By Dr John Sydenham.
Intelligence Agencies have a real problem with the Internet because the secure, "https" protocol for transmitting data cannot be easily cracked. This means that messages between computers are secure and the Agencies must rely on examining storage media such as disks and memory sticks or infect devices with viruses to spy on communications. However, governments are investing billions of dollars to overcome these problems so that they can spy freely.
Current Internet Security relies on the difficulty of finding the prime numbers that were multiplied together to create another number (finding "roots"). Solving this problem for very large numbers using ordinary digital computers or supercomputers is not practical because it might take trillions of years. Quantum computers can greatly reduce the amount of time required, the latest estimate is that a 20 million "qubit" quantum computer could decipher a message encoded by the https protocol in 8 hours.
Companies such as IBM are promising that one million qubit quantum computers will be available by 2030. China is investing billions of dollars in quantum computing and has created a dedicated research and development centre at the University of Science and Technology of China (USTC) in Hefei. China may have a million qubit machine before 2030. At some time between 2025 and 2035 it is possible that the HTTPS protocol will be broken.
Security agencies are currently storing huge quantities of communications in preparation for this breaking of the HTTPS protocol because historical information about how adversaries think is very useful and human contacts will still be operating in 10 years time when the messages can be read.
Banking and Cryptocurrencies, such as Bitcoin and Ethereum, will have serious problems once existing Internet security is breached. The answer to these problems is for the banking, cryptocurrencies etc. to move to other forms of security but such a move is technically difficult, may take several years and will be expensive.
The problem is compounded by smartphones which use radio signals that can be easily intercepted and by the free availability of Internet data within a given Internet node.
The use of smartphones for banking transactions derails the Bank's use of "call back verification" where the Bank sends the user's phone a verification code which is then entered in the personal banking application on the same phone. A well equipped thief sitting next to a millionaire as they check their bank account on the phone might be able to steal all the information needed for a robbery by monitoring the signals sent and received between the client and bank and cloning the user's smartphone.
Internet data is not just available through radio signals. Few people realise that most local Internet traffic is freely available to anyone with an Internet connection and this provides an open door for theft. Thieves could set up an office next to a wealthy user and intercept all of their outgoing and incoming Internet traffic with the minimum of equipment (such as Wireshark). This flaw in Internet security has been recognised for decades but nothing has been done because Internet security protocols (https) were imagined to be unbreakable.
Bank card readers also use standard security techniques and are vulnerable, especially since most are now connected via wi-fi.
Current Cryptocurrency wallets that hold Bitcoins etc. are vulnerable to attack because they exchange security data using ordinary Internet security during purchases. However, these wallets are now beginning to use unique keys for each transaction which puts a further barrier in the way of the thief. Quantum computing presents other, more serious challenges for cryptocurrencies. This summary by Deloitte consultants gives the extent of the problem:
"Quantum computers are posing a serious challenge to the security of
the Bitcoin blockchain. Presently, about 25% of the Bitcoins in
circulation are vulnerable to a quantum attack. If you have Bitcoins in
a vulnerable address and believe that progress in quantum computing is
more advanced than publicly known, then you should probably transfer
your coins to a new p2pkh address (don’t forget to make a secure backup
of your private key).
In case your own Bitcoins are safe in a new p2pkh address, you might still be impacted if many people will not (or cannot) take the same protection measures. In a situation where a large number of Bitcoins is stolen, the price will most likely crash and the confidence in the technology will be lost.
Even if everyone takes the same protection measures, quantum computers might eventually become so fast that they will undermine the Bitcoin transaction process. In this case the security of the Bitcoin blockchain will be fundamentally broken. The only solution in this case is to transition to a new type of cryptography called ‘post-quantum cryptography’, which is considered to be inherently resistant to quantum attacks."
Quantum computers will cause a banking crisis provided their cost falls rapidly and banks, traders etc. fail to take countermeasures in time. The most likely outcome is that as quantum computers look more and more likely to present a risk the banks will change their security so that attacks are not possible.
In practice there will be a short window of opportunity at some time between 2025 and 2035 for State sponsored attacks on the banking system and cryptocurrencies. These attacks would need to be State sponsored because the first quantum computers will be very expensive. Such an attack would only be effective for a few days but would cause huge damage to economies as vulnerable systems are taken offline. The real damage would be to undermine confidence in online financial transactions for decades and possibly cause permanent damage to the credibility of cryptocurrencies. In reality only China would be interested in creating such havoc, perhaps as a forerunner to enforcing its claim to the whole South China sea from the borders of Indonesia to Taiwan.
My advice to investors in Bitcoin etc. is to see it as a short term investment. In the long term there is a real chance of losing everything although, if you are a gambler, there is also a probably equal chance of the currencies surviving.
Given that the biggest threat is from aggressive States the best countermeasure that the UK can take is to ensure that it has a National Firewall to protect its Internet from foreign attacks. This Firewall should be able to stop foreign Internet traffic at the flick of a switch. Several countries are implementing such Firewalls and the failure of the UK to do so is negligence.
Share on Twitter: Tweet