Safeguarding Data In The Quantum Computing Era

While it’s not clear when - or even if - a fully functional quantum computer will be realised, as our understanding of quantum mechanics deepens and our ability to control quantum systems improves, the potential becomes increasingly promising. 

Just this month, Chinese startup Origin Quantum successfully started domestic production of a crucial component for its self-developed quantum computer, ‘Origin Wukong’. Named after Chinese mythology’s Monkey King - the superhero that can transform into 72 different forms - it’s a subtle nod to the transformative capabilities and versatility of quantum computing technology.

In fact, if scientists and engineers are able to overcome the challenges facing quantum computer development, the potential to solve some of humanity’s most complex problems is huge. They could accelerate the development of new treatments for diseases, for example, or help global financial markets become more stable and resilient.

Basically, because quantum computers leverage the principles of quantum mechanics - processing information using quantum-bits (or qubits), which can represent multiple states simultaneously - they can solve certain mathematical problems much faster than traditional (digital) computers, which can only process zeros and ones (known as bits). 

This capability enables them to simulate quantum systems, optimise complex systems, solve certain types of optimisation and machine learning problems, factor large numbers and solve so-called discrete logarithm problems. But it’s the ability to complete these last two tasks that open the door to a darker side.

A “quantum apocalypse” and Solutions To Navigate It

Being able to factor large numbers and solve discrete logarithm problems - which lie at the base of all current security protocols on the internet - would render widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) completely obsolete. It would create a situation that would not only break the internet and all the systems we use daily - such as online banking and email software - but could lead to a total breakdown in digital security systems, jeopardising sensitive data and digital privacy on a global scale. 

While there may still be some time before quantum computers reach their full potential for practical applications, and are powerful enough to disrupt the security of all digitally-held data,  it doesn’t mean we shouldn’t be putting steps in place now to avoid what many fear may be a “quantum apocalypse”.

For businesses, organisations and even governments that truly care about the privacy of their data and their users’ and customers’ data, now is the time to start looking into and learning about existing quantum-resistant encryption technologies and solutions, and how they might be integrated across all operations and processes.

One of these includes Quantum Key Distribution (QKD). Unlike classical cryptographic methods, which rely on the computational difficulty of certain mathematical problems, QKD offers security based on quantum mechanics, particularly the principles of quantum superposition and entanglement, to distribute cryptographic keys between two parties. It’s a secure communication method that solves the problem of key distribution - making it well suited to private connections between two fixed government buildings. However, because it requires dedicated quantum connections between the parties, it’s simply not scalable to solve the problems of internet security.

Another proactive measure currently being developed is Post-Quantum Cryptography (PQC) algorithms. In fact, the US’s National Institute for Standards and Technology (NIST) recently announced new standards for public key encryption and signatures that are post-quantum secure. They’re based on different mathematical problems that are believed to be hard even for quantum computers to solve efficiently, the most prominent of which is a form of noisy linear algebra, called the Learning-with-Errors problem (LWE). NIST’s standards, however, only consider traditional forms of public key encryption and signatures, meaning they may overlook potentially more robust and efficient post-quantum cryptographic solutions.

Additionally, the field of post-quantum cryptography is still evolving, and new algorithms and techniques continue to be developed. As such, there is a need for a more comprehensive and inclusive approach that considers a broader range of cryptographic primitives and solutions to address the full spectrum of security requirements in the era of quantum computing.

Finally, Fully Homomorphic Encryption (FHE) is gaining real momentum as a method to become post-quantum secure. It's different from traditional public key encryption in that it allows the processing of the data encrypted within the ciphertexts, without the need to decrypt the ciphertexts first. As a first approximation one can view traditional public key encryption as enabling efficient encryption of data in transit, whilst FHE offers efficient encryption of data during usage. Most importantly, with FHE nobody would be able to see your data but you because they wouldn’t have your key. All modern FHE encryption schemes are based on the LWE problem, thus FHE is already able to be post-quantum secure. Therefore, deploying an FHE system today provides protection against the potential threat of quantum computers in the future.

Top Tips to Mitigate the Risks Posed by Quantum Computing

As well as getting to grips with some of the security methods out there, now is the time to be proactive if you are to mitigate the risks posed by quantum computing:

1.    Develop a roadmap: Take stock of your current cryptographic infrastructure and identify vulnerabilities that may be susceptible to quantum attacks. With that insight, you can then develop a roadmap for implementing quantum-safe solutions to shore up your defences against future threats.

2.    Explore NIST Standards for PQC: Familiarising yourself with the standards provided by NIST for PQC is well-advised. These guidelines include recommendations for traditional public key encryption and signatures, as well as emerging quantum-safe cryptographic algorithms. 

3.    Raise awareness across the board: Stakeholders in particular must be educated about the implications of quantum computing on encryption and the critical importance of adopting quantum-resistant PQC-based solutions to protect data privacy, as well as the new opportunities afforded by the new cryptographic paradigms such as FHE. 

4.    Remain vigilant and adaptive: Monitor developments in quantum technology, research breakthroughs in post-quantum cryptography, and updates to industry standards. By remaining vigilant and adaptive, organisations can stay ahead of the curve and proactively address potential security challenges posed by quantum computing.

Professor Nigel Smart is Chief Academic Officer at Zama

Image: Unsplash 

You Might Also Read: 

Facing The Quantum Challenge:

DIRECTORY OF SUPPLIERS - Post-Quantum Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Massive Breach At Ticketmaster
The Key Components Of Embedded Systems Development Services »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

LRQA

LRQA

LRQA are a leading global assurance provider, bringing together unrivalled expertise in certification, brand assurance, cybersecurity, inspection and training.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

TeleTrusT

TeleTrusT

TeleTrust is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.