Traditional encryption has been described as taking data as input (called plaintext) and transforming the plaintext into an output (called ciphertext) which is now protected. This is done through an algorithm, such as the AES. AES encryption requires a ‘secret’ or ‘key’ to unlock or decrypt the ciphertext back into its plaintext format. This security algorithm was first published in 2001 and has been the standard for global data security since.
AES encryption has a major shortcoming. Its developer, Joan Daemen and Vincent Rijmen , have provided no mathematical proofs that can demonstrate that AES encryption is secure. The only claim they have made is that it would take the most powerful classical computer more than a 1000+ years to brute force attack the AES algorithm. This mistakenly assumed that computers would not advance in processing power nor would the algorithms like Shor’s algorithm be developed. These two events have accelerated the ability to brute force factor the AES encryption keys and breaking the algorithm.
As we look at the cybersecurity space today, nation states, like China, Russia, and the United States, have spent billions of dollars developing computational infrastructure and algorithmic capabilities that can break AES encryption. It’s well known that the largest nation states have ongoing offensive information gathering programs.
As we look to the future of technology, new computational capabilities have emerged such as exascale computing and quantum computing. These large computing platforms are capable of unrivaled data processing. Today, an exascale computer can do 1000 petaflops of processing. That’s 1000 quadrillion calculations per second. That may sound fast, but the fastest known quantum computer from China called the Zuchongchi 2.1 now capable of 66 qubits. This astonishing processing power is 10 million times the speed of the world’s fastest supercomputer.
We need to worry about these new developments in computational power, but new software programs are operating with this new computation power. These programs find patterns in the AES random number generator and then decrypt the keys. This is not a brute force attack on one key, but it is an attack that will disarm AES encryption. When you combine the processing power of these computers with new software programs, encryption cannot protect data no matter where it is stored. Therefore, there is an immediate risk to all our encrypted systems and why the Internet, our data and our encrypted systems are at risk.
Where will these threats emerge? China will be the first nation state to use this technology against the United States. Today, China is leading the quantum revolution. They have twice as many patents as the United States and are investing over $10 billion on the country’s National Laboratory for Quantum Information Sciences and developing the largest quantum computer in the world. These advancements give China significant capabilities and pose an immediate threat to our country and global allies.