Safeguarding Data In The Quantum Computing Era

While it’s not clear when - or even if - a fully functional quantum computer will be realised, as our understanding of quantum mechanics deepens and our ability to control quantum systems improves, the potential becomes increasingly promising. 

Just this month, Chinese startup Origin Quantum successfully started domestic production of a crucial component for its self-developed quantum computer, ‘Origin Wukong’. Named after Chinese mythology’s Monkey King - the superhero that can transform into 72 different forms - it’s a subtle nod to the transformative capabilities and versatility of quantum computing technology.

In fact, if scientists and engineers are able to overcome the challenges facing quantum computer development, the potential to solve some of humanity’s most complex problems is huge. They could accelerate the development of new treatments for diseases, for example, or help global financial markets become more stable and resilient.

Basically, because quantum computers leverage the principles of quantum mechanics - processing information using quantum-bits (or qubits), which can represent multiple states simultaneously - they can solve certain mathematical problems much faster than traditional (digital) computers, which can only process zeros and ones (known as bits). 

This capability enables them to simulate quantum systems, optimise complex systems, solve certain types of optimisation and machine learning problems, factor large numbers and solve so-called discrete logarithm problems. But it’s the ability to complete these last two tasks that open the door to a darker side.

A “quantum apocalypse” and Solutions To Navigate It

Being able to factor large numbers and solve discrete logarithm problems - which lie at the base of all current security protocols on the internet - would render widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) completely obsolete. It would create a situation that would not only break the internet and all the systems we use daily - such as online banking and email software - but could lead to a total breakdown in digital security systems, jeopardising sensitive data and digital privacy on a global scale. 

While there may still be some time before quantum computers reach their full potential for practical applications, and are powerful enough to disrupt the security of all digitally-held data,  it doesn’t mean we shouldn’t be putting steps in place now to avoid what many fear may be a “quantum apocalypse”.

For businesses, organisations and even governments that truly care about the privacy of their data and their users’ and customers’ data, now is the time to start looking into and learning about existing quantum-resistant encryption technologies and solutions, and how they might be integrated across all operations and processes.

One of these includes Quantum Key Distribution (QKD). Unlike classical cryptographic methods, which rely on the computational difficulty of certain mathematical problems, QKD offers security based on quantum mechanics, particularly the principles of quantum superposition and entanglement, to distribute cryptographic keys between two parties. It’s a secure communication method that solves the problem of key distribution - making it well suited to private connections between two fixed government buildings. However, because it requires dedicated quantum connections between the parties, it’s simply not scalable to solve the problems of internet security.

Another proactive measure currently being developed is Post-Quantum Cryptography (PQC) algorithms. In fact, the US’s National Institute for Standards and Technology (NIST) recently announced new standards for public key encryption and signatures that are post-quantum secure. They’re based on different mathematical problems that are believed to be hard even for quantum computers to solve efficiently, the most prominent of which is a form of noisy linear algebra, called the Learning-with-Errors problem (LWE). NIST’s standards, however, only consider traditional forms of public key encryption and signatures, meaning they may overlook potentially more robust and efficient post-quantum cryptographic solutions.

Additionally, the field of post-quantum cryptography is still evolving, and new algorithms and techniques continue to be developed. As such, there is a need for a more comprehensive and inclusive approach that considers a broader range of cryptographic primitives and solutions to address the full spectrum of security requirements in the era of quantum computing.

Finally, Fully Homomorphic Encryption (FHE) is gaining real momentum as a method to become post-quantum secure. It's different from traditional public key encryption in that it allows the processing of the data encrypted within the ciphertexts, without the need to decrypt the ciphertexts first. As a first approximation one can view traditional public key encryption as enabling efficient encryption of data in transit, whilst FHE offers efficient encryption of data during usage. Most importantly, with FHE nobody would be able to see your data but you because they wouldn’t have your key. All modern FHE encryption schemes are based on the LWE problem, thus FHE is already able to be post-quantum secure. Therefore, deploying an FHE system today provides protection against the potential threat of quantum computers in the future.

Top Tips to Mitigate the Risks Posed by Quantum Computing

As well as getting to grips with some of the security methods out there, now is the time to be proactive if you are to mitigate the risks posed by quantum computing:

1.    Develop a roadmap: Take stock of your current cryptographic infrastructure and identify vulnerabilities that may be susceptible to quantum attacks. With that insight, you can then develop a roadmap for implementing quantum-safe solutions to shore up your defences against future threats.

2.    Explore NIST Standards for PQC: Familiarising yourself with the standards provided by NIST for PQC is well-advised. These guidelines include recommendations for traditional public key encryption and signatures, as well as emerging quantum-safe cryptographic algorithms. 

3.    Raise awareness across the board: Stakeholders in particular must be educated about the implications of quantum computing on encryption and the critical importance of adopting quantum-resistant PQC-based solutions to protect data privacy, as well as the new opportunities afforded by the new cryptographic paradigms such as FHE. 

4.    Remain vigilant and adaptive: Monitor developments in quantum technology, research breakthroughs in post-quantum cryptography, and updates to industry standards. By remaining vigilant and adaptive, organisations can stay ahead of the curve and proactively address potential security challenges posed by quantum computing.

Professor Nigel Smart is Chief Academic Officer at Zama

Image: Unsplash 

You Might Also Read: 

Facing The Quantum Challenge:

DIRECTORY OF SUPPLIERS - Post-Quantum Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Massive Breach At Ticketmaster
The Key Components Of Embedded Systems Development Services »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

Redpoint Cybersecurity

Redpoint Cybersecurity

Redpoint Cybersecurity is a human-led, technology-enabled managed cybersecurity provider specializing in Digital Forensics, Incident Response and proactive cyberattack prevention.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

RANE Network

RANE Network

RANE is a global risk intelligence company that provides critical insights and analysis to more efficiently anticipate, monitor, and respond to emerging threats.