The threat of quantum computers is driving cybersecurity innovation.
Quantum-safe strategies will soon become standard. Read below to find out more.
The Power of Quantum Computers
Quantum computers are very different to classical computers. While classical computers encode data into binary digits (bits) that are either a “0” or a “1”, quantum computers use quantum bits, or qubits, which can represent a “0” and a “1”, simultaneously. Their processing power increases exponentially with the number of these qubits, promising to give them extraordinary capabilities that will revolutionize computing.
They will enable dramatic improvements in fields such as chemistry, artificial intelligence, financial modeling, weather forecasting, and more. Of significant concern, they will also have impacts on cybersecurity that require us to change how we protect our data.
The Quantum Computer Cybersecurity Threat
Asymmetric algorithms such as RSA are used to share symmetric encryption keys which in turn protect data. The security is founded on the huge processing time that classical computers would require to break these asymmetric algorithms.
Quantum computers are changing that. While symmetric encryption like AES will remain robust if longer keys and true entropy (i.e.: quantum random number generators) are used, asymmetric encryption will not be safe when commercial-scale quantum computers become available. Indeed, quantum computers will be able to break in seconds the math behind asymmetric encryption, as shown by Shor in 1994. The way we currently exchange encryption keys—as well as digital certificates, blockchain, and cryptocurrencies—will no longer be safe.
Timing: When to Worry?
Nobody knows when a general-purpose quantum computer of sufficient scale to threaten our security will be available. Guesses range from a few years to never, but it’s thought we should plan for ten years. That means we should expect the total breakdown of all currently used key exchange systems within a decade, and put in place a strategy early enough that will allow us to implement quantum resilient in time to protect sensitive data for its full security life.
For some data it may already be too late: “harvesting attacks” could already be intercepting data today for decryption when quantum computers mature.
Building Quantum Resilience Now and in the Future
- Use true entropy random numbers. These are necessary for all quantum-resilient cryptography.
- Use longer keys for symmetric encryption: these will need to be twice as long as those used today to allow similar protection. Long, truly random symmetric keys can be used to wrap stored or replicated keys, protecting them from quantum attacks today.
- Keep abreast of NIST’s selections of new quantum-resistant encryption algorithms (QRA). Selection of the approved algorithms is expected in 2024.
- Ensure your key managers are post-quantum crypto-agile, i.e.: able to work with longer keys and new quantum-resistant algorithms (QRA).
- Explore key exchange and distribution solutions such as quantum key distribution (QKD) as they become available.
A Quantum Resilient Toolkit
qStream: Quantum Random Number Generator (QRNG)
The building blocks of cybersecurity lie in random numbers and truly random numbers remove vulnerabilities, building quantum resilience today. qStream is QuintessenceLabs’ quantum random number generator providing full-entropy random at 1 Gbit/s.
TSF: QRA Crypto-Agile Key Management (KMS)
QuintessenceLabs’ Trusted Security Foundation (TSF) is a secure platform for the generation, distribution, storage, management, and control of cryptographic objects, including quantum resistant keys and other cryptographic material. The TSF key and policy manager uses a quantum entropy source for key generation.
qOptica Quantum Key Distribution (QKD)
QuintessenceLabs is at the forefront of QKD development, delivering high and cost-effective deployments using standard networking components, including qOptica CV-QKD.
Quantum-Safe Methodology™ (QSM)
QuintessenceLabs experts work with customers, using our proprietary Quantum-Safe Methodology, to map out their quantum risk, define a roadmap to quantum safety, and deliver a quantum-safe solution.
Inside Quantum Key Distribution
QKD enables keys to be securely shared and is unique in quantum resilience because it is based on physics, not math, so quantum computers have no impact on its security. Attempts to eavesdrop on a transmission between two parties inevitably modifies the particles’ states, and the two parties can know if the key is secure or should be discarded.
In the future we may have a worldwide QKD network using satellites safely exchanging keys, and transporting them around the globe.
Nearer term, QKD will likely secure most sensitive links with quantum-resistant protecting less sensitive links.
Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now.
— Arvind Krishna, Chairman and CEO of IBM, May 2018