Quantum computing is predicted to become mainstream within the next 5-10 years. The technology will have a transformative effect on the world, with its ability to solve complex problems much quicker than today’s ‘classical’ computers. However, it also poses a cybersecurity threat that must be taken seriously. This is why organisations are turning to post-quantum encryption security.
What is Quantum Computing?
While classical computers code information into bits, sending electrical or optical pulses representing 1s and 0s (a binary code) as first devised by Alan Turing in the 1930s, quantum computers use quantum bits (known as qubits).
These qubits, typically subatomic particles such as electrons or photons, can store information as 1s, 0s or anywhere between these values due to a principle called superposition.
This means that qubits can store more information than bits, and therefore their computational power is exponentially greater.
This will have a transformative effect on areas including scientific and medical research, economic analysis, AI, Big Data, and many other disciplines which require large volumes of data and complex calculations.
How Will Quantum Computing Effect Today’s Cryptography?
Quantum computers will have the ability to do harm. The very same computing power that allows complex problems to be solved can, in turn, be applied to undermine cybersecurity.
Of particular concern is the threat to public key cryptography, which is based on factorisation for RSA algorithms, or discrete log problems with DSA, Diffie-Hellman, and Elliptic-Curve Cryptography (ECC).
While these mathematical problems are sufficient today, a quantum computer running quantum algorithms such as Shor’s or Lov Grovers could break these codes in a matter of hours, rendering them useless. To mitigate this risk, organisations must turn to post-quantum encryption security.
Post-Quantum Encryption Security
While the precise date quantum computing will become mainstream is unknown, it’s generally accepted that this will be within the next 5-10 years – well inside many organisations’ IT & cybersecurity systems lifecycle.
Thankfully, quantum-safe cybersecurity technologies that can mitigate the risks of quantum attacks are commercially available today, with further advances due in the near future.
Organisations looking to secure their data in the post-quantum age can begin their preparation with the following steps.
1: Practice Crypto-Agility
A crypto-agile encryption solution allows you to quickly adapt to cryptographic threats by implementing alternative encryption methods.
Senetas encryption solutions leverage state-of-the-art encryption key management and are crypto-agile by design. Compatible with Quantum Key Distribution (QKD), external sources of entropy such as Quantum Random Number Generation (QRNG) and supporting custom curves and algorithms, Senetas solutions provide long-term data protection in a post-quantum computing world.
2: Undertake a Post-Quantum Risk Assessment
Understand the threats the quantum computers will pose to your organisation by undertaking a post-quantum risk assessment. In an ideal world this would mean auditing your entire network, though time and resource may limit this.
Start your audit with business-critical infrastructure as a top priority, before working your way out from there.
3: Protect Applications with Quantum Random Number Generation
When generating keys, it is crucial that numbers are seeded from a source that is not vulnerable to bias, or easy to predict.
This randomness is already key in today’s cryptography, and will become even more so in the quantum era, when quantum computers will be able to ascertain patterns in the fraction of the time it takes their classical counterparts.
Quantum Random Number Generators (QRNGs) provide high entropy and generate a true source of randomness by leveraging principals from quantum physics. Implementing QRNG helps secure vital applications such as cryptographic services, cloud computing, gaming and IoT devices.
4: Secure Data in Motion with Quantum Key Distribution
Deploying Quantum Key Distribution (QKD) across mission-critical connected devices ensures forward secrecy and data integrity.
QKD uses photons (particles of light) to distribute keys. It uses what’s known as the ‘observer effect’ to verify the key’s authenticity. If a cyber criminal attempts to intercept this key, the sender and recipient will be alerted, offering them the chance to generate a new key before any sensitive data is transmitted.
5: Implement Quantum Resistant Algorithms
Quantum Resistant Algorithms (QRAs) are algorithms which themselves are designed to remain secure in a post-quantum world. Though they are currently not available, 26 proposed algorithms are currently being assessed by NIST, with draft standards expected as soon as 2022.
Once standardised, the current generation of encryption algorithms will need to be replaced with these new quantum-resistant algorithms. This will ultimately require an update to all software and hardware devices that use Public Key encryption globally.
NIST guidelines recommend adopting a hybrid classic/quantum state in anticipation of the new standards.
Find out more about Senetas crypto-agility.