By Vaclav Vincalek
News over the past few years reveals a quantum leap in interest:
- 2019 – Google achieved quantum supremacy
- June 2020 – Honeywell says it’s got the fastest quantum computer on the planet
- February 2021 – A quantum computer just solved a decades-old problem three million times faster than a classical computer
- October 2021 – China says it has a quantum computer a million times more powerful than Google’s
- November 2021 – IBM debuts quantum machine it says no standard computer can match.
The headlines would lead you to believe that (A) quantum computers are production-ready… (B) quantum computers will replace ‘classical’ computers shortly, and… (C) quantum computers are faster.
As with all headlines, the truth is somewhat different.
Yes, of course, quantum computing is improving rapidly. There’s no question about it. However, let’s not forget that the world of algorithms and supercomputers is evolving as fast as quantum computers. Risks, problems, and attacks grow in strength parallel to our achievements.
The solution? Quantum encryption – that’s using quantum physics to encrypt communications or using encryption resistant to quantum computers. How could this come into play?
Keeping your private communication safe 5, 10, or 100 years from now
One threat, commonly referred to as Steal Now Crack Later, could arise from using quantum computers to crack the encryption algorithm on any document you’ve sent today (or last week, or sometime in the past). To put it another way, what if you knew that in 2, 3 or maybe 5 years from now, any file, message, or document you sent was being viewed by shady characters – or your competitors – or a rogue government. It could make our current encryption efforts obsolete. Your adversaries may be more than willing to wait.
More and more security professionals are very worried about asymmetric encryption, This uses the method of public/private keys. How does it work?
You create and publish a public key based on two large prime numbers along with an auxiliary value. It’s arbitrary – one is public, one remains a secret. You can share the other key with anyone. When someone wants to communicate you can use the public key to encrypt the message – you’re the only one who can read it. Secure sessions on the Internet typically use asymmetric encryption to securely share (“exchange”) a strong session key that is in turn used to encrypt/decrypt all messages sent between the parties.
In the future, it’s assumed that quantum computers will be able to crack the message encrypted with the public key and gain access to this session key which then allows them to unlock ALL subsequent messages / data that were protected by it. Alternately, the quantum computer could just compute or guess the session key.
Today’s quantum computers are nowhere near the size (not enough qubits) to crack the asymmetric code and extract the session key or efficiently calculate / guess the key itself.
Cybersecurity vendors are advising companies to start implementing ‘some kind of protection’ now
The starting point for replacement of today’s potentially vulnerable asymmetric encryption algorithms is through upgraded algorithms or new ways (non-algorithmic) to securely exchange the session key.
Encryption using an algorithm that can’t be broken by a quantum computer is referred to as PQC (Post-Quantum Encryption). NIST in the United States launched a PQC standardization process in 2016 and is expected to announce the latest updates in December 2021.
A physical networking alternative to algorithms for key exchange is being explored under the banner of QKD (Quantum Key Distribution). As QKD approaches continue to be researched, they typically focus on the quantum entanglement of photons across fiber optic networks. A lingering challenge has been to distribute it at high speed over today’s Internet. Much research and commercial development is focused on solving this issue, but so far remain short of practical and scalable deployments.
Additionally, implementing the encryption key distribution requires companies to build more infrastructure, which makes the whole endeavour more complex and expensive.
To ward off the potential for the quantum attack to calculate or guess the session key, one solution is to generate a “strong”, truly random number that will act as the encryption key. The challenge starts with a technology which can both generate a high number of truly random numbers AND distribute them over a quantum-secure channel.
The race is on.
Written for Quantropi by Vaclav Vincalek, tech entrepreneur and founder of 555vCTO. Vaclav’s specialty is aligning strategy and technology to enable the overall vision for startups and enterprises.
Outside of this, Vaclav regularly contributes commentary for technology reporters, and hosts Recurrent Patterns, a show where he interviews leaders, entrepreneurs, scientists, authors and others about interesting patterns in business, technology, and culture.
Quantropi believes organizations need to harden their defenses against the “quantum threat” now. While many companies can generate very strong “quantum” random numbers (raw datasets approaching a level of nearly pure randomness according to a number of benchmark tests published by NIST and other standards bodies), Quantropi’s QEaaS solution SEQUR™ enables developers, governments, and enterprises to provision and distribute quantum entropy across any network while keeping it completely secure from classical or quantum theft.
Learn more here.