What the future holds for Quantum Cryptography
SecurityWeek recently published an in-depth piece on the practical future of quantum cryptography titled “Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse.”
There were some fascinating insights presented, including the imminent danger posed by quantum computing to current encryption models, dangers beyond those that are generally discussed in the non-quantum-focused media.
The “Cryptopocalypse” – and what it means for Quantum Communications
One of the key concepts referred to in the piece is the “Cryptopocalypse,” a concept that has been around for a while (see for example Schneier on Security’s piece from 2013) – that is, the time in the not-too-distant future when current PKI-encrypted data will be able to be accessed as plain text.
Many people erroneously believe that quantum cryptography will only become relevant once quantum computers are fully mature. The article points out several reasons why this is not the case.
1. Relevant Quantum Computing Power Is Almost Here
The tipping point in terms of breaking current encryption methods will be when quantum computers are powerful enough to use Shor’s algorithm to crack PKI encryption.
As a quick primer for those unfamiliar with these terms, Public Key Infrastructure (PKI) is the umbrella term for everything needed to manage public key encryption – one of the most popular ways to encrypt data today. Comprising public and private keys, these keys are encrypted by complex algorithms which up until now have been relatively safe.
Shor’s algorithm, developed by mathematician Peter Shor, essentially opens the door to using quantum computers, when they are powerful enough, to break these common encryption methods.
Most algorithms today rely on hard mathematical problems including the integer factorization problem, the discrete logarithm problem, and the elliptic-curve discrete logarithm problem – all of which can be solved on a quantum computer powerful enough to run Shor’s algorithm.
One of the novel points of the SecurityWeek article is that although general purpose quantum computers might be decades away, cryptanalytically-relevant quantum computers (CRQCs) – a computer capable of running Shor’s algorithm – will likely be with us within the decade.
It’s no wonder that IBM has labeled this an “existential threat” to data encryption.
2. Harvest now, decrypt later
Bad actors are stealing data now, that can then be encrypted as soon as their computers are powerful and mature enough to do so. While estimates abound, no one is sure exactly how advanced certain governments, intelligence agencies, or well-funded malicious actors may be.
In order to protect their secrets in the future, organizations are having to future-proof their data today.
3. Getting a headstart on quantum encryption
Current encryption algorithms don’t necessarily have to be completely solved initially; using rapidly improving artificial intelligence, coupled with increasing computing power, current encryption methods can be significantly weakened if not solved outright.
As the article suggests, “It is also believed that quantum advancements don’t have to directly decrypt today’s encryption. If they weaken it by suggesting or probabilistically finding some better seeds for a classical algorithm and make that more efficient, that can result in a successful attack. And it’s no stretch to predict, speaking of predictions, that people are going to find ways to hack our encryption that we don’t even know about yet.”
Where are we now?
Just how far away are we from using Shor’s algorithm?
It’s estimated that a quantum computer capable of achieving this will need 1,000 to 2,000 logical qubits.
The IBM Quantum Roadmap shows that its Kookaburra system will achieve over 4,000 qubits by 2025, and scale quickly from there.
Currently, IBM’s Osprey is the most powerful quantum computer in the world, at 433 qubits.
Clearly, the need for quantum encryption has never been more pressing.
And this isn’t about sowing fear and panic. Logically, organizations that want to secure themselves for the future need to act today, because whichever quantum cryptography method they decide to utilize (PQC, QKD, or both) – will require non-trivial platform changes, which take time. For example, they will need to familiarize their IT and SecOps teams with the technologies, ensure their systems are adequately protected, and so on.
Protecting a Quantum future with Quantum Key Distribution (QKD)
Given the imminent collapse of current encryption methods, organizations must ensure that their data is protected against the quantum threat – today, and in the future.
One of the most mature technologies to emerge in this space is Quantum Key Distribution, or QKD. QKD is a secure communication method that implements a cryptographic protocol using components of quantum mechanics.
This method is considered unbreakable, and because it leverages physics as opposed to mathematics, it is not affected by increases in computing power, such as more powerful quantum computers.
QKD protects information today, and in future – both “harvest now, decrypt later,” and in a future when quantum computers powerful enough to use Shor’s algorithm will be ubiquitous.
What’s more, ensuring that an organization has QKD in place removes the target from its back, as attackers will know not to even “waste their time” in trying to steal or decrypt data.
QKD includes benefits over existing systems – and post-quantum cryptography – in that it can identify and bypass eavesdropping attempts.
QKD and Post-Quantum Cryptography
There is another method of protection, post-quantum cryptography. This method comprises cryptographic algorithms that are thought to be secure against quantum computing power.
While this approach has been adopted in the US by the NIST (National Institute of Standards and Technology), severe challenges remain. For example, one of the finalists in NIST’s competition to find the best technologies, called “SIKE,” had their algorithm broken by an ordinary PC in around an hour.
Many people believe that this algorithmic approach is not going to be effective against increasingly powerful quantum computers.
Having said that, the White House issued guidelines essentially backing the NIST proposal, starting with requiring agencies to “submit a prioritized inventory of information systems and assets, excluding national security systems, that contain CRQC-vulnerable cryptographic systems to ONCD and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA).”
Furthermore, President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law in December 2022.
The NIST’s exclusive focus on the post-quantum approach is seen as puzzling to some.
Arthur Herman, writing for Forbes, said it best, in an article entitled “What Does Europe Know About Quantum We Don’t?”
Herman notes that “While President Biden was visiting Europe, he should have stopped to take a close look at what the European Union and European countries and labs are doing to protect against future quantum computer attacks…
“…While the U.S. is betting all its quantum security chips on post-quantum cryptography, i.e. mathematically-based algorithms scientists and cryptographers hope will resist a future quantum computer assault—scientists, companies, and officials in Europe are investing in a technology that uses quantum science itself to secure data and networks, now and for decades into the future.
“In October 2018, the European Commission launched the first phase of the Quantum Technologies Flagship, 1 billion EURO, ten-year initiative, that pools resources for advancing quantum technology on a broad front. That includes building a future communication network based on Quantum Key Distribution (QKD), a technology that uses the principles of quantum mechanics for cryptography…
“…The bottom line is, QKD offers a hardware-based solution for quantum computer attack in the future…the Chinese understand this; they are forging ahead with QKD technology to harden their networks against our future quantum computers. Which raises the question: what do the Chinese, as well as the Europeans, understand about the future trajectory of quantum cryptography that we are missing?
QuantLR’s QKD approach
QuantLR believes that QKD is the most effective way to protect organizations’ data now, and into the future.
QuantLR’s commercially available QKD-based products – with a range of solutions optimized for different network link characteristics – have been successfully tested by the likes of NVIDIA and the Israeli Defense community – and have been shown to provide the most cost-effective solution while offering maximum data protection.