Utimaco CTO Nils Gerhardt outlines the threat quantum computing poses to current methods of encryption, and suggests how cybersecurity can get ahead of the game.
The US National Institute of Standards and Technology (NIST) recently announced that after six years of testing they had settled on four algorithms that it believes will be able to withstand hacking from quantum computers currently being developed around the world. This may seem like something that will only be of interest in computer science and security circles, but even if these algorithms remain inconspicuous in our lives and businesses, they will have a significant impact.
Quantum computing harnesses the laws of quantum mechanics to solve problems which cannot be undertaken by classical computers. These systems are already showing that they can perform calculations that would take a prohibitive amount of time on conventional computers.
Although the idea of quantum computing has existed since the 1980s, only in recent years have we seen working prototypes such as IBM’s Eagle being developed. Even as early as 1994, scientists had determined that quantum computers could break the RSA encryption that to this day underpins much of digital security.
The threat to current encryption
While existing computers are theoretically capable of breaking RSA encryption, efforts to do so would in fact take around 300trn years. According to research published in the journal Quantum, a quantum computer using Shor’s algorithm with sufficient ‘qubits’, or quantum bits, could break the same encryption in seconds.
This means that attackers may soon be able to access credit card information, steal encrypted patient data or compromise the security of cryptocurrency if we do not prepare adequately for post-quantum security. Digitally signed documents created before quantum-resistant algorithms are put into place will also be vulnerable. Unless they can be re-signed by both parties in a format that uses quantum-resistant cryptography, millions of legal agreements could be invalidated. Even blockchains which power the $2trn dollar cryptocurrency market and an increasingly large number of other applications could be compromised.
Digitally signed documents may also be retroactively altered in a post-quantum world. Since digital documents are replacing documents signed by hand, and even physical documents which are scanned and stored securely, every digitally signed document that doesn’t have a physical equivalent could become legally unenforceable if altered by hackers. Moreover, some document-signing companies have tens of millions of rental agreements and employment contracts on their servers. It is critical that all these documents are re-secured before quantum computers pose a formidable threat.
Preparing for a post-quantum world
To determine where post-quantum cryptography (PQC) and conventional cryptography will need to be implemented, businesses will need to understand what of their data needs protecting and what will be worthless to cybercriminals. Over time, some data will become obsolete and worthless to hackers, but some data will need to be protected indefinitely.
Before an initial plan is put into place, a proof-of-concept that uses PQC or hybrid methods to protect data can be created to roll it out across a company’s digital assets.
It may simply be a case of switching from using one method to another. Transport layer security, for example, can be made quantum-resistant, and post-quantum cipher suites are already available from Amazon Web Services. This means information that is in transit (ie credit card details being sent from a customer to an e-commerce retailer) will be secured in any future transactions. Legacy systems, however, might need to be significantly upgraded or even replaced.
Fully rolling out quantum security over an organisation could take years to complete in some cases.
Getting ahead of quantum-powered hacks
When it comes to securing existing assets, there are two options. The first is to re-encrypt data with the new quantum-resistant algorithms. This can be time-consuming, especially when there are thousands or even millions of pieces of data that need to be encrypted. Using ‘hybrid’ encryption on the other hand, involves leaving the existing encryption in place, and placing a layer of quantum encryption over it. This can prove difficult when making files larger, and incorrectly implemented hybrid security could be as insecure as regular non-quantum safe security.
Additionally, since full-scale quantum computers haven’t been developed, real-world testing may in fact disprove the belief that the four algorithms that NIST has identified are quantum safe. It is also worth considering there will be further stages of evaluation, so some of the four may be dropped or added to by the next round. This may discourage security professionals dealing with a migration to quantum-resistant cryptography. Potentially, they could go all in on migrating to an algorithm that is shown to be unsafe by further testing or by tests against real quantum computers.
Rather than having a single dominant crypto scheme as we do today, where RSA predominates, there will likely be varied schemes, possibly including all of the current NIST candidates. There are many cases for cryptography today, including IoT and cloud devices, so the size and performance characteristics of different schemes need to vary. It also provides an extra layer of security by effectively hedging our bets. Bad actors may be able to crack one scheme but they won’t be able to crack them all.
Everything from individual devices to whole organisations will need to become ‘crypto agile’, and work flexibly across many different schemes.
Nils Gerhardt is the chief technology officer at cybersecurity provider Utimaco and board member of the IoT M2M Council.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.