Advertisment

Re-think security today for a post-quantum world tomorrow

Whether or not you want to use quantum computing in the future is irrelevant, as you have some work to do now

author-image
DQINDIA Online
New Update
post-quantum

Whether or not you want to use quantum computing in the future, you have some work to do now

Advertisment

In the near future, quantum computers will be able to perform massive combinatorial computations in a time duration that will outperform the classical computers of today. Quantum computing shifts from today’s classical computation fundamentals such as the basic single-state of a bit — 0 or 1. Quantum uses the qubit as the fundamental unit in quantum computing and since the qubit can be in both states at once, it enables faster computations. 

As exciting as it is that quantum computing can solve previously unsolvable problems, this power will also enable it to break into your encrypted data or communication.

Post-quantum cryptography

Advertisment

Today, most public key algorithms and digital signatures are not resilient to quantum attacks. The fundamental assumption for today’s cryptography and blockchain assets is that it takes enormous computational power and time to breach the system, thus making them safe from almost all cyber threats. For instance, one of the public-key cryptographic algorithms, RSA, that is used in TLS(Transport Layer Security) for secure HTTPS communication, relies on a public encryption key based on the product of two large prime numbers. The prime numbers themselves are kept as the secret to decrypt it. But guess what? Shor’s algorithm — a polynomial-time quantum computing algorithm, can perform integer factorization, obtaining back the prime numbers.Thus, a decent quantum computer can rapidly break encryption and digital signature schemes by performing enormous computations quickly.

Post-quantum cryptography (also known as quantum-resistant cryptography) are algorithms that can be secure from attacks caused by a quantum computer. NIST(National Institute of Standards and Technology) is already evaluating and standardizing quantum-resistant cryptographic algorithms. Some algorithms that have made it to the finals are Classic McEliece, CRYSTALS-Kyber, NTRU, CRYSTALS-Dilithium, FrodoKem, and more. 

But, why is post-quantum cryptography important in 2022?

Advertisment

Digital signatures and secure communication like TLS are not resistant to quantum attacks. But why should you care? This style of cryptography is used in applications such as 

  • Banking
  • VPN
  • Digital wallets
  • Cryptocurrencies such as Bitcoins

It has taken organizations almost 20 years to adopt current cryptographic standards. Robust quantum computing can be expected in the next 10-15 years… you do the math. Unless we start moving now, the vast majority of today’s transactions, and user information will be exposed. Many industries will seize the opportunity to get their hands on quantum — from cloud service providers to crypto-currency mining farms. Unfortunately, so will hackers. 

Advertisment

So organizations should start preparing now.

Preparing for a post-quantum world

Whether or not you intend to adopt quantum computing for your organization, you will still need to prepare for quantum attacks. A preparation strategy should look something like this:

Advertisment
  1. Educate yourself and your organizational stakeholders about post-quantum cryptography.
  2. Inspect systems (hardware, software, communication protocols, services, data) and their current encryption methods:
    1. Vulnerable systems which use public key cryptography or digital signatures will need to switch to PQ (Post Quantum) safe algorithms.
    2. Non-vulnerable systems which use symmetric key algorithms or hash functions will need to be inspected if the parameters are PQ safe.  For instance, doubling the key sizes of these algorithms can effectively block quantum threats.
  3. Prioritize areas of focus based on vulnerability, criticality of the system and the expected time and resources required to switch to PQ safe algorithms. 
  4. Set up data retention periods, allowing the organization to begin phasing out old unused data which was encrypted with non-PQ safe algorithms. Leaving this data intact will create vulnerabilities and potential exposure by hackers in a post quantum world.
  5. Look out for NIST standardizations, migration recommendations  to post-quantum cryptographic algorithms. It is expected to be finalized between 2022-2024.
  6. Identify which post-quantum cryptography algorithms and tools will work best for your systems and data.
  7. Update your cryptographic posture for systems and data for the post-quantum world.

Historically, society has embraced the uses of technology first and then dealt with the adversities caused by it later. For instance, it was exciting when social networks arrived, but the astronomical growth over the last decade has now left us dealing with misinformation. Similarly, with AI and machine learning, it was fascinating to model and build facial recognition models, only later to deal with their biases and the increasing privacy concerns. 

But In the case of quantum computing, we are already well aware of the potential threats to come. Now is our opportunity to turn the tide for quantum computing: let’s first prepare for quantum threats with post-quantum cryptography so we can enjoy the benefits when quantum computing arrives.

Advertisment
oie UfggJs M

The article has been written by Preethi Srinivasan, Director of Innovation, Druva

Advertisment