Cryptography is the “alpha” and the “omega” for the security and the trust of billions of internet transactions in today’s hyper connected world. Driven by the cultural shift of their customers for accessing and receiving services on the go 24/7, businesses have embraced digital transformation as a means for becoming more effective and successful. The use of such technologies—such as IoT and cloud computing—has exploded the need for machine identities, which are based on the use of secure algorithms and appropriate key lengths to withstand any malicious attacks that try to disrupt the trust customers place on internet-based communications.
Is that all destined to collapse? The future of quantum computing is going to be a dramatic advancement based on the quantum mechanics principles of superposition and entanglement. All scientists say that quantum computing will cause seismic shifts in cryptography as we know it and will render all known cryptographic algorithms obsolete. Therefore, governments and organizations, such as NIST, are racing to become cryptographically quantum resilient.
Has this time come? Google’s recent announcement of achieving “quantum supremacy” has sparkled once more the debate over the impact of quantum computing in cryptography. Venafi has asked the opinion of security professionals based on this question: “How do you think Google’s claim to have broken through the quantum computing barrier will impact quantum cryptography? Will it accelerate advances in encryption or threaten them?” Let’s hear from them.
Kim Crawley, well respected information security content writer, is excited about the announcement and warns about the advancements in the field by hostile entities: “I'm very excited about Google's quantum computing announcement, even though their paper on NASA's website has been taken down. Based on what I've researched about quantum computing, it looks like we'll have quantum computers deployed in production environments under institutional administration in just a few years. I do wonder why the announcement isn't on NASA's website anymore. Maybe it wasn't strategic for Google to let their competition know about it at this stage? Anyway, NIST and IBM have been making progress developing quantum-safe cryptography. That's good because when quantum computers are deployed, they'll be able to easily crack all binary encryption. Now, will Google's new research threaten cryptographic advances? It all depends entirely on whether or not Google's tech will fall into the hands of cyber attackers. It might, and foreign cyberwarfare groups can be really clever. The important thing is that Google, IBM, NIST, and other organizations stay a step ahead of hostile entities."
Sarah Clarke, CIPP/E, data protection and privacy consultant, worries about inherent “utility industry risks” posed by quantum computing: “The main battle is seeing the risk and opportunity wood for the marketing trees. Based on a lot of reading around this undeniably fascinating frontier in the world of computing, I still argue quantum risks to encryption belong on the periphery of your risk model. Not because calculating cryptographic keys will be tough when reliable quantum means become economically accessible to dedicated attackers and opportunists, but because the main weight of related risk lands at international industry level. What I’ve been known to call utility risks: Risks to services or technologies that are ubiquitous across industries, provided in identical form to all recipients, and impossible to unilaterally change, or easily replace. Not a valuable target for your limited supply of money, time, and expert bodies.
Banks, governments, and the big quantum players have been working on quantum resistant crypto and commercial and research applications for over a decade. That is where proximity of risks, and cryptographic evolution will be properly understood and initially managed.
Your best course of action is therefore to plug people into those industry forums and the bodies that oversee them, to up-skill and inject your specific risk perspective. Or just keep a close eye on initiatives like the NIST auditions for best post-quantum algorithms, while taking stock of the crypto use that’s actually under your control.”
Security researcher Sam Bocetta, says that quantum cryptography will be a battlefield between the good and the bad: “If the rumors are true and Google has indeed made a major breakthrough in quantum computing, then the landscape of the technology world could dramatically shift in the near future. A full-scale quantum computing environment will be able to take basic processing functions and run them at a speed unseen before.
In most situations, a more powerful computer is a big win for consumers and enterprises. Websites will run faster, applications will use resources better, and information will be exchanged at amazing rates. However, because of the way encryption algorithms are controlled today, the topic of cybersecurity must be addressed when discussing quantum computing.
The system of managing public and private key ciphers is fundamental to various parts of technology today, including how websites use secure sockets layer (SSL) protection or how virtual private network (VPN) clients pass data around the internet. These systems run on complex mathematical problems that even today's brand of supercomputers cannot solve.
With quantum computers, the situation shifts. These powerful engines may be able to break down the systems of cryptography and give hackers a whole new range of attack opportunities. At the same time, quantum computing will also serve as a tool for those fighting cybercrime. In the near future, it's very likely we will see releases of brand-new forms of data encryption that are powered by quantum computers and are just as hard to infiltrate.”
Dimitris Patsos, CTO at ADACOM Cybersecurity, highlights the performance challenges cryptologists face in their quest for post-quantum cryptography: “We are witnessing an important milestone in the history of computing: according to Google, quantum computers have outperformed traditional supercomputers, therefore establishing the long-expected quantum supremacy.
As such, cryptologists worldwide are debating whether quantum supremacy will threaten or advance encryption. Interestingly enough, although encryption algorithms based on quantum cryptography (such as Elliptic curves, class groups, etc.) are facing a risk because of this, traditional algorithms like AES, RSA with a respected key size can currently withstand the quantum computing power, as today’s quantum power does not drastically reduce time to break them. However, we shouldn’t get too optimistic, as this will be possible within the next few years.
With this in mind, and with the developments in modern applications (such as smartphones, wearables, IoT devices and 5G) multiple research efforts in the areas of post-quantum cryptography are available, allowing for public-key encryption, key-establishment and digital signatures. These post-quantum algorithms typically fall within one of the following categories: lattice-based, multivariate, hash-based, code-based, super singular elliptic curve isogeny and symmetric key quantum resistance. Furthermore, NIST is currently evaluating multiple post-quantum candidate algorithms that can facilitate performance along with quantum resistance, aiming to overcome processing limitations in smart devices while providing effective security."
Jing Xie, Product Manager of Code Signing at Venafi, argues that the future is not as doomed as many believe: “In the race to publish the most sensational, attention grabbing, shocking breaking news, mainstream news media misled the public into believing that Google has achieved quantum supremacy, a breakthrough even Google refused to acknowledge. Google's rudimentary quantum supercomputer with a primitive quantum processor that is only slightly more advanced than what Intel and IBM have so far is claimed to beat classical computers at only one and extremely specific task. There is still a long way to go before this Google machine can provide any further abilities needed to solve a problem in practice.
While the threat posed by the planned and steady progress made on quantum computing is real, the future is not as doomed as many have hyped.
The recent misclassified breakthrough clearly gave a positive dose of catalyst that heightened the urgency of the advancement of the quantum resistant cryptographic developments. The cryptography community is looking into a handful of the most promising ‘quantum-safe cryptography’ tools, including lattice-based cryptography and multivariate public-key cryptography. There is an ongoing competition hosted by the U.S. National Institute of Standards and Technology (NIST), where over 80 different proposals submitted from researchers and academics for quantum-resistant, public-key cryptographic algorithms”.
Finally, Tassos Arampatzis, information security writer for Venafi, chooses to highlight the geopolitical impact of quantum computing: “All security researchers highlight the impact of quantum computing in cryptography. That is very true and that’s why states, organizations and private corporations struggle to develop in time quantum resistant cryptography. But this is one side of the coin. The other side hides a fierce competition between states, supported by billions and billions of dollars, on who is going to master quantum computing, which will define the future financial hegemony. China, undoubtedly, leads in the field of quantum satellite communications, while Europe is in the middle of a project providing quantum-based communications between four cities in the Netherlands.
The US lags these developments, and although they have developed a quantum strategy, this strategy in not sufficiently funded. There is a fear that the states controlling ‘quantum internet’ could make a surveillance-resistant network for those who can afford it, while the rest of the world is relegated to a slower mode of communications where nothing is guaranteed to be private. This will lead to ‘data poverty’ with apparent implications to national security for the states that will fail to keep up with this race. Geopolitically, winning the race to quantum computing is a critical prerequisite for global technological supremacy. What would result is an undeniable destabilization of cyberspace and the reshaping of new geopolitical status quo.”
Quantum computing will bring many developments in various scientific areas. In the field of cryptography, it is certain that we are going to witness many shifts and changes which highlight the importance of being crypto-agile. Venafi is here to help you.
