Introduction to Quantum Resilient Preparation
An Introduction to Quantum Cybersecurity
A large-scale quantum computer, exponentially faster than a classical computer, will have infinite uses whenever complicated problems or systems must be emulated. Based on the laws of physics and the infinite randomness that exists in nature, this computing power will be harnessed to solve complex computations in multiple industry sectors to advance science in medicine, manufacturing, and engineering. The power of quantum computing is almost unimaginable to us today: cracking problems in seconds rather than in years. Unfortunately, this power will also be available to break the encryption systems that we use today.
The negative impacts of quantum computing are of great concern. Cyberattacks, data theft, and breakdown of information systems and infrastructure have the potential to completely disrupt all commonly secure data. News of this threat has spread. The Boston Consulting Group has predicted that more than 4.5 billion internet users securely access 200 million websites and spend approximately $3 trillion in retail e-commerce annually (source in QED-C). The World Economic Forum predicts that globally, over 20 billion digital devices will be impacted and need upgrade or replacement in the next two decades to remain safe from quantum cyberattacks (source in QED-C).
Leading experts agree that quantum cybersecurity will soon become mainstream and will be one of the critical pillars of a robust cybersecurity strategy for most organizations. Rather than waiting for quantum computing to allow the breakdown of our information infrastructure, QuintessenceLabs is now harnessing quantum physics’ power to protect cryptography. The solutions to transition to quantum-resilient infrastructure will include post-quantum cryptography (PQC) and quantum key distribution (CV-QKD).
QuintessenceLabs’ data protection integrates unique quantum capabilities to deliver the most trusted level of security today while preparing for tomorrow’s quantum computing threat.
Preparing for this imminent threat is critical. The more you know about quantum computing, the better you will be able to assess the threat to your organization and develop an organizational strategy to become quantum resilient.
What It Is & Why It Matters
The Threat Is Real
Encryption is everywhere. It is used to secure retail transactions, supply chain infrastructure, the financial industry, and private data across every sector of the global economy. Bad actors using classical computers have already wreaked havoc with multiple levels of data breaches and have exposed security vulnerabilities across every type of enterprise. These breaches cost billions of dollars and cause significant interference to the impacted organizations.
HNDL Attacks Have Begun
The risk is very high for those targeted by state-sponsored adversaries. Although stolen data tends to have a limited shelf life, some may be useful for a state adversary more than a decade in the future. Examples include long-term business strategies, trade secrets, pharma and chemical formula, biometric identification markers, Social Security Numbers, sealed criminal records, weapon designs, and the identities of human intelligence officers and assets. If an organization holds data that must be kept secret for more than 10 years, the process of securing it must start now. (1)
The “harvest-now, decrypt-later” scenario is a grave risk to stolen private data. Hackers, often state-sponsored, grab large amounts of encrypted data in difficult-to-detect malware. The practice applies to data and the encryption keys that protect it. The data holds future value, assuming that quantum computers will decrypt and readily expose the information in seconds. This potential theft of fundamental pharmaceutical, chemical, and material science research would be exploited for use in quantum-assisted simulations.
The complex systems that hold this private/proprietary information present a second risk. The migration to new security strategies will vary between organizations, but a realistic assumption is that any new strategy must undergo a rigorous test and installation period. Quantum-safe solutions will be radically different, necessitating performance testing and hardware upgrades and being subject to physical limitations such as size and power capacity. Critical infrastructure may be the hardest to change and the most at risk.
So Now What? Quantum Solutions
Encryption Depends on Entropy
Cryptographic keys rely on highly complex sequences of random numbers. These random numbers are critical in two parts of an encryption scheme. The encryption is used not only to protect raw data but to secure the key transmitted to the recipient of the data.
Generating these sequences of random numbers is at the center of quantum-enabled security. The random number generation is determined or “seeded” by the seemingly random operations within the computer’s hardware and operating system. This collection of randomness is known as entropy.
Over time, slightly predictable patterns emerge in these random numbers. The keys can only be demonstrated to be statistically random. The problem is exacerbated in virtual environments, where the randomness may slow dramatically as the load on the machine varies.
Take Action: Extend Your Encryption Post-Quantum
To remedy this issue, the QuintessenceLabs true quantum random number generator (QRNG) qStream™ provides encryption keys with full entropy (i.e., that are truly random). These keys are derived from a quantum source that is unpredictable by nature and are of the highest quality. With a rate of 1 Gbit/sec, the qStream™ QRNG is the world’s fastest commercial true random number generator, cost-effectively meeting the need for high throughput, and quality randomness for commercial applications whether in premise, cloud, or shared environments.
The qStream™ QRNG delivers random numbers for the generation of cryptographic keys and other security parameters, deterministic RNG seeding, initialization vectors, nonces, random challenges, authentication, and DSA signing. Other applications include Entropy as a Service (EaaS), simulations, modeling, and computer gaming.
New Risk Mitigation TTPs Are Needed Now
The negative impacts of quantum computing are of great concern. Cyberattacks, data theft, and breakdown of information systems and infrastructure have the potential to disrupt all commonly secure data completely.
The risk is very high, as adversarial development of quantum computing and its implications for decryption will be a threat that is deployed before countermeasures can be tested and replaced.
Although stolen data tends to have a limited shelf life, some may be useful for a state adversary more than a decade in the future.
Cyber-resilient solutions are available now to protect your enterprise data and assist you in meeting the initial threats that will be posed when the power of quantum computing is unleashed.