The truth about quantum risk cryptography and being ‘quantum safe’

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

The creation of classical computing may have paved the way for the modern enterprise, but it’s also barely scratched the surface of the limits of data processing potential. In the future, quantum computers will amplify the resources that organizations have available to process their data. 

While quantum computing will unlock powerful analytics and artificial intelligence (AI) processing capabilities, it also opens the door to serious security vulnerabilities, due to the ability of these computers to decrypt public-key algorithms. 

This would give cybercriminals and nation-states the ability to openly decrypt information protected by public-key algorithms — not just in the future, but also retrospectively — by collecting encrypted data today to decrypt when quantum computers finally reach maturity. 

Although researchers estimate that quantum computers could be able to do this as soon as 2030, with the Biden administration’s CHIPS and Science Act [subscription required] being approved by Congress last week –  and setting aside $52 billion in subsidies to support semiconductor manufacturers, and $200 billion to aid research in AI, robotics and quantum computing – this development could happen much sooner. 


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

The truth about quantum risk 

The idea of quantum risk dates back to 1994, when mathematician and researcher Peter Shor created Shor’s algorithm, and discovered that it was theoretically possible to break cryptographic algorithms with number factorization.  

This first highlighted the vulnerability of public-key algorithms that weren’t able to offer this level of factorization. However, not all forms of public-key encryption are as susceptible to exploitation as others, so it’s important not to panic about quantum risk. 

“Quantum computers cracking crypto sounds scary and will get people reading, but the reality is much more nuanced. Will some types of QC eventually be able to decode some of today’s best crypto? Almost certainly. Will we have time to put measures in place before that happens? Signs point to yes,” said Brian Hopkins, Forrester analyst. 

Hopkins explains that, on the one hand, asymmetric key encryption algorithms like PKI are the most vulnerable, while symmetric key encryption is much less vulnerable, and one-time pads would remain “pretty much unbreakable.” 

For Hopkins, the main risk posed by quantum computers lies in the fact that small advances in their infrastructure can oustrip classical systems and rapidly change the threat landscape. 

“If one of these firms [IBM, HPE, IonQ, Rigetti] figures out how to scale high-quality qubits more easily, we could see machines that double or triple in qubit number and quality every year to 18 months,” Hopkins said. “That means we could go from nothing to ‘oh no’ in a few months.” 

The risk today: Harvest now, decrypt later 

Although it’s unclear when quantum computers will have the ability to decrypt public key algorithms, many commentators are concerned that threat actors and nation-states are in the process of stockpiling data that’s encrypted today, which they will then decrypt when quantum computing advances.

“One of the biggest risks at present is what’s known as a HNDL attack This is an acronym for “harvest now, decrypt later,” where encrypted data is captured, stored and held onto until a quantum computer is able to unlock it,” said Vikram Sharma, founder and CEO, QuintessenceLabs. 

“While this intercepted data is encrypted, this is a false sense of security; it will easily be decrypted by a threat actor with access to a quantum computer,” Sharma said. Above all, new investments in quantum tech and geopolitical motivations mean “the quantum risk threat has shifted from no longer if, to when.” 

How do CISOs and security leaders need to react? 

One of the challenges around reacting to post-quantum threats is the lack of certainty around the future threat landscape, and what technologies are required to defend against them. Together, these factors make it difficult to justify investment in preventative and defensive post-quantum technologies. 

Fortunately, post-quantum cryptography (PQC) solutions, essentially encryption services that can’t be decrypted by quantum computers, offer a strong answer to these next-generation threats. 

The key to being prepared for the evolving threat landscape is to act quickly. As Sharma said, “By the time companies start ‘feeling’ risk from a quantum computer, it will be much too late, because data that was stolen years ago will have been decrypted.” 

A simple first step is for organizations to start identifying data assets that could be vulnerable to the decryption of public-key algorithms. Conducting a quantum risk assessment can help them identify the impact a post-quantum incident could have on the organization as a whole. 

With this information, security leaders can start to build a business case to justify spending on quantum resilience, identifying the potential financial impact of such an event, and put forward a proposed timeline to adopt any defensive solutions like PQC, quantum key distribution (QKD) or quantum random number generation (QRNG). 

What defensive solutions are available? Quantum cryptography 

Just a month ago, NIST finally announced the first four post-quantum algorithms it would be choosing as its new post-quantum cryptographic standard. 

“This means those organizations facing advanced persistent threats (from nation-states, in particular) now have guidance on how to select quantum-resistant encryption for their highest-secrecy data moving forward,” said Kayne McGladrey, IEEE senior member. 

As part of the announcement, NIST selected some core algorithms for enterprise use cases. These include the CRYSTALS-Kyber algorithm for general encryption, and CRYSTALS-Dilithium, FALCON and SPHINCS+ for digital signatures (although it recommended Dilithium as the primary digital signature algorithm). 

Vadim Lyubashevsky, a Cryptography Research Scientist at IBM who worked on Cyber and Dilithium, explains that the CRYSTALS-Kyber algorithm is extremely fast, with short public-key and ciphertext sizes, while Dilithium is advantageous over FALCON because it’s easier to implement and less error-prone. 

Though these solutions are effective, Lyubashevsky warns that organizations should expect to mix adoption of quantum encryption alongside traditional public-key algorithms.  

“Realistically, what organizations should expect to implement are hybrid strategies that blend both quantum-safe protocols with existing cryptographic standards to ensure data is secure and protected against threats that exist now and that will arise in the near future,” Lyubashevsky said. 

“As the era of quantum computing may arrive very soon, it is worth starting early on the journey to move from ‘safe’ to ‘quantum safe.’ The first step to get there is education: Understand quantum-safe cryptography and what its implications are for your organization. Partner with cryptographic experts to future-proof data encryption and make decisions that will protect your systems well into the future,” Lyubashevsky said.

Originally appeared on: TheSpuzz