There is quite a bit of momentum in the industry right now to prepare for the day when quantum computers have become powerful enough to break today’s authentication- and encryption algorithms. Here’s a video that explains the issue to a general audience. All of this got me thinking about what that means for my data, particularly the data I exchange with my self-hosted cloud services today. So here are some thoughts on the topic, to be revisited from time to time as the topic comes up again.
Will it Really Happen?
The first question of course is: Will there ever be quantum computers that can break today’s authentication and encryption? Nobody knows for sure, but there are billions spent to build such computers. Perhaps, such computers already exist in the vaults of ‘services’. Nobody knows. But there are many people that assume that code breaking quantum computers will become a reality within the next 10 years, so we should look for authentication and encryption methods that are ‘quantum’ safe. The good news: Such algorithms exist today and it is ‘just’ a matter of implementation.
Where Would I Need Quantum Safe Algorithms for my Cloud?
Like everybody else being connected to the Internet, I have two types of data: Data at rest on a physical medium, and data in flight, i.e. on the wire somewhere on the Internet. The good news for me is that I store my data on encrypted drives, e.g. with a LUKS layer below a file system or using ZFS’s encryption. Both are based on algorithms that are quantum safe.
Quantum Safe HTTPS
Most of my data that is ‘in flight’ is using encrypted with HTTPS and the algorithms used for encryption are also quantum safe. That sounds good, but there is a major weak link: The authentication procedure and ciphering key exchange that happens during the establishment of an https connection. Today, strong algorithms like Elliptic Curve Diffie Hellman are used to protect such procedures. Unfortunately, these are not quantum safe and have to be replaced by new algorithms. These exist and are partly already implemented. Have a look at the article on Kyber on Wikipedia for details. One problem: Web browsers and other applications have to implement them and it has to be done in a way to prevent downgrade attacks. Not impossible and the Internet knows that Chrome and Firefox do have implementations today. The Internet further says Chrome has already activated them while they need to be manually enabled in Firefox. I tried to get those algorithms to show up during a TLS setup, but wasn’t successful yet. I didn’t spend a lot of effort however, as it doesn’t matter too much for now.
Quantum Safe SSH
Secure Shell (ssh) is another application I use 24/7 to communicate over the Internet. From what I can tell, the software versions I use as of early 2025 are not quantum safe, as appropriate algorithms have only been added to OpenSSH 9.9 in late 2024. But, it’s coming! Have a look here for further background.
Quantum Safe VPN
And finally, I use VPNs to tunnel some of my communication. I’m in the process of transitioning to Wireguard, which is partially quantum safe if an additional pre-shared ciphering key is used for encryption. There are at least two gotcha’s however. The authentication procedure is not quantum safe and there has to be a way to exchange that pre-shared key in a quantum safe way. Over the Internet, that’s a bit difficult right now. More about that below.
Store Now – Decrypt Later
So let’s assume all of my data exchange was suddenly quantum safe. Mission accomplished? Well, perhaps for my own data, which is not really interesting to many, but data of banks, governments and other entities, which is encrypted wile in flight today, might be stored today and decrypted later once quantum computers are available. Storing data now in the hope to be able to decrypt later requires a huge amount of storage and the knowledge what kind of data would still have value in a decade from now. I leave it to your imagination if ‘intercept and store now, decrypt later’ is actually happening.
Be that as it may, one thing is clear: As soon as SSH becomes quantum safe, I have to replace the pass keys used on my cloud data storage, because these keys go back and forth over SSH whenever a server is rebooted. That’s totally safe today, but as soon as SSH connections can be decrypted with quantum computers, I have to assume one of my SSH sessions over which a key for my storage was exchanged was intercepted and stored, and could potentially be decrypted now.
Single Point of Failure
So while it’s already too late to prevent ‘store now, decode later’, it’s also difficult to ensure one is quantum safe later: It only takes one weak link in the chain to expose a ciphering key. So to be quantum safe, one has to make sure that all SSH connections are using quantum safe algorithms, all https connections are safe and VPN ciphering keys are not compromised over an non-quantum safe link. That is going to be really difficult.
Summary
As you can see, even only making my own data transfers quantum safe is a huge task. Now imagine banks, governments, etc. having to do the same with systems that are much older, much more diverse and serve billions rather than just a few people. When you picture this, it’s easy to imagine why everybody wants to have a quantum computer that can break today’s encryption.