Securing information in the quantum era
Quantum computing brings many benefits, but can't be at the expense of data and system security
15 November 2021 | 0
In association with CyberHive
Internet traffic has seen a staggering, albeit expected increase since the pandemic. Everything from online gaming, shopping, learning, banking, and streaming services, have all experienced an immense boost in consumption, as society has sought to survive and escape reality.
Companies are adapting to their employees remote working – working over longer periods, transferring more files, and having more online conversations. Those quick discussions that could have happened at the coffee machine, are now happening over video calls, chat messages or e-mails. How many more emails and meetings are you having now daily?
Three quarters of Internet users in Ireland conducted meetings via video conferencing apps last year, compared with just under half in 2019.
With all this increased data traffic (both personal and professional), it brings the importance of data security to the forefront. Cyber attacks are on the increase and are growing in sophistication, so how do we better secure our data secure from any unauthorised access?
Tried and tested encryption has been the literal key, in helping to protect our sensitive personal information and business secrets – converting the information into mathematical code, making it tricky to break with without the correct key to decrypt it.
In use for over four decades, the main data encryption techniques have been one of two main exchange methods – symmetric and asymmetric cryptography.
Symmetric encryption (i.e. AES, 3DES) is used where a single pre-shared key is used to both encrypt and decrypt the data. It is generally efficient and preferred where large amounts of data need to be exchanged securely. Establishing that shared key is the challenge, especially over a public network, so in many cases asymmetric has to be used initially to establish the secret.
Asymmetric key exchange protocols (i.e. RSA, Diffie-Hellman, Elliptic Curve) use two separate keys, and is known as ‘public-key encryption’, and we use it every day when browsing the Web, sending e-mail, and digitally signing files.
Cracking these algorithms in general via brute force or cryptanalysis can be done given enough time, but is exhaustive. AES-256 has theoretically 2^256 possible keys which is an unfathomably large number, 1.1 followed by 77 zeroes to be exact. A brute force attack would take a lot longer than the age of the universe, making any attempt intractable with a classical computer, but with continuous development in quantum computing this timescale is reduced exponentially.
Step in Lov Grover and Peter Shor in the early 1990’s. Grover’s algorithm, otherwise known as the quantum search function, reduces the brute force attack time to its square root, so AES-256 straight away gets reduced to 2^128. As, instead of checking possibilities one by one, it creates a superposition of all possible answers in one operation, and repeatedly removes states that are not probable solutions. Shor’s algorithm on the other hand is great at reducing the number of steps to factor big numbers. Thus, more easily revealing the private key associated with a given public key which revolve around the computational difficulty in finding the prime factors of a large number – the basis of RSA encryption.
So how do we protect our valuable data as we firmly approach the quantum computing era?
Approaches like post-quantum cryptography and quantum key distribution (QKD) are being explored as viable solutions. The possibilities of quantum computing will reap so many benefits, but we do not want it to be at the expense of our data and system security.
Government security protocols and standards need to be ratified and implemented. Both the UK’s NCSC (National Cyber Security Centre) and the US’ NSA (National Security Agency) agree that the best mitigation against this threat is post-quantum cryptography. In fact, a NIST (National Institute of Standards and Technology) Post-quantum Cryptography Standardization Project is in its final stages, with official standards expected to be announced shortly.
Whilst quantum computers may seem like decades away, organisations need to take a proactive approach now – assess, prepare and manage their cyber security risk. With the increase in replay or playback attacks, you need to think about how sensitive and secure the data on your network is today. Cybercriminals are inevitably harvesting AES/RSA secured data passively now and storing it for the future where the application of a quantum algorithm could decrypt it effectively.
CyberHive aims to stay one step ahead of the attackers and one step ahead of technology. Our post-quantum resistant technology minimises the risk of data being decrypted in the future and can protect your sensitive information assets for years to come.