The talk about quantum computers has caught on in recent years. Among the major quantum computing and quantum cryptography news that has come out, Microsoft has been hiring top-notch quantum computing scientists. Intel too has plans to transform silicon chips into quantum processors that can host millions of qubits (quantum bits that are basic units that carry quantum information). Such quantum processors are useful for building, for example, an AI based on a neural network of quantum computing devices. Researchers at Tohoku University in Japan have shown a proof-of-concept for this. Earlier this year, the world’s leading pioneer in quantum computers, D-Wave, announced that it is open-sourcing quantum computing software. Further, China’s milestone in developing quantum computer and IBM’s quantum computing processors are exciting developments in the Quantum computing arena.
Kaspersky envisages pretty extreme scenarios regarding quantum computing: it may spell a doom for the future or bring salvation. The current state of cryptography leaves not much to doubt that doom is the more likely outcome. The thesis that “cryptography is one of the very few fields where adversarial conflict continues to heavily favor the defender” could be simply blown to bits until and unless effective and robust quantum cryptography algorithms are developed and adopted widely.
The catch, however, is that quantum cryptography algorithms require a whole lot more computing power than what today’s conventional computers can provide. The good news is that work on quantum computer devices is already on and we may soon have a quantum computer with immense computing power to defend against attackers. The attackers will, however, continue to develop new capabilities to attack and cryptography algorithms need to be always a step ahead.
No Eavesdropping with Quantum Communication
One of the fundamental problems in ensuring secure communication is eavesdropping. Attackers can drop on the conversation and read the conversation bits without either the sender or receiver knowing anything about eavesdropping. Communication using quantum computers guarantees no eavesdropping on the communication between the sender and the receiver. A connection that uses single micro-particles for transmission is immune to eavesdropping. The moment an attacker tries to eavesdrop by trying to read one parameter of the quantum particle, another parameter is altered. Any attempt to spy on a communication results in the alteration of the transmitted message.
In quantum communications, an unwanted third party monitoring the connection is known as significant interference. To have secure communication, this significant interference has to be eliminated. Modern quantum cryptosystems use “quantum” communication channels to exchange the session encryption keys. The keys then encrypt the information, which is transmitted using traditional channels. Therefore, a key that has been snooped on is immediately rejected and anew key is exchanged. This is done repeatedly until an unaltered transmission takes place, meaning that the key is securely transmitted. Quantum key distribution (QKD) system is being used exactly in the same role as asymmetric cryptoalgorithms, which may fall to quantum attacks soon.
Even though quantum computers don’t exist yet, security companies are preparing to protect against them.
How Dire is the Need of Quantum Encryption Algorithms
NSA has already strongly advocated the use of quantum-computer-proof encryption algorithms for online banking transactions. The currently used algorithms would prove no match for quantum computers.
That’s where companies like Security Innovation can help. Security Innovation is now part of a small but expanding industry offering to help companies plan and address grave concerns related to havoc that might be wreaked due to encryption not ready for computing prowess of quantum computers. Regarding NSA issuing warning about the impending threat, Gene Carter, Director, Product Management at Security Innovation says, “At that point we no longer had to convince people this was a real threat. We had people calling us and saying ‘Help!’”
Practical quantum computers that might seriously challenge today’s encryption might still be a number of years away. Cryptographers concur that there is still a lot of research efforts needed for encryption systems that can be considered safe from Quantum computers, including NRTU. But the potential meltdown the world may face with arrival of quantum computers with online transactions still relying on encryption based on classical computing has rung the alarm bells loud enough.
The National Institute of Standards and Technology has asked government agencies to adopt encryption capable of countering quantum computers by 2025. Leading companies in this field such as Security Innovation and some others confirm that some of their clients are already assessing how they can counter a quantum-computer-enabled world and starting to experiment with early-stage, quantum-proof encryption schemes.
When do Companies Need to Act?
Atos is a leading IT services giant that is actively working to ensure quantum preparedness. Frederik Kerling, responsible for quantum-safe encryption mechanisms at the company, unequivocally states that upgrading security infrastructure to ensure quantum-preparedness is a huge exercise and companies dealing with sensitive data must start their efforts right away in this direction.
Kerling says, “Encryption is hidden everywhere inside organizations, inside hardware and software, and you need to know where it is if you are going to be able to upgrade it.” The companies that are seriously considering making efforts to be ready for quantam-safe-encryption era are only a handful today, but with growing awareness the market will see a rapid growth in the coming years.
IT giants such as Google and Microsoft have been consistently making more investments in quantum computing research, and it has seen a spurt in recent times. Kerling mentions the important role played by the IBM project last year that involved putting an experimental quantum chip online. The project has influenced many executives across companies to seriously consider the security implications of the quantum computing and start thinking about making security provisions for it.
World’s leading technology companies are now actively developing new forms of encryption that are robust enough to face the computing prowess of the quantum computers in future. Cisco and Amazon are actively involved with efforts of European and international standards groups. Microsoft too is taking a keen interest; it has recently tested a quantum-resistant variant of an encryption for securing webpages. Google is trying to bring a quantum-computing algorithm, tentatively dubbed “New Hope” to Chrome, the popular web browser. Currently, it is testing the algorithm.
The Counter View, and Problems Associated with it
There are people with counter views as well. One of them is Cryptographer Bruce Schneier, chief technology officer at Resilient Systems. Schneier opines that although research on encryption algorithms ready for quantum computing and other related aspects from government agencies such as NIST is quite important and a step in the right direction, but the idea companies getting fully engaged in building capacities right away to counter the quantum computing era is taking things too far too early. He says, “Companies don’t need to think about this yet.”
Michele Mosca, cofounder of the Institute for Quantum Computing at the University of Waterloo, Canada, and cofounder of post-quantum security company EvolutionQ, argues that for companies that deal with data that might remain valueable for several years to come (medical and financial records, for example) starting now wouldn’t be too early; rather, it would be quite beneficial.
Mosca further adds that companies dealing with such sensitive data must start now with their efforts to safeguard their data. The data that is lying secured in encrypted form behind the secure firewalls might become too risky to store in this form in the future with the advent of quantum computers. The road to such a radical change in securing the data using new encryption mechanisms is a long and complicated one. Until the companies start engaging now and at least start thinking about developing strategies and preparing roadmaps, they will fall woefully short of ways to quickly deploy quantum-secure encryption when standards bodies and governments mandates the use of such new encryption mechanisms.
Mosca estimates roughly a 14% chance that by 2026 someone develops a quantum computer capable of easily breaking today’s most secure encryption mechanisms. This someone is most likely not an individual but a state. “The industry’s usual recipe of waiting for catastrophe and then fixing it is very risky,” he says.
Learn more: https://amyxinternetofthings.com/