Article

Quantum technology can decipher encryption, but hope is not lost

Featured in Sectra Newsletter

Quantum technology and its theoretical impact on computer performance has been talked about for a long time, but the debate gained new impetus in October last year when Google’s Sycamore quantum computer passed the latest performance tests. The calculation process of a normal computer is based on testing combinations of values ​​in the bit string 0 and 1. A quantum computer uses an information carrier called qubits, which behaves in a different way compared to normal bit carriers.

The success of the practical tests is a significant achievement, but the functionality of quantum computers is still far from the requirements of real life. The handling of qubits is complicated and so far only possible under laboratory conditions. It is estimated that the utilization of quantum computers will be possible at the earliest after 10-15 years.

Quantum computing has a different effect on the degradation or cracking of symmetric and asymmetric cryptographic algorithms. A better understanding of the implications therefore requires at least knowledge of the basics of cryptography. Most current asymmetric protocols are predicted to break down rapidly because the so-called Shor algorithm that solves the mathematical problems, which provides the security for these protocols, more efficiently than just improving computing power. As a result, the digital signature in its current form will be unusable in the future.

The effect on symmetric encryption is not as strong. Encryption is deciphered faster than current supercomputers, but doubling the key length has been thought to protect against quantum computing brute-force attacks as well. The effects, with their new quantum algorithms, are complex and difficult to predict at this stage, so an accurate estimate cannot yet be made. In any case, the protection provided by current encryption methods to the confidentiality, integrity and indisputability of data suffers significantly with quantum technology.

Quantum technology is not just a threat to cybersecurity. New algorithms based on quantum technology are already being developed at a rapid pace, and the cryptographic systems of the future that develop alongside them can take the security of information systems to a whole new level. New encryption solutions are commonly referred to as post-quantum cryptography. The goal is to develop encryption solutions that could directly replace implementations based on, for example, the RSA algorithm.

Our customers will need quantum-safe technology and our secure communication solution Sectra Tiger/S is determined by the Dutch national security authority, NLNCSA, to protect against quantum attacks. Very few products offer any form of protection against such attacks despite the evident threat posed by quantum computers.

Simo Pykälistö, President of Sectra Communications

Quantum technology has been estimated to benefit cybersecurity application the most, especially where security is weak by current standards. For example, many IoT environments have been criticized as being insecure. More and more devices are connected to the Internet and cybersecurity has not always been implemented in the best possible way. Indeed, numerous development projects are underway in which new cryptographic solutions will be applied to the reliable identification between devices in the IoT environment and the encryption of communications.

The United States is at the forefront of quantum technology development, both in the private sector and in state-funded projects. Scientific research and the development of quantum technology standards in the United States is led by NIST (National Institute of Standards and Technology). The United States is followed by Japan, China, South Korea and Canada. Both the EU and individual European countries have launched their own research projects. Quantum technology is one of China’s spearheads in building the status of a technological superpower. Indeed, China has invested by far the most in state-funded projects in recent years. China’s funding of ten billion euros for 2017-2020 is more than five times that of the United States. However, given the pace of technological development in the United States and the strong private sector, China is not yet a world leader in quantum technology even with this investment.

Preparations for quantum technology, and the threat it imposes in the area of ​​cybersecurity, are already underway. Post-quantum cryptographic solutions and their rapid development seem promising, at least in theory. It is likely that new encryption solutions will be incorporated by software companies into everyday applications, For example in, Internet browsers, communications applications, e-mail, cloud services, etc. Taking quantum technology into account in today’s operations depends on the organization’s security requirements. For companies engaged in non-security-critical business, general monitoring of developments and the introduction of new quantum algorithms for firmware in the future will suffice. Organizations handling high-security information should already take a critical look, for example, at possible tactics of protecting archived information. It is possible that the data that is encrypted today will be decrypted very quickly in 20 years. In this case, one must consider extending symmetric keys or protecting data by means of physical security.

The practical application of quantum technology is still a long way off, according to general estimates, perhaps 10-15 years away. It is possible, perhaps even probable, that quantum technology is already being used in the intelligence systems of the great powers today. History provides a great example  of this from the 1970s, when mathematicians at the British Signal Intelligence GCHQ developed a public key encryption method in secret, about five years before the RSA algorithm was born.

Key takeaways

  • Quantum technology is not just a threat to cybersecurity. The development of quantum cryptography systems is underway and the protection they provide can take cybersecurity to a new level.
  • The development of quantum technology will decipher the majority of current cryptographic systems over the next 10-15 years. This is a critical situation for organizations handling information on the security level SECRET, given that highly sensitive information must be kept secure for usually 30-40 years. This is why these organizations need to use security solutions that are approved as quantum-proof already today.
  • An organisation’s cybersecurity requirements affect quantum technology preparation measures. High-security organisations need to critically evaluate today’s practices for quantum technology.

Featured in Sectra Newsletter, October 2020

References

https://www.livescience.com/google-hits-quantum-supremacy.html

Barker et al. (2020). Getting Ready for Post-Quantum Cryptography. NIST Cybersecurity White Paper.

https://thequantumdaily.com/2020/04/30/is-aes-256-quantum-resistant/

European Commission. Digital Economy and Society Index (DESI) 2020.

https://www.thalesgroup.com/en/germany/magazine/quantum-computing-and-cybersecurity

https://www.etla.fi/en/latest/quantum-computing-is-coming-will-cybersecurity-be-compromised/

https://ec.europa.eu/digital-single-market/en/news/future-quantum-eu-countries-plan-ultra-secure-communication-network

More Less

Related reading

Browse all cases

Related products and services

Browse all
Nov 26, 2020