Quantum technology can decipher encryption, but hope is not lost

Featured in Sectra Newsletter, October 2020

Quantum technology and its theoretical impact on computer performance has been talked about for a long time, but the debate gained new impetus in October last year when Google’s Sycamore quantum computer passed the latest performance tests without any errors. Sycamore performed  the tests in 200 seconds, whilst it would have taken about 10,000 years from the world’s fastest known computer to date. The calculation process of a normal computer is based on testing combinations of values ​​in the bit string 0 and 1, one at a time. A quantum computer is capable of handling several consecutive combinations of 0 and 1 simultaneously in so-called qubits.

The success of the practical tests is a significant achievement, but the functionality of quantum computers is still far from the requirements of real life. The handling of qubits is complicated and so far only possible under laboratory conditions. It is estimated that the utilisation of quantum computers in everyday use will be possible at the earliest after 10-15 years.

Quantum computing has a different effect on the degradation or cracking of symmetric and asymmetric cryptographic algorithms. A better understanding of the implications therefore requires at least knowledge of the basics of cryptography. Asymmetric algorithms such as RSA are predicted to break down rapidly because the so-called Shor algorithm makes it easier to find the prime numbers of asymmetric encryption keys more efficiently than just improving computing power. As a result, the digital signature in its current form will be unusable in the future.

The effect on symmetric encryption is not as strong. Encryption is deciphered faster than current supercomputers, but increasing the key length to 256 bits has been thought to protect against quantum computing brute-force attacks as well. The effects, with their new quantum algorithms, are complex and difficult to predict at this stage, so an accurate estimate cannot yet be made. In any case, the protection provided by current encryption methods to the confidentiality, integrity and indisputability of data suffers significantly with quantum technology.

Quantum technology is not just a threat to cybersecurity. New algorithms based on quantum technology are already being developed at a rapid pace, and the cryptographic systems of the future that develop alongside them can take the security of information systems to a whole new level. New encryption solutions are commonly referred to as post-quantum cryptography. The goal is to develop encryption solutions that could directly replace implementations based on, for example, the RSA algorithm.

Our customers will need quantum-safe technology and our secure communication solution Sectra Tiger/S is determined by the Dutch national security authority, NLNCSA, to protect against quantum attacks. Very few products offer any form of protection against such attacks despite the evident threat posed by quantum computers.

Simo Pykälistö, President of Sectra Communications

Quantum technology has been estimated to benefit cybersecurity application the most, especially where security is weak by current standards. For example, many IoT environments have been criticized as being insecure. More and more devices are connected to the Internet and cybersecurity has not always been implemented in the best possible way. Indeed, numerous development projects are underway in which new cryptographic solutions will be applied to the reliable identification between devices in the IoT environment and the encryption of communications.

The United States is at the forefront of quantum technology development, both in the private sector and in state-funded projects. Scientific research and the development of quantum technology standards in the United States is led by NIST (National Institute of Standards and Technology). The United States is followed by Japan, China, South Korea and Canada. Both the EU and individual European countries have launched their own research projects. Quantum technology is one of China’s spearheads in building the status of a technological superpower. Indeed, China has invested by far the most in state-funded projects in recent years. China’s funding of ten billion euros for 2017-2020 is more than five times that of the United States. However, given the pace of technological development in the United States and the strong private sector, China is not yet a world leader in quantum technology even with this investment.

Preparations for quantum technology, and the threat it imposes in the area of ​​cybersecurity, are already underway. Post-quantum cryptographic solutions and their rapid development seem promising, at least in theory. It is likely that new encryption solutions will be incorporated by software companies into everyday applications, For example in, Internet browsers, communications applications, e-mail, cloud services, etc. Taking quantum technology into account in today’s operations depends on the organization’s security requirements. For companies engaged in non-security-critical business, general monitoring of developments and the introduction of new quantum algorithms for firmware in the future will suffice. Organizations handling high-security information should already take a critical look, for example, at possible tactics of protecting archived information. It is possible that the data that is encrypted today will be decrypted very quickly in 20 years. In this case, one must consider extending symmetric keys or protecting data by means of physical security.

The practical application of quantum technology is still a long way off, according to general estimates, perhaps 10-15 years away. It is possible, perhaps even probable, that quantum technology is already being used in the intelligence systems of the great powers today. History provides a great example  of this from the 1970s, when mathematicians at the British Signal Intelligence GCHQ developed a public key encryption method in secret, about five years before the RSA algorithm was born.

Featured in Sectra Newsletter, October 2020

Related products and services