Securing data from the quantum threat using symmetric key agreement

Guest blog from Scott Alexander, Chief Product Officer of Arqit. Part of techUK's #SuperchargeUKTech Week 2023.

The UK National Quantum Strategy acknowledges the risks associated with the use of quantum technology: “one of the most well documented is the risk quantum computing will pose to national cyber security in the future by threatening the security of much of the existing public-key cryptography, upon which the information sharing and trust mechanisms of most modern systems depend.”

Bad actors are already engaged in ‘store now, decrypt later’ attacks, storing away sensitive data today, knowing they will have the ability to decrypt it in the future when quantum computers inevitably arrive. The National Cyber Security Centre has warned of the: “threat to key agreement is that an adversary collecting encrypted data today would be able to decrypt it in future, should they have access to a CRQC [Cryptographically Relevant Quantum Computer].”

The GSM Association (GSMA) also acknowledges the threat stating that the “quantum threat presents multiple high impact risks for the telecom industry and its users. Prior to the availability of a Cryptographically Relevant Quantum Computer (CRQC), motivated bad actors may harvest data and store it, with the goal of decrypting it once quantum computing capabilities become available. This attack undermines the security of data with long-lived confidentiality needs, such as corporate IP, state secrets or individual bio-data. It is widely believed that some actors are already engaging in this type of attack.”

The gold standard for protection against a quantum computing future is symmetric encryption, where two parties share the same key which they use for encryption and decryption. However, the difficulty has always been how two parties can agree this symmetric key in the first place. The asymmetric encryption methods we use today uses mathematical methods which we know can be broken with quantum computing algorithms, whereas fully symmetric key agreement is known to be robust.

The NCSC recognises that: “in contrast with PKC, the security of symmetric cryptography is not significantly impacted by quantum computers, and with suitable key sizes, existing symmetric algorithms - such as AES - can continue to be used.” AES refers to the Advanced Encryption Standard algorithm, a NIST approved standard that already is in use, and when used in at least a 256-bit implementation is quantum-safe.

In May 2022, the White House issued a National Security Memorandum that directed US agencies maintaining National Security Systems to “implement symmetric-key protections…to provide additional protection for quantum-vulnerable key exchanges” by 31 December 2023.

Quantum computing poses an existential threat to everyone’s cyber security and the world must begin a global upgrade to replace all encryption technologies. Whilst it is very positive that the UK Government has put mitigations in place for critical information and services, we need to ensure companies and organisations in the UK are given the guidanceand tools to protect their data now. There must be more weight placed on quantum security resilience.

Headquartered in the UK, Arqit is a leader in quantum-safe encryption. The actions of bad actors combined with rapid advancements in quantum computing technology continues to expand the threat surface, making traditional encryption methods (such as public key encryption or PKI) vulnerable to cyber-attacks. Arqit offers a core Symmetric Key Agreement (SKA) Platform-as-a-Service which can be used for any encryption task. Our groundbreaking technology, which guards against current and future cyber threats including spoofing, harvesting and tampering.

Arqit has developed three application products using our unique Symmetric Key Agreement Platform:

NetworkSecure™ Adaptor: Arqit and Fortinet have partnered to integrate FortiGate Next-Generation Firewalls with our Symmetric Key Agreement technology. This product provides symmetric keys that can be created and rotated on-demand, to encrypt and protect sensitive data between point-to-point VPN links. We also recently announced that with our technology alliance partner Juniper Networks, the availability of the world’s first integrated solution for quantum-safe VPN communications. By integrating our platform with Juniper Networks® vSRX Virtual Firewall, the resulting solution enables quantum-safe encrypted connectivity between customer locations, keeping data safe both at rest and in transit.
TradeSecure™ which generates and distributes digital trade finance instruments, protecting finance supply chains against disruption and fraud and improving their cash flow at the same time. Our first-of-its-kind technology can be deployed into any trade financing platform, giving customers quantum-safe security against all current and future cyber threats. Using distributed ledger technology, we provide customers with a unique referenceable and transferable digital finance instrument - which is easier to manage than paper-based alternatives.
WalletSecure™ which makes any Ethereum-based digital wallet used to store and transact digital asset transactions quantum-safe. Arqit believes that the mainstream adoption of digital assets is accelerating and that providing long term security is important to financial services company adoption of digital asset technology.

In an emerging world where advanced quantum computers will pose cyber security risks, Arqit’s innovative and commercially available products enable governments and enterprises to use quantum-safe Symmetric Key Agreement solutions to secure and safeguard VPN enabled data connections and digital assets.

techUK – Unleashing UK Tech and Innovation

The UK is home to emerging technologies that have the power to revolutionise entire industries. From quantum to semiconductors; from gaming to the New Space Economy, they all have the unique opportunity to help prepare for what comes next.

techUK members lead the development of these technologies. Together we are working with Government and other stakeholders to address tech innovation priorities and build an innovation ecosystem that will benefit people, society, economy and the planet - and unleash the UK as a global leader in tech and innovation.

For more information, or to get in touch, please visit our Innovation Hub and click ‘contact us’.