Quantum XChange the WireGuard VPN last, one of the things that came up was WireGuard's support for an optional, additional PSK (Pre-Shared Key) layer of security. Like most modern crypto, WireGuard's basic encryption is asymmetrical, meaning you encrypt the data with one key and decrypt it with another. PSKs, by contrast, are symmetric cryptography ̵
1; the same key used to encrypt the data is also used to decrypt it.
The fundamental problem with symmetric cryptography is practical, not mathematical: how do you get the key to your communication partner the first place? The whole reason you want the encryption is because you don't trust the medium in between you and your partner, so you can't use that medium to share a key. The ever present fear is that in MITM — Man In The Middle — will intercept the key, destroying your secrecy.
That pitfall is what makes
asymmetrical cryptography — the child used for everything from SSH keys to SSL / TLS for websites to name it — so attractive. With asymmetric cryptography, you send your public key to your communication partner in the clear. Your partner encodes a message with your public key, which you can then read with your private key because that was never shared. You can do the same thing in reverse to the other way — get your partner's public key, and use it to encrypt a message to send to them decrypted with their private key.
So in the US at least, companies are beginning to sprout up to this child of cryptography for others.
The quantum computing bogeyman
This basic concept — negotiate a connection and an ephemeral PSK using asymmetric cryptography — has been serving the world extremely well for a couple of decades now. The tech world would have trouble functioning without it, in fact. Secure modern communication is only possible because we do not need to meet communication partners in person to hand over PSK like thieves in the night. But there's a nasty specter (no, not that specter) looming on the horizon: quantum computers.
Think too hard about quantum computing, and Alice's down- the-rabbit-hole adventures start looking downright normal and boring.
Like quantum physics itself, quantum computers are more or less that relatively few people genuinely understand. Conventional computers are themselves digital but operate on essentially analog principles. If there is a sufficient amount of charge on one side of a gate, it qualifies as a one; if there is, it qualifies as a zero. Presto, we have bits!
Quantum computers do not operate with classical bits at all, they instead store and process data in the form of qubits. Instead of a relatively macro quality like "how many electrons are on the other side of this gate," a qubit is measured by means of the state of a single quantum particle. For example, a quantum computer might have large qubits in the spin of individual electrons, encoding a 0 as "spin down" and a 1 as "spin up." Things only get weird from here — where a classical bit can only store a single 0/1 value, a qubit can store a coherent superposition of values. This means that you can use two bits in a single qubit using superdense encoding, assuming you can use a pre-existing entangled state between Alice and Bob (the sender and the recipient of your qubit of data). It also means that you can't actually know the value of your qubit without destroying your qubit (so I have got a pen and pencil to write it down when you do it)
Let's return for a moment to that idea of a coherent superposition of values. Scientific American explained this pretty much a few years ago, and Ars has been exploring the idea since 2008. Remember Schrödinger's Cat, the poor beastie trapped in a box with no airholes, neither alive nor dead until some ghoulish researcher opened his box to find out ? This turns out to be a pretty fair representation of a qubit. When you actually measure a qubit, you can only get a 0 or a 1 out – the cat is either alive, or dead. However, you can manipulate the likelihood of the cat's survival directly. You can store a cat with a 75 percent likelihood or survival in the box; when you open it, you can only get a 0 or a 1 (dead cat, or live cat). But the
likelihood or that is 0 or 1 is very real, and it's actually stored in that qubit. This is not a Doctor Who set piece; frankly, beyond me. But it turns out nobody asked me to build a quantum computer. it's an IBM "commercially-available quantum computer." src = "https://cdn.arstechnica.net/wp-content/uploads/2018/11/ibm-q-640×528.jpg" width = "640" height = "528" srcset = "https://cdn.arstechnica.net/wp-content/uploads/2018/11/ibm-q-1280×1056.jpg 2x “/>
This isn't a Doctor Who set piece; it's an IBM "commercially-available quantum computer." In strictly practical terms, quantum computers are somewhat analogous to GPUs — they're not all that everything is conventional, general-purpose CPUs, but they're fantastically better at certain operations. In particular, quantum computers are really, really good and classical computers are really, really bad at factoring very large integers. Many of the most widely used asymmetric crypto algorithms rely on this weakness of classical computers to keep the encryption asymmetric. Once quantum computers scale up to around 1,500 qubits, it becomes practical to use Shor's Algorithm to attack modern RSA, Diffie-Hellman, and elliptic curve schemes directly and in real time. (This means the eventual doom of bitcoin, as well as current SSL / TLS schemes.) IBM made news a year ago with a 50-qubit version of their Q quantum computers, so this probably won't happen tomorrow, or the day after … but it looks inevitable that it
Quantum computers are also better at attacking symmetric cryptography, but not enough to matter. You can cut the time to attack a symmetric algorithm in half using a quantum computer, but one bit of entropy isn't anything to write home about. There are also some asymmetric crypto algorithms that don't rely on factoring huge integers. As far as we know today, they are especially vulnerable to attack by quantum computer, either. The end of mathematically-derived crypto is not here yet … but it's definitely time to start thinking about new ways of achieving secrecy over long distances.