The threat of quantum computers is driving cybersecurity innovation.
Quantum-safe strategies will soon become standard. Read below to find out more.
The Power of Quantum Computers
Quantum computers are very different to classical computers. While classical computers encode data into binary digits (bits) that are either a “0” or a “1”, quantum computers use quantum bits, or qubits, which can represent a “0” and a “1”, simultaneously. Their processing power increases exponentially with the number of these qubits, promising to give them extraordinary capabilities that will revolutionize computing.
They will enable dramatic improvements in fields such as chemistry, artificial intelligence, financial modeling, weather forecasting, and more. Of significant concern, they will also have impacts on cybersecurity that require us to change how we protect our data.
Quantum Computers and Cybersecurity
Asymmetric algorithms such as RSA are used to share symmetric encryption keys which in turn protect data. The security is founded on the huge processing time that classical computers would require to break these asymmetric algorithms.
Quantum computers are changing that. While symmetric encryption will remain robust if longer keys are used, asymmetric encryption will not be safe when commercial-scale quantum computers become available. Indeed, quantum computers will be able to break in seconds the math behind asymmetric encryption, as shown by Shor in 1994. The way we currently exchange encryption keys – as well as digital certificates, blockchain and cryptocurrencies — will no longer be safe.
Timing: When to Worry?
Nobody knows when a general-purpose quantum computer of sufficient scale to threaten our security will be available. Guesses range from a few years to never, but it’s thought we should plan for ten years. That means we should expect the total breakdown of all currently used key exchange systems within a decade, and put in place a strategy early enough that will allow us to implement quantum resilient in time to protect sensitive data for its full security life.
For some data it may already be too late: “harvesting attacks” could already be intercepting data today for decryption when quantum computers mature.
Building Quantum Resilience Now
- Use full-entropy random numbers. These are necessary for all quantum-resilient cryptography.
- Use longer keys for symmetric encryption: these will need to be twice as long as those used today to allow similar protection. Long, truly random symmetric keys can be used to wrap stored or replicated keys, protecting them from quantum attacks today.
- Ensure your key managers are crypto-agile, i.e. able to work with longer keys and new quantum resistant algorithms
- Explore key exchange solutions such as quantum key-distribution (QKD) and keep abreast of NIST’s selections of new quantum-resistant encryption algorithms (QRA).
- Use secure links between key management nodes, protected by QKD and/or quantum resistant algorithms.
A Quantum Resilient Toolkit
qStream: Quantum Random Number Generator
The building blocks of cybersecurity lie in random numbers and truly random numbers remove vulnerabilities, building quantum resilience today. qStream is QuintessenceLabs’ quantum random number generator generating full-entropy random at 1 Gbit/s.
TSF: Crypto-Agile Key Management
QuintessenceLabs’ Trusted Security Foundation is a secure platform for the generation, distribution, storage, management and control of cryptographic objects, including quantum resistant keys and other cryptographic material. TSF uses a quantum entropy source for key generation.
Quantum Key Distribution (QKD)
QuintessenceLabs is at the forefront of QKD development, delivering high and cost-effective deployments using standard networking components. Development to enable free-space deployments are under way.
Quantum Safe Methodology™ (QSM)
QuintessenceLabs experts work with customers, using our proprietary Quantum-Safe Methodology, to map out their quantum risk, define a roadmap to quantum safety, and deliver a quantum-safe solution.
Inside Quantum Key Distribution
QKD enables keys to be securely shared and is unique in quantum resilience because it is based on physics, not math, so quantum computers have no impact on its security. Attempts to eavesdrop on a transmission between two parties inevitably modifies the particles’ states, and the two parties can know if the key is secure or should be discarded.
In the future we may have a worldwide QKD network using satellites safely exchanging keys, and transporting them around the globe.
Nearer term, QKD will likely secure most sensitive links with quantum-resistant protecting less sensitive links.
Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now.
— Arvind Krishna, Chairman and CEO of IBM, May 2018