The race in quantum cryptography is on and people from all walks of life whether academics, business or industrialists, are going to be affected by it.
The centuries old approach of encryption still holds importance while communication channels has advanced in this era. But with encryption, there are two problems: first the keys (keys generation, key calculations etc.) and second, their distribution.
It may not sound that old but when DES was broken, the temporary solution 3DES or Triple DES was implemented, until the modern asymmetric algorithm RSA was formulated and taken up as an encryption standard for communication moving to and fro within the cyberspace. But now, looks like the days of RSA would be over soon, the moment Quantum computing is the new norm.
The threat before the threat: Harvest now, decrypt later
So there are two actors in the cryptographic stories: The good and the bad. Since the current RSA is possible to be broken once the world makes transition to Quantum Computing, the bad actors are stealing encrypted data of today to decrypt it later. The good actors must, thus, go for a proactive approach and turn to quantum-safe algorithms.
While the research paper which claimed to have broken RSA encryption may not have practical applications for businesses right now, this is very useful for hackers.
According to a Quantum expert, Tim Callan, who is the Chief Experience Officer at Sectigo, businesses and governments should be wary of hackers adopting the method of ‘harvest now, decrypt later’. While quantum decryption may not be today’s reality, it will be soon. This is why there is no time to lose in transitioning to quantum-safe algorithms. He further adds to the comment:
“The evolution of quantum computers creates a significant threat to data security: their immense processing power is capable of breaking encryption at great speed, leaving important data vulnerable, everything from bank account details to medical records to state secrets. This scenario is so alarming that specialists refer to it as the ‘Quantum Apocalypse’. The recent claim that researchers have broken encryption invites us to wonder if the quantum apocalypse is already here. However, at present this ‘breakthrough’ remains theoretical. It appears that we would need the owner of a sufficiently powerful quantum computer, such as IBM, to answer this question by testing it in real life. The critical output of such a test would be to learn how long it would take one of these quantum computers to break our standard encryption. After all, there’s a great difference between, let’s say, 6 months and 10 years.
While this report might not make the Quantum Apocalypse a reality for the present, it definitely deserves our attention. It’s only a matter of time before quantum computers render the world’s existing cryptography useless, and organizations need to prepare now for the transition to new “post-quantum” cryptographic algorithms that are on the way.”
The governments and businesses must take up a strategy on cryptography with a cryptoagility strategy in order to be quantum-ready.
What is Quantum Internet (Quantum Computing) and how does it different from internet of today?
Over the years, Internet has evolved from mere ARPANET to the modern World Wide Web. Not only, the underlying technology has evolved, but also the needs of the people of every age have evolved with technology. At every stage, improved applications became the prime need for business and daily life communication. With improvement in internet technology, improvement in productivity was also seen in business, academics, research and communication. We are now heading towards, what is called, The Quantum Internet. This has the potential to revolutionize the way we see internet today.
Quantum Internet is derived from Quantum technology. Quantum technology requires quantum computers that send and receive quantum data from one quantum system to another. The quantum data is comprised of quantum bits called qubits. Qubits hold a very special importance in the development of the Quantum technology. Unlike regular bits that we know today, qubits can hold the information 0 and 1 at the same time. Due to the natures of qubits, a regular processor can’t process them and regular internet can’t incorporate this technology to grow. Quantum technology can provide Quantum internet that can run in parallel with the regular internet we have today.
Qubits have inherently many special “powers” that make them not disclose any information they share once they are inside an entanglement. Two entangled qubits form a private connection that can’t be intercepted or eavesdropped upon, thus, the qubits entanglement is inherently private.
Quantum internet is thus, a network that has the capability to connect quantum devices via specialized quantum links in addition to the current links.
How can quantum computing used to enable quantum cryptography?
Quantum Key Distribution (QKD) use photons to distribute keys. Thus, with quantum computing, key distribution wouldn’t be a problem. This is in essence not only secure, but also unbreakable. Any eavesdropping activity will be detected then and there.
Some more threats of quantum
- Breakdown of Blockchain algorithms
With quantum technology, there is an evident risk to blockchain algorithms and crypto economy. Since the asymmetric algorithms e.g. RSA would be broken with the advent of quantum, any technology that is inherently dependent on such algorithms must become vulnerable as well. Thus the data would be maliciously manipulated. Companies and consumers who are investing in Blockchain may face this huge risk. They will be exposed to Storage attacks where the hacktivists would be targeting vulnerable addresses to steal funds- directly. Hundreds of billions of dollars’.
- Blockchain Transit attacks
In such an attack, the hacktivist who is in the possession of a large quantum computer, can hijack a blockchain transaction in transit. Once hijacked successfully, the funds can then be redirected to the hacktivists’ own address. In reality, this attacks would take millions of qubits, so the chances of this attack is less than that of storage attacks. Mitigating such an attack is not easy. It would involve changing the Blockchain’s underlying cryptographic algorithm.
- Helium supply problem
Now this may not look like a pretty edgy problem, helium supply is needed for the cooling of quantum computers. With much less supply of helium on our planet, the cooling of such devices would be a challenge. Helium based cooling mechanism is required to keep the particles as stationary as possible. Companies who take on the Quantum leap, must ensure that there is enough helium to operate their equipment.
- Exposed Web Interactions
Nonetheless, all communication on the web, even if it end to end encrypted, is based on modern encryption algorithms. Not only the data in the cloud will become at risk, but all the cloud based communication will become at risk that is based on modern encryption algorithms.
What can businesses and governments do to be quantum – ready?
Many organizations of today are aware of the threats to quantum. According to a survey conducted by Deloitte, over 400 working professionals are aware of the benefits of quantum internet and about over half believed that the organizations is which they wok are at a risk to harvest now, decrypt later attacks.
Various cybersecurity agencies around the world are urging organizations to prepare for post quantum threats. NIST is expected to publish its post-quantum cryptography standard by the year 2024. Over the next 10 years, more directions would be given to government agencies on quantum cybersecurity as well as cloud providers. An increasing effort to increase the range of technical standards are needed to help organization mitigate the risks of post-quantum threats.
Final thoughts…
The fault tolerant quantum computing will soon be able to break current encryption methods that are considered unbreakable as of now. The potential of future compromise has started from this day or the pre-quantum era with the Harvest now, decrypt Later attacks. While any organization whose data is stolen from the HNDL attacks may take it for granted since the data was encrypted, it is alarming for them that once quantum has hit the cyberspace, the existing encryption mechanisms will all be broken and the data would be breached.
Its high time that companies look for alternated on encryption algorithms and head towards quantum –safe algorithms. Starting to prepare ahead of time is always a great idea to achieve protection against quantum threats. The quantum era is expected to be a reality in 20 years’ time. Many experts argue would the data be of any value in 20 years? but with advancement in technology and given the amount of resources, this time frame may reduce. Hybrid solutions is one approach to fix cybersecurity issues due to quantum threats where organizations can integrate
The cybersecurity experts, industrialists, researchers should all join hands together to make the cyberspace safe with safer algorithms in place. However, given the amount of cyber-attacks these days and a major skill gap in cybersecurity domain, dealing with quantum threats is yet another challenge that cybersecurity leaders and must give attention to.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.