Post-Quantum Cybersecurity: protecting our future
The promise of Quantum Computing is firmly on the horizon, advancements in development are already being reported with escalating momentum, and organisations large and small vying to deliver commercially viable quantum computing applications.
The appetite for this ‘future’ technology is great and applications endless, however, where some see the potential for widening the field of discovery and positive transformation, others see the potential for misuse and self-serving gains. A downside of quantum computing is its potential to break existing encryption standards - a game changer for cybercriminals and a headache for CISOs the world over.
From symmetric (i.e. AES) to asymmetric encryption (i.e. RSA), there are several encryption techniques to choose from, depending on your business. All encrypted connections rely on both ends either knowing a shared key or being able to use a public/private keypair.
For HTTPS encrypted connections there are two popular mechanisms for exchanging the session encryption key used to protect traffic - RSA and Diffie-Hellman.
Public/private key encryption algorithms such as RSA have been in use for over four decades and form a foundation of internet security. The public key can be known to everyone and is used for encrypting, while the private key is needed to decrypt. Their strength is due to the fact that solving certain types of mathematical problem, such as Prime Factorization, have always proved intractable.
Diffie-Hellman, also in use for over four decades, works differently by allowing each endpoint to agree on a pre-shared secret, a type of mathematical security known as the discrete logarithm problem, but the result is the same - a key that, in theory, can be used to encrypt data which can only be decrypted by the intended recipient.
The erosion of this mathematical certainty began in 1994 when Peter Shor created a factorization algorithm used to show that quantum computers would be able to solve these types of hard problems. Shor's algorithm was first publicly demonstrated running on a functional quantum computer in 2001. Following that, research into quantum computing has improved and expanded:
2006 First 12-qubit quantum computer demonstrated by MIT
2018 Google announced the production of a 72-qubit quantum chip
2021 Harvard researchers revealed their 256-qubit quantum computer
2021 Goldman Sachs invested in quantum technology with a goal of creating a several thousand qubit quantum computer in the next five years
The current gold standard of cryptography today is, in essence, already outdated and today’s communication devices could be vulnerable. Worryingly, data traffic can be recorded today and stored, to be cracked later when more capable quantum computers are available.
It’s a race against time to protect our data and to develop new post-quantum resistant encryption. The recommendation is not to wait until the technology is here, but to plan and level-up security provisions as soon as possible before they become obsolete.
The evolution in algorithms is a good starting place but government security protocols and standards need to be ratified and implemented. Both the NCSC (National Cyber Security Centre) and the NSA (National Security Agency) agree that the best mitigation against this threat is post-quantum cryptography. In fact, a NIST (National Institute of Standards and Technology) Post-Quantum Cryptography Standardization Project is in its final stages, with official standards expected to be announced shortly.
CyberHive is developing solutions to help prepare for the post-quantum era by leading the development of quantum-resistant cryptographic solutions for hardware, software and applications across business and industrial verticals.
Laura Foster
Laura is techUK’s Head of Programme for Technology and Innovation.
