During this time of digital transformation, new innovations are appearing at lightning speed. For years, we’ve seen improvements in computers with manufacturers aiming for everything to be faster and faster.
Jordan van den Akker
Now, they’re deeply engaged in a race to make quantum computers widely available. These quantum computers will outstrip the performance of existing supercomputers, but also introduce threats to people and businesses.
So what will happen when the first quantum computers enter the market? What are the opportunities and threats?
1. First off, what is quantum computing?
In January 2019, IBM built the first commercial quantum computer. Based on the science of quantum physics, it communicated in a completely different way from existing computers. This new approach has enabled computers to not only become much faster, but, with improved technology, to enable things that were previously impossible.
Based on this new technique, Google achieved a breakthrough that was referenced in the renowned scientific journal Nature:
“The calculation is…a demonstration of what the special computer called Sycamore can do. The achievement has been compared by scientists to the Wright brothers’ first plane flight. Sycamore calculated a complex combination of sums in 3 minutes and 20 seconds. This calculation would take at least 10,000 years with a standard computer, Google claims.”
Today’s widely used computers work on the basis of bits and bytes – so 0 and 1s – also known as a binary method. When communicating, they’re limited to the binary combinations they can create using 0s and 1s.
Quantum computing is based on non-binary technology, which means the possibilities between 0 and 1 can be used. Suddenly, it’s not only black and white – it’s grey too. Something can be a 0 for 70% and a 1 for 30%, or any other ratio. This technological change has an enormous impact on the world as we know it today and on our current way of working.
It raises questions such as:
- Where do we communicate digitally in our processes, and how could we optimise this further?
- What is encrypted and how does quantum computing change this?
- How does quantum computing affect digital identities in our current and future software?
- What role will security by design play in relation to quantum computing?
2. What impact could quantum computing have on (cyber)security?
Quantum computing’s superpowers open up many possibilities, such as enabling complex analyses in the medical world. But there’s also cause for concern when it comes to security and, in particular, cybersecurity. This extra computing power could, for example, crack the current cryptography (which involves encryption and decryption) in our daily communications.
Encryption is when you take data and convert it into an inexplicable code. A complex mathematical formula converts data into securely encrypted messages to be then sent and/or stored. Both encryption and decryption (converting code back to readable data) are done using a digital key.
There are two main categories when it comes to the encryption and decryption of information: symmetrical and asymmetrical. Symmetric cryptography uses the same key for encryption and decryption. With asymmetric cryptography, you have a private key and a public key. The public key is shared, so other people can encrypt messages for the key’s owner. The private key is only stored by the owner and recipient, so only the recipient can decrypt the message.
Symmetric cryptography is considerably faster than the asymmetric approach. For this reason, it’s mainly used in everyday communication and to encrypt stored data.
Asymmetric cryptography is mainly used for the secure exchange of symmetric keys and for digitally verifying or signing messages, documents and certificates that link public keys to the identity of their owners. It’s also used for authentication and encryption, with the big advantage that you can encrypt something that only you can read (because only you have the private key). The latter is mainly seen when identity and communication have to be linked for security purposes – for example, secure communication between governments or between citizens and their government.
3. How might quantum computing be used in a cyberattack?
In terms of symmetric encryption, the easiest way to crack a code is to try all possible keys until one works. Conventional computers can do this, but it’s very difficult and time consuming. Quantum computing, however, speeds up the process. This issue is relatively easy to solve by using longer key lengths, so it takes even quantum computing a long time to crack the code. But what about old, encrypted data in storage? And what if encrypted data has already been leaked?
Cryptography for public keys presents an even bigger problem because of the way calculations are used. Currently, the algorithms RSA, Diffie-Hellman and elliptic curve are widely used. By using quantum computing, you can start with the public key and calculate the private key mathematically without trying all the possibilities.
If an RSA algorithm is used, for example, the private key can be calculated by decomposing a number that’s the product of two prime numbers – for example, 15 is the product of 3 multiplied by 5. Until now, public key encryption using very long key pairs was unbreakable. But sufficiently sophisticated quantum computers could crack even 4,096-bit key pairs in just a few hours.
4. How can I protect my organization’s security from quantum computing?
Fortunately, researchers have been working on public-key algorithms that could withstand quantum computers’ attempts to break code, while also maintaining trust in certificate authorities, digital signatures and encrypted messages.
In particular, the US National Institute of Standards and Technology has already evaluated 69 potential new methods for what it calls post-quantum cryptography. And has recently shortlisted seven options.
“NIST expects to have a draft standard in 2024 (if not earlier), which will then be implemented for digital certificates and holders (such as smart cards) and added to web browsers, apps and systems” NIST
Another alternative to public key cryptography for key exchange is the distribution of quantum keys. Here, quantum methods are used by the sender and receiver to create a symmetric key. These methods do, however, require special.
5. Why is now the right time to invest in protection?
Strong cryptography is vital for cybersecurity on both an individual and societal level. It provides the basis for secure transmission and data storage, and for verifying trusted connections between people and systems. This is especially important now lots of people are working from home and are sharing information and communicating online.
Quantum computers are currently only used in experiments by large tech companies and are economically and technically impossible to use on a larger scale. Today’s asymmetric algorithms, such as RSA, are still the standard for encrypting data, ensuring strong authentication and signing messages and software. And they continue to provide critical security for communications and transactions. Quantum computers aren’t expected to become available for several years, but it’s crucial you prepare for their arrival with a security strategy that incorporates a thorough risk analysis.
This risk analysis should show where secure communication, digital identities and encryption are used in your current processes. You can then prepare to take organisational, technical and individual measures that are quantum proof in the future. Your digital security strategy should, for example, clearly document which form of cryptography is used by your systems and how you could migrate to new quantum-proof algorithms.
Your strategy should also include a management system in which certificates, identities and associated keys are registered, validated, managed and revoked according to the current standard at that time.
So how could quantum computing affect your organisation? And do your current security measures have a degree of quantum agility?
Jordan van den Akker, Business Security Consultant at AET Europe
Souce: AET Europe
About AET
Higher level of Security
AET Europe is a global leader in the area of digital security solutions. Founded in 1998. We are specialized in creating secure solutions in identification, authentication, digital signing, consent and management of credentials.
We believe that in this digital world, security, privacy, and integrity are essential. To make this possible, we have developed strong solutions by using military grade technology. We have succeeded in translating everyday problems into easy to use applications. We enable businesses to meet compliance and high levels of security. Because we also believe usability is important we establish security at the core: Invisible and yet present in every solution using our products
Secure solutions
Our software solutions of SafeSign Identity Client, BlueX eID Management and ConsentID Identity Provider are used in Government, Healthcare, Finance and Enterprises. With our strong network of global partners, we have deployed more than 25 million SafeSign active licenses. Together with them, we enable our customers in more than 180 countries to deliver secure digital services for millions of citizens, patients, users but also for mobile devices.
Our Vision and Mission
No matter who you are or what you do; there is always a specific world you want, or need to access. AET makes this possible by creating the perfect technological solution in user identification, authentication and authorization: unlimited access, 24/7. We do not only believe your world should be accessible anytime. We are also determined to make this access easy and secure. At a time when almost everything is digital, security has become our main focus. By creating unlimited, secure and convenient access to your world, we ensure that you have the power to control your own world. You and nobody else.
In devising the best technological solutions, we need to be fast, smart and inventive. So that’s exactly what we are. We are also passionate: about technology; about our business; about the possibility of providing convenient access to different worlds.
In our vision, everyone can benefit from the technology we offer. Because everyone deserves reliable, safe and unlimited access to the world he or she wants to enter. Which world do you want to access?
Leia outros artigos da AET Europe aqui!
Data protection & digital identification – the current status in Europe
How to manage your TLS certificates under Google’s new rules? Hear
Safe handling of digital identities: 5 key questions.
If you want to know more about our international news, click here to access the International News Column at Portal Crypto Id.
Get defensive: A cybersecurity series
Brazilians mostly unaware of data protection regulations
Is quantum computing a cybersecurity threat?
Quantum Computing: Real or Exaggerated Threat to the Web PKI?