With MI6’s recent admission that it needs to “tap into” the global technology industry to keep up with China’s quantum computing mastery, staying secure against this new computing paradigm is a top priority for world leaders.
While many still see quantum computing in the realm of sci-fi, practicable quantum computing inches closer to becoming a reality every day. If an actor were to successfully harness quantum computing – such as China, the most advanced to date – the entire global digital infrastructure would be rendered obsolete overnight.
Quantum computing holds immense potential, but it also presents catastrophic cybersecurity risks. If sufficient quantum computing potential falls into the hands of a hostile power, the cryptographic basis that underpins every aspect of modern digital infrastructure could be rendered useless overnight. The moment this happens is known as the ‘Quantum Apocalypse’.
Quantum explained
Quantum computers take advantage of the nature of quantum physics to create an entirely new computing paradigm different from the traditional 0/1 binary-based, gated computers we have been using since the 1950s.
Instead, they run on quantum bits (known as qubits), which can superpose and entangle themselves in order to perform multiple processes simultaneously. A qubit can represent one or zero, or also a third condition which represents a ‘coherent superposition’ of the two. Because qubits are not limited to two simple on/off states, each new stable qubit added to a quantum computing system increases its power much more quickly than for its traditional counterpart.
The nature of how they calculate gives quantum computers a vast advantage over traditional digital computers for some specific types of task. Two of these happen to be factoring large numbers down to their primes, and another is calculating elliptic curves. This is important because the cryptographic algorithms used to encrypt data throughout the world’s global digital infrastructure depend on these two mathematical functions, and should they break down, encryption as we know it will collapse.
Therefore, when these algorithms are compromised, the foundational security of all digital systems will be insecure. The modern systems of finance, commerce, communication, transportation, manufacturing, energy, government, and healthcare will, for all intents and purposes, cease to function, as the encryption they rely on crumbles. This is the nightmare scenario MI6 fears.
What next?
However, it’s not all doom and gloom. To protect from the Quantum Apocalypse, governments and organisations need to migrate the global public key infrastructure (PKI) away from existing algorithms to new quantum resistant cryptographic approaches. As of now, experts in the security industry, academia, and government are working on this problem, seeking to discover, define, and codify the best encryption algorithms to current standards. An international combined effort of academia, industry, and the US’ National Institute of Standards and Technology (NIST) has winnowed a list of more than eighty initial candidates down to slightly more than ten possible approaches today. While the final cryptographic approaches remain to be determined, the cryptographic community is highly confident that one or more of these ultimately will fit the bill.
A winning encryption algorithm must be:
- Fast to encrypt for a traditional computer
- Fast to decrypt for a traditional computer using the private key
- Prohibitively difficult to decrypt in a brute force attack for either a quantum computer or a traditional computer
- Able to produce encrypted data that is efficient in size and not so “bloated” that it is impractical to use
- Compatible with the staggeringly complex array of hardware, software, and services that depend on standards-based Public Key Infrastructure (PKI) systems today
- Well, enough tested and understood that we could be confident it won’t prove highly vulnerable to future, unknown attacks
The PKI industry has also introduced technologies such as hybrid certificates which will enable the transition to the new quantum resistant algorithms. The time is now to start engaging with these technologies as toolkits have been made available.
Time is of the essence
Fortunately, despite the best efforts of nation states and mega-corporations, we are still in the early days of quantum computing, and researchers are getting ahead of this imminent threat. And, despite the work of Google, NASA, and IBM, the computers that will break modern day algorithms are not yet with us today. However, these machines are years – rather than decades – away, so now is the time to make sure basic PKI encryption is quantum-resistant. In order for digital lives to function in a post-quantum world, and to safely take advantage of the computing power available to us, time is of the essence.
Nick France, CTO at Sectigo
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.