By Nils Gerhardt,Chief Technology Officer for Utimaco
In the summer, it was announced by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) that it had settled on four different algorithms (CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON and SPHINCS+) after 6 years of research into quantum computing. They have determined that these algorithms are most likely to withstand hacking from the quantum computers that are currently being developed.
Quantum computers pose a serious threat to our security as they are already substantially quicker than the fastest conventional supercomputers. Moreover, the somewhat strange, counterintuitive nature of quantum phenomena will have a striking impact on many businesses as they can perform calculations that would take a prohibitive amount of time on conventional computers.
The idea of a quantum, as opposed to binary, computer came to prominence in the 1980s, but only in recent years have working prototypes like IBM’s Eagle finally been developed. In fact, scientists had determined that quantum computers could break RSA public/private key encryption as early as 1994.
Despite international mathematical studies having limited importance outside of computer science circles, the theory of quantum computing underpins much of our digital security today. Many of these findings will come to play a crucial role in every aspect of our lives and businesses, even if we do not pay any attention to them.
Why quantum computing is critical for our security
While, in theory, existing classical computers could break RSA encryption, efforts to do so would in fact take around 300 trillion years. For quantum computers, however, by using Shor’s algorithm, they could break the same encryption in seconds if they have sufficient ‘qubits’, or quantum bits. It is highly unlikely that over the next couple of decades, desktop quantum computers, or even commercially available quantum computers will be operated by major companies from their server rooms, but governments and very large companies will have access to them.
We must be cautious as we prepare for post-quantum security, otherwise attackers could steal credit card information, encrypted patient data or compromise the security of cryptocurrency or signed documents, for example. Unless these are re-signed by both parties in a format that uses quantum computer resistant cryptography, digitally signed documents created before a switch to quantum-resistant algorithms would also be vulnerable, potentially invalidating millions of legal agreements. Even blockchains, which power the $2 trillion dollar cryptocurrency market and an increasingly large number of other applications, could be vulnerable to quantum computers.
Since digital documents are increasingly replacing documents signed by hand (many physical documents are now scanned and stored securely), it would even be possible for these to be retroactively altered. In a post-quantum world, every digitally signed document that didn’t have a physical equivalent could become vulnerable and legally unenforceable. Complications will also arise when companies with tens of millions of rental agreements and employment contracts on their servers will need these documents re-secured before quantum computers become a feasible threat.
How businesses should prepare for the post-quantum world
To prepare adequately and determine where post-quantum cryptography (PQC) and conventional cryptography can be used, businesses must understand which of their data needs protecting and what will be worthless to cybercriminals. A proof-of-concept that uses PQC or hybrid methods to protect data and roll out a company’s digital assets, for example, can be created before a plan is put in place. While some data becomes obsolete and useless to bad actors over time – other data will have long-term implications and will need to be protected indefinitely.
For some systems it will be a case of simply switching from using one method to another – Transport Layer Security, for instance, can be made quantum-resistant, and post-quantum cipher suites are already available in Amazon Web Services. This will mean that information that is in transit, for example credit card details being sent from a customer to an eCommerce retailer, should be able to be secured in any future transactions. Legacy systems might need to be significantly upgraded or replaced however, and fully rolling out quantum security over an organisation could take years to complete in some cases.
There are two options for when it comes to securing existing assets. Firstly, re-encrypt data with the new quantum-resistant algorithms. This can be time-consuming, however, as there are thousands or even millions of pieces of data that need to be encrypted. The alternative is to use ‘hybrid’ encryption, which has existing encryption left in place, with a layer of quantum-resistant encryption is placed over it. This can prove difficult since making files larger, and incorrectly implementing hybrid security could be as insecure as regular non-quantum safe security.
We should also consider the fact that full-scale quantum computers haven’t been developed yet. Thus, real-world testing may show that the four algorithms NIST has identified to be quantum-safe will not be as secure as we’d predicted. It is also worth noting that there are going to be further stages of evaluation, so some of the four may be dropped or added to by the next round. This results in further obstacles for security professionals dealing with a migration to quantum-resistant cryptography, but they could still potentially go all in on migrating to an algorithm that is shown to be unsafe by further testing or by tests against real quantum computers.
Based on our forty years of research into cybersecurity, we at Utimaco predict that rather than having a single dominant crypto scheme as we do today (predominated by RSA), there will be varied schemes – possibly all of the current NIST candidates. There are far more use cases for cryptography today than there were previously, such as IoT and Cloud devices, so there needs to be a diverse set of sizes and performance characteristics. It also provides an extra layer of security by effectively hedging our bets – bad actors may be able to crack one scheme but they won’t be able to crack them all. This means that everything from individual devices to whole organisations will need to become ‘crypto agile’, able to work flexibly across many different schemes.
What the future holds
Quantum computing is coming within the next decade, and when it arrives, a great deal of existing cryptography will be dismissed as useless. The transition period to secure your company’s data will certainly be challenging, costly exercise with no guarantee of security. Yet, we’ve been preparing for a post-quantum world for years and help companies significantly cut down the costs and time spent on transitioning to being safe against post-quantum world threats. Systems like our Hardware Security Module that provide crypto-agility or our cloud-based offerings make the transition process more efficient and can be updated as algorithms evolve.