Which Types Of Encryption Will Remain Secure As Quantum Computing Develops – And Which Popular Ones Will Not
As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure.
The reason that such a major threat exists is simple – much of today’s data relies on the security of what are known as asymmetric encryption algorithms, and such algorithms rely for their security on the fact that the mathematics that they use to encrypt cannot easily be reversed in order to decrypt. (For those interested in the details: the most common difficult-to-reverse mathematics employed by asymmetric encryption systems are integer factorization, discrete logarithms, and elliptic-curve discrete logarithms).
While today’s computers cannot efficiently crack asymmetric encryption through the use of brute force – trying all possible values in order to discover a correct key could literally take centuries, and there are no shortcuts to doing so – we have already seen the dawn of so-called “quantum computers” – devices that leverage advanced physics to perform computing functions on large sets of data in super-efficient ways that are completely unachievable with classic computers. While it has long been believed that quantum computers could potentially undermine the integrity of various forms of encryption, in 1994, an American mathematician by the name of Peter Shor showed how a quantum algorithm could quickly solve integer factorization problems – transforming a theoretical risk into a time bomb. It became clear then that a powerful quantum computer utilizing Shor’s Algorithm could both make mincemeat out of modern encryption systems, as well as trivialize the performance of various other forms of complex math – and, since then, we have already seen this happen. Just a few years ago, Google’s early-generation quantum computer, Sycamore, for example, performed a calculation in 200 seconds that many experts believe would have taken the world’s then-most-powerful-classic-supercomputer, IBM Summit, somewhere between multiple days and multiple millennia to complete. Yes, 200 seconds for a de facto prototype vs multiple millennia for a mature super computer.
To protect data in the quantum computing era, therefore, we must change how we encrypt. To help the world achieve such an objective, the US National Institute of Standards and Technology (NIST) has been running a competition since 2016 to develop new quantum-proof standards for cryptography – winners are expected to be announced sometime in the next year, and multiple approaches are expected to be endorsed.
Some quantum-safe encryption methods that appear to be among the likely candidates to be selected by NIST employ what are known as lattice approaches – employing math that, at least as of today, we do not know how to undermine with quantum algorithms. While lattice approaches are likely to prove popular methods of addressing quantum supremacy in the near term, there is concern that some of their security might stem from their newness, and, that over time, mathematicians may discover quantum algorithms that render them potentially crackable.
Other candidates for NIST’s approval utilize what is known as code-based encryption – a time-tested method introduced in 1978 by Caltech Professor of Engineering, Robert McEliece; code-based encryption employs an error-correcting code, keys modified with linear transformations, and random junk data; while it is simple for parties with the decryption keys to remove the junk and decrypt, unauthorized parties seeking to decrypt face a huge challenge that remains effectively unsolvable by quantum algorithms, even after decades of analysis.
NIST’s candidates also utilize various other encryption approaches that, at least as of now, appear to be quantum safe.
Of course, security is not the only factor when it comes to deciding how to encrypt – practicality plays a big role as well. Any quantum-safe encryption approach that is going to be successful must be usable by the masses; especially as the world experiences the proliferation of smart devices constrained by minimal processing power, memory, and bandwidth, mathematical complexity and/or large minimum key sizes can render useless otherwise great encryption options.
In short, many of today’s popular asymmetric encryption methods (RSA, ECC, etc.) will be easily crackable by quantum computers in the not-so-distant future. (Modern asymmetric systems typically use asymmetric encryption to exchange keys that are then used for symmetric encryption – if the asymmetric part is not secure, the symmetric part is not either.) To address such risks we have quantum-safe encryption, a term that refers to encryption algorithms and systems, many of which already exist, that are believed to be resilient to cracking attempts performed by quantum computers.
While NIST is working on establishing “preferred methods” of quantum-safe encryption, sensitive data is already, now, being put at risk by quantum supremacy; as such, for many organizations, waiting for NIST may turn out to be a costly mistake. Additionally, the likely rush to retrofit existing systems with new encryption methods once NIST does produce recommendations may drive up the costs of related projects in terms of both time and money. With quantum-safe encryption solutions that leverage approaches submitted to NIST already available and running on today’s computers, the time to start thinking about quantum risks is not somewhere down the road, but now.
This post is sponsored by IronCAP™. Please click the link to learn more about IronCAP’s patent protected methods of keeping data safe against not only against today’s cyberattacks, but also against future attacks from quantum computers.