The race to create large-scale quantum computers is on.
The US announced in August that it would pour US $625 million into five quantum research centres to stay ahead of competing nations. Earlier in September, China’s leading quantum physicist claimed to have built a quantum computer a million times greater than Google’s.
The quantum computing race has worried many, as hackers with large-scale quantum computers can easily break current encryption keys and render critical data vulnerable. Experts from Thales discuss these risks and how organisations can secure their systems.
Enter quantum computing
Quantum technology uses the principles of quantum computing to make calculations on a subatomic level, vastly increasing the processing power of a computer chip. This generates new algorithms that can solve complex problems faster than even the most advanced supercomputers today.
Any organisation planning to store data for decades must consider the risks quantum poses, says Alex Tay, ASEAN Sales Director, Cloud Protection & Licensing, Digital Identity and Security, Thales Group. These changes will have a transformative effect on areas including scientific and medical research, economic analysis, AI, Big Data, and many other disciplines which require large volumes of data and complex calculations.
Step 1: Practice Crypto Agility
Crypto Agility provides you with the ability to quickly react to cryptographic threats by implementing alternative methods of methods of encryption. The immense computing power of a quantum computer means that such encryption techniques could be broken in a matter of days, or even hours, while a ‘classical’ computer would take thousands of years to perform the equivalent task.
To resolve this, both classical and quantum-safe algorithms must be able to co-exist, says Tay.
In 2019, Thales announced its collaboration with ISARA Corp. and ID Quantique (IDQ), leading providers of complementary quantum-safe security solutions, to collaborate on a quantum-safe, crypto-agile solution designed to protect against the security threat of quantum computing. This allows for transition work to begin, while maintaining compliance to existing security standards.
Even though this threat will not be realized anytime soon, the time required to update the algorithms and its systems will take more than a decade, Tay adds. The underlying infrastructure can also be upgraded in phases, allowing for existing and upgraded quantum-safe systems to operate seamlessly.
Step 2: Combine multiple algorithms for maximum security
Any truly crypto-agile solution needs to be future-proof. Long-term data protection in a post-quantum computing world cannot be guaranteed without the incorporation of Quantum Random Number Generator (QRNG), Quantum Key Distribution (QKD).
Once an adversarial nation-state has access to a large-scale quantum computer, they will have the ability to break current public keys and read confidential data in clear text.
Even modified versions of current algorithms may not be resistant to a quantum attack, says Tay.
Waiting for next generation encryption standards, however, will put systems at risk. Rather than looking at these elements in isolation, organisations should combine Quantum Random Number Generator (QRNG), Quantum Key Distribution (QKD) and (when available) Quantum Resistant Algorithms (QRA) to achieve a solution that secures against quantum and classical attacks.
“Although the post-quantum era is still a few years away, practicing crypto agility now will help avoid expensive security retrofitting in the future as quantum computing becomes more prevalent,” he adds.
The threat from quantum computers is now a matter of “when”, not “if”. Governments must begin to address these threats now by identifying vulnerable cryptography and implementing hybrid encryption solutions.
Step 3: Take our Post-Quantum Risk Assessment
To find out how your organisation can upgrade existing systems to be quantum-safe, take the Post-Quantum Crypto Agility Risk Assessment Tool here.