Data security: the ongoing post-quantum cryptography transition

Qubits – quantum bits – offer a mind-blowing upgrade on the classic ones and zeros that support today’s digital world. Rather than simply representing a one or a zero, qubits can – somewhat counterintuitively – be both. In fact, qubits can indicate a combination of values, or parallel realities, that cover the most likely outcomes. And while that’s great news for using quantum computers to predict the weather, discover new pharmaceutical drugs, and explore advanced materials, there’s a catch. The computing boost provided by quantum processing should make it easier to break the encryption keys that currently secure data on the web. “In quantum, you can do everything at once,” Skip Sanzeri, chief operating officer at QuSecuresaid TechHQ.

Planning Opportunity

The good news, in terms of the security of our data, is that such powerful quantum computers are unlikely to exist today. Scientists around the world have made huge strides in building qubits using superconductors, semiconductor quantum dots, trapped ions, photons, and a range of other technology platforms. But none of these quantum computers are considered powerful enough to reverse engineer the various cryptosystems (the most obvious being the padlock displayed in your browser’s search bar) that users currently rely on to protect their data.

However, with each round of updates, quantum computers come one step closer to unraveling the hard sums that topple today’s classical machines and underpin today’s data security. And, in the wrong hands, quantum computers could allow attackers to read information we’d rather they didn’t.

Noticeably, in 2016, the US national standards agency NIST launched a competition to identify quantum-resistant encryption algorithms, and is now writing key insights into the security standards set to be released in 2024. But that doesn’t mean businesses and organizations should wait until then to think about what a transition from classic crypto to post-quantum cryptography. could imply. When imagining the vast scale of the modern Internet, it is clear that the number of devices and data stores involved is enormous.

“It’s not about ripping and replacing,” advises Sanzeri. “Start with the most vulnerable sites and begin your planning now.” Currently in beta, QuSecure offers a product that allows customers to create secure quantum channels between devices. And reputable partners listed on the company’s website include Amazon, Google and Microsoft – just to name a few. Focused on communications, the data security solution relies on existing protocols such as TLS. “We put a second pipe inside that is quantum safe,” Sanzeri explains.

Cryptographic agility

At the algorithm level, QuSecure uses NIST candidates, with additional software added to enable post-quantum cryptography. And Sanzeri comments that the solutions work well even for hardware with limited processing power. “We invented a way where if a device is connected to the internet, we can create a safe quantum channel without loading the terminal,” he said. Additionally, to account for any unforeseen issues in the strength of NIST’s algorithms – which is a reasonable assumption, given the uncertainties surrounding the new world of post-quantum cryptography – the system is designed to be “crypto-agile “. The algorithms can be modified and alternated, if necessary, to preserve security and maintain the integrity of post-quantum cryptography.

Putting yourself in an adversary’s shoes and thinking about what information resources might be high on an attacker’s wish list, you would likely have chosen communication channels. The live conversations taking place today between business leaders, governments and other international organizations are likely to contain the most urgent and up-to-date information. In this photo, it’s easy to see why QuSecure, and others, are choosing to bring post-quantum cryptography solutions to this field first.

Last month, IBM and Vodafone announced they were joining the GSMA Post-Quantum Telco Network Task Force, and US telecommunications company AT&T reportedly said it intended to be “quantum ready”. ‘by 2025. These actions add more weight to the general consensus that a quantum computer powerful enough to decipher the data circulating today is likely to arrive sooner rather than later. Data operators who do not take these risks seriously could find themselves in dire straits. The ability to read information circulating on the internet would expose an enormous amount of sensitive data, including conventional financial details, communications between wallets and cryptocurrency exchanges, and much more.

Prevention is better than cure

QuSecure estimates that 90% of encrypted web data is based on RSA-2048, which could, in theory, be exposed using quantum computing hardware consisting of 4100 Qubits. IBM recently updated its quantum development roadmap to 2025 while the computing giant hopes to reach more than 4158 qubits. But, unlike IBM, adversaries are unlikely to be as transparent about their quantum computing capabilities, so it’s best to plan ahead while the opportunity allows.

In fact, many organizations may have little choice – for example, national security memoranda issued by the White House direct federal agencies to set requirements for updating cryptographic systems. And organizations such as the World Economic Forum have issued strong advice guidance on transitioning to a secure quantum economy [PDF] and avoid the so-called risk of ‘cryptogeddon’, which indicates that a phased approach is a useful model to follow.

#Data #security #ongoing #postquantum #cryptography #transition