We highlight “quantum resistance” as a key feature of Cyph. This naturally leads to a frequently asked question of what that really means, and whether it’s a real feature or just vague technobabble crafted by our marketing department.
To cut to the chase: yes, this is a real and increasingly important feature, and it is something that is presently unique to Cyph.
“Quantum computer” may sound like a sci-fi term, and is the subject of many common misconceptions, ranging from being an extremely fast computer to having the capability of “checking every possible answer to a problem at once”. In fact, quantum computing is a very real technology that exists today, with billions of dollars being invested into its advancement globally.
A quantum computer is a type of CPU that is a generalization of a classical CPU, meaning that it can do all the same things as a regular chip produced by Intel, but also has the ability to perform a few additional operations. It’s these additional operations that are interesting — while running the same programs on any foreseeable quantum CPU will be extremely inefficient compared to a modern silicon CPU, these additional operations will make quantum CPUs immensely valuable as supplementary chips along the lines of GPUs.
One of the many applications of these new quantum operations is Shor’s algorithm, which is a theoretical method of efficiently factoring prime numbers, in a drastically smaller amount of time than can be done using any known classical algorithm. As it turns out, solving this problem breaks all commonly used asymmetric encryption and signing schemes. With the capability to attack cryptography using a quantum computer, you could:
- Take anyone’s PGP public key, compute their private key, and read all of their encrypted emails
- Steal anyone’s Bitcoin
- Forge anyone’s digital signature to falsely attribute any statement to them
- Read any HTTPS-encrypted traffic, or impersonate any website
Fortunately, we likely have at least a few decades before a quantum computer will be developed that has a sufficiently large number of qubits to attack current widely deployed cryptographic primitives and key sizes. That being said, it’s a near-certainty that R&D being done in secret is much further along than the public is aware of, and the moment the tech gets there, all data being encrypted using these primitives today will be immediately compromised. For this reason, the National Security Agency and others have repeatedly advised the industry to begin thinking about migrating to next-generation solutions asap.
As detailed in our overview of our Castle encryption protocol, Cyph mitigates this right now using quantum-resistant cyphers and signing. These primitives work in completely different ways from conventional ones like RSA. They have traditionally received less interest from cryptographers and engineers due to various tradeoffs, particularly being less computationally efficient and having much larger key sizes. That said, they aren’t unreasonably slow when using modern computers and Internet connections, and research into them has significantly increased over the past couple decades as ongoing cryptanalysis has failed to uncover viable theoretical quantum attacks against them.
In other words, their security benefit is not necessarily a proven invulnerability to quantum computing, but rather a lack of evidence for their vulnerability. These are combined with more mainstream cryptography to ensure that a vulnerability in one of them wouldn’t reduce the security of Cyph to below that of conventional solutions.
We’re careful not to use such strong language as “quantum-proof”, as we can’t make any guarantees about what the future will hold, but Cyph’s implementation represents our best shot at defending ourselves from this threat right now.