Why Quantum Resistant Encryption is essential for long term data security
Quantum computing will have a transformative effect on the global economy. Once commercially available, its advantages will span industries; enhancing fellow technologies and allowing us to solve complex problems like never before. However, these advancements do not come without risk. Quantum computers will change the cybersecurity landscape significantly, especially when it comes to cryptography and long term data security.
With quantum computing’s remarkable ability to solve the most complex problems in comes the most serious cybersecurity threat in history. That problem-solving ability will eventually enable cracking of much of today’s conventional encryption. Long-term data protection requires Quantum Resistant Encryption (QRE).
Quantum computing’s growth, famous or infamous?
Since work on quantum computing first started in the 1980s, it has often been spoken of as ‘the next big thing’ in computing. Today’s classical computers code information in a binary state, existing as either a 1 or 0, known as a bit. By contrast, a quantum computer codes information in a quantum state, known as a qubit (quantum bit). These qubits can store information as 1s, 0s or anywhere in between thanks to a principal called superposition. This means that qubits can store more information than bits, which is what gives quantum computers exponentially greater computing power than their classical counterparts.
In the early days, quantum computing progress could be described as steady – often with the theoretical taking significant steps forward while the practical struggled to keep pace. In recent times however, we’ve seen the practical pick up the pace. Significant investment from organisations including Google, IBM, Microsoft and Amazon, together with a host of quantum start-ups, has led to a sharp increase in quantum R&D as these companies look to commercialise the technology.
They are joined with state-backed initiatives from the US, China, Europe and Russia, many of which are looking to apply the technology to communications infrastructure (the so-called ‘quantum internet’) and, perhaps, some more nefarious purposes.
So, when will quantum computers hit the shelf? That’s still a subject of much debate. Some believe it’s still a while off, while others say it’s just around the corner. We’re already starting to see this, with tech giants beginning to offer access to their existing quantum computers ‘as a service’ in the cloud. Moreover, the ground-breaking news of October 2019, when Google and NASA claimed to have achieved ‘quantum supremacy’ – the point at which a quantum computer can solve problems that are practically unsolvable by classical computers – signals that the quantum era may be closer than some think.
The quantum computing impact
Fully-fledged commercial quantum computers will have a transformative effect on areas including scientific and medical research, economic analysis, AI, big data and many other disciplines which require large volumes of data and complex calculations. However, the technology will have the ability to do harm as the very same computing power can be applied to undermine cybersecurity.
Of particular concern is the threat to public key cryptography; something that was identified in 1994 by MIT professor Peter Shor when he developed ‘Shor’s algorithm’, a quantum algorithm for factoring integers (also known as prime factorization, the method public key cryptography uses to generate keys). This implies that a quantum computer running Shor’s algorithm will be able to break the encryption techniques that underpin most of the world’s cryptography in a matter of days, if not hours. To put this into perspective, it would take a classical computer many thousands of years to perform the equivalent task.
Quantum-ready cryptographic technologies
With quantum computing threatening the fundamentals of public key cryptography, organisations must act to mitigate the threats posed to long term data security, especially when it comes to sensitive data. Thankfully, technologies exist today that can be implemented to protect against both quantum and classical attacks.
Strong encryption begins with a source of genuine randomness (entropy). Random numbers used to seed keys must not be vulnerable to prediction or bias. In the quantum era, randomness will become even more crucial because quantum computers will be able to ascertain patterns much quicker than classical computers. One answer lies in Quantum Random Number Generators. These provide high levels of entropy and act as a true source of randomness by themselves leveraging the principals of quantum physics.
Once keys are generated, they must be distributed in a way that guarantees forward secrecy; something that will also be at risk in the quantum age. Quantum Key Distribution (QKD) allows keys to be distributed in a way that guarantees forward secrecy, again using a quantum principle known as the ‘observer effect’, which dictates that observation causes perturbation. Keys are sent via photons across an optical or free space link, and if a key is intercepted and observed in transit, the sender and receiver would be alerted that it is not safe to use.
Last but not least are the algorithms themselves. While it’s been clearly established that today’s public key algorithms are vulnerable, Quantum Resistant Algorithms (QRAs) are designed to remain secure in a post-quantum world and are being assessed by the US National Institute of Standards and Technology. They come from a range of mathematical ideas and principles, but broadly fit into three categories: lattice cryptosystems, code-based systems and multivariate systems.
From quantum-ready to quantum-resistant
Organisations must remain agile in this changing threat landscape, especially when it comes to cryptography. Only crypto-agile solutions enable customers to avoid their current solutions becoming obsolete in a post-quantum world.
The most effective way to transition to a quantum resistant environment is to begin adopting quantum ready cryptographic technologies today and use them in conjunction with existing solutions. In the long term it is likely that once standardised QRAs will entirely replace today’s public key systems but in the short term they will co-exist as ‘hybrid’ cryptographic systems, providing defence in depth against current and future threats.
Encryption platforms that have the flexibility to support these hybrid modes, as well as options to use QRNG, will remain fit-for-purpose as the age of the quantum computer looms. Implementing quantum resistant encryption (QRE) together with today’s state-of-the-art encryption – hybrid-encryption – will mitigate the risk of a quantum attack.
Want to know more about long term data security and the role of hybrid, quantum resistant encryption?