or any combination of both. This ability allows quantum computers to process and evaluate numerous potential solutions simultaneously, giving them a massive advantage over classical computers in solving complex problems.
A prime example of this is Shor’s algorithm — a quantum algorithm capable of factoring large numbers much faster than any classical method. One of the most vulnerable parts of current encryption systems is the generation of public keys using elliptic curve cryptography. Quantum computers are especially good at applying Shor’s algorithm to solve the discrete logarithm problem, which is the foundation of elliptic curve-based encryption. This allows quantum computers to calculate the original parameters of the curve in a fraction of the time it would take classical computers.
As for when quantum computers become mainstream, experts agree that it’s likely not until the 2030s. According to the US National Institute of Standards and Technology (NIST), by 2029, quantum computers could potentially break current 128-bit AES encryption — which is most popular type of encryption nowadays. Researchers also estimate that it would take 317,000,000 (three hundred seventeen million) physical qubits to break the 256-bit elliptic curve encryption, a stronger encryption technique than 128 AES, which is also widely used. Given that the most powerful quantum computer currently has only 1,180 usable qubits, achieved by Atom Computing in 2023, there is still a long way to go.
The threat is more immediate than it might seem
While the threat of quantum computers breaking encryption might seem distant, in fact it’s far more urgent that it might appear. Even if a bad actor can’t crack encryption today, they could still capture and store encrypted data with the expectation that future quantum computers will eventually be able to break it.
This type of delayed execution attack is known as ‘harvest now, decrypt later.’ So, in fact malicious actors could be collecting encrypted communications already now with the hopes to decrypt them once quantum computers become powerful enough to do so.
Cybersecurity experts have been aware of this potential threat for some time. Their solution is to implement quantum-resistant algorithms that are much harder for quantum computers to crack. One such algorithm is LM-KEM. It was selected by the US government’s National Institute Of Standards and Technology (NIST) in 2023. The standard is based on the CRYSTALS-Kyber algorithm, which was later renamed ML-KEM, standing for “Module-Lattice-Based Key-Encapsulation Mechanism.” NIST envisions ML-KEM as a secure mechanism against quantum computer attacks. KEM itself is defined as a set of algorithms that can be used by two parties to establish a shared secret key over a public channel. That shared secret key can then be used with symmetric-key cryptographic algorithms to perform basic tasks in secure communications, such as encryption and authentication.
Adoption of quantum computer-proof algorithms: Chrome and others
So, if the solution is there, what is left for developers is to implement it in their products. This is crucial for the security of Internet communication, because if such algorithms are not supported by those handling the critical internet infrastructure, all the efforts put into their development are in vain.
In August 2023, Google began rolling out support for a quantum-resistant cryptography mechanism in Chrome, called X25519Kyber768. It combines two powerful algorithms — a post quantum one and a classic one — to create secure session keys for TLS connections. The X25519 elliptic curve algorithm, widely used for key agreement, works alongside Kyber-768, a quantum-resistant Key Encapsulation Method (KEM) recognized by NIST. At the time, Google said that using X25519Kyber768 adds over a kilobyte of extra data to the TLS ClientHello message (which typically ranges from 200 to 500 bytes), which is part of the initial handshake between your browser and the server when setting up a secure connection. This message helps the server and browser agree on encryption methods and other details for a safe data exchange. Microsoft Edge, being Chrome based, also supports post-quantum cryptography. Mozilla also added support for the feature, but you’ll need to enable it manually in Firefox.
Other major providers that support quantum-resistant cryptography include Microsoft, Amazon Web Services (AWS), Cisco, VMWare, Samsung, and Cloudflare. In 2022, NIST selected 12 companies to guide the effort to transition to quantum-resistant cryptography, inclding those mentioned above.
AdGuard VPN now supports post-quantum cryptography
In line with the growing adoption of quantum-resistant cryptography, AdGuard VPN has also integrated the hybrid X25519MLKEM768 method for generating secure session keys. This method combines the classic X25519 algorithm with the post-quantum Kyber768-based ML-KEM768. The two parts of the key are combined to create a 64-byte shared key. This design ensures that if any vulnerabilities are found in the post-quantum ML-KEM algorithm in the future, the reliable X25519 algorithm will provide an extra layer of protection. In other words, AdGuard VPN uses this hybrid encryption method whenever the server supports it, and if not, it defaults to the standard X25519 algorithm. In essence, what we do is very similar to what is implemented in Google Chrome.
To enable post-quantum cryptography support, users need to activate this feature through the settings menu. The feature is available for AdGuard desktop apps and AdGuard for iOS and will soon appear on AdGuard VPN for Android.
In adopting this hybrid post-quantum cryptography method, AdGuard VPN is taking proactive steps to safeguard our users against the emerging threats posed by quantum computing, especially “harvest now, decrypt later” attacks. By integrating quantum-resistant encryption today, we ensure that our users’ data remains secure even as quantum computers evolve in the coming years. We believe this is a vital investment in the future of cybersecurity, and we are committed to staying ahead of potential risks to continue providing the highest level of protection for our VPN users.
