A major breakthrough in quantum computing is coming ever closer – and raising serious questions about IT security. Since contemporary encryption techniques could then be rendered useless, post-quantum cryptography (PQC) will be needed.
BY ELMAR EPERIESI-BECK, EPERI GMBH
The potential danger posed to IT security by quantum computing was definitively established in 1994. That year saw the publication of a quantum computer algorithm by the US mathematician and computer scientist Peter W. Shor with which encryption techniques previously assumed secure could be broken in a matter of seconds by factorization (i.e. reducing a number into its constituent factors). To do so, the Shor algorithm uses the massively parallel computing power of quantum computers. Unlike conventional computers that only recognize the value ‘1’ or ‘0’ and perform calculations one after another, quantum computers work with a ‘both 1 and 0 state at the same time’. This is what makes them so fast at factorizing with the Shor algorithm.
The tech race is on – worldwide
In the twenty-odd years since Shor’s paper, the initially theoretical threat to IT security from quantum computing has become increasingly substantial: As of today, the US, China and Europe are engaged in a hotly-contested race to develop the first supercomputer using twenty-first-century technology. While we expect Google to announce a working quantum computer by the end of 2017, intelligence services are already working on prototypes that enable them to break algorithms that are still considered safe today.
While there probably isn’t a future for quantum computers as all-purpose machines, they are exceptionally useful for achieving improvements in both performance and efficiency for certain kinds of mathematical problems. Examples here include weather forecasts or computations of traffic flows, which are based on many parameters and can encompass a huge variety of variants. Exploiting quantum-mechanical effects here can enable the real-time computation of tasks that today’s conventional computers still require several days to complete.
The end of public-key encryption
Security experts all over the world are convinced that the deployment of quantum computers will sound the death knell for conventional encryption techniques. Of these, the hardest hit will be the RSA algorithm used by 99% of all applications, and hence the de facto encryption standard for any scenario requiring the secure transfer and storage of communication data or software updates. In a business context, this includes cloud applications in widespread use such as Office 365 or Salesforce, as well as in-house systems that are now provisioned out of the cloud. RSA is an asymmetric cryptographic technique that is used for data encryption and digital signatures. RSA utilizes a public key for encryption and signature verification, and a private key for decryption and data signing. While the private key is of course kept secret, it is highly likely that quantum computers will be able to calculate this key from the public key – thereby breaking the encryption. It would then be child’s play for hackers to access business-critical data or manipulate software updates via the network. If attackers managed to plant a backdoor during an update for a piece of control software used by an industrial facility or a vehicle, for example, they would then be able to take full control of either of these systems.
Help is at hand from post-quantum cryptography (PQC)
Post-quantum cryptography (PQC) offers a chance to combat the threats posed by these IT security risks. All over the world, research institutes, universities and businesses are working hard on the development of appropriate solutions. In Germany, TU Darmstadt in particular now has an established reputation in this field. Highly promising approaches here include grid-based, multivariate, code-based and hash-based encryption techniques, which have now been under development for several years and which cannot be undermined even with the application of quantum computing. Noteworthy grid-based PQC techniques include Ring-TESLA, XMSS, LARA-CPA and LARA-CCA2, and these offer a significantly higher level of protection when compared to the existing RSA algorithm. Since these techniques also enable shorter runtimes for encryption and decryption or the signing and decrypting of signatures, this also makes it possible to improve application performance.
If quantum computing achieves a key breakthrough in the near future, businesses and organizations need to take appropriate precautions and protect their data with the new PQC techniques. While this requirement is being increasingly taking into account by the developers of open source applications, there are still few signs of commercial PQC usage. Cloud users should therefore look for the earliest possible opportunity to ensure effective protection for their data going forward while also fulfilling tougher data protection legislation such as the EU’s new General Data Protection Regulation (GDPR).
Encryption gateways as a solution strategy
One potential solution is to use encryption gateways with customer-side key management, so as to enable the easy integration of future-proof PQC algorithms. This offers the client company the advantage of staying flexible in their choice of the PQC technique, to ensure the best match with their own requirements. Unlike the RSA algorithm, which is relatively straightforward, the new PQC techniques feature a great many parameters, all of which need to be considered for a specific deployment. Another advantage offered by the encryption gateway approach is that key management is confined entirely within the client company. Accordingly, neither the provider of the applications to be secured nor the cloud service provider has any access to the keys in use. In real terms, this means that all data leaving the company to be stored in the cloud or otherwise processed are encrypted and of no value even if accessed by unauthorized third parties.
Retroactive decryption possible
The cornerstone of our trustworthy Internet has an expiry date, warns Michele Mosca, a mathematician working at the University of Waterloo in Canada. In the short space of a few years, quantum computers will finally become powerful enough to break the all-important encryption technique that is used billions of times every day – and not just by businesses, but by private citizens for their bank transfers, card payments, online shopping or encrypted emails. Since quantum computers could also make data encrypted today legible in the future, Mosca is calling on companies, organizations and public institutions to step up their efforts to identify alternatives for protecting their commercial secrets and patents (to say nothing of diplomatic communications) from misuse for decades to come. The clock is ticking.
This article was originally published in German on computerwoche.de