Safeguarding Data In The Quantum Computing Era
While it’s not clear when - or even if - a fully functional quantum computer will be realised, as our understanding of quantum mechanics deepens and our ability to control quantum systems improves, the potential becomes increasingly promising.
Just this month, Chinese startup Origin Quantum successfully started domestic production of a crucial component for its self-developed quantum computer, ‘Origin Wukong’. Named after Chinese mythology’s Monkey King - the superhero that can transform into 72 different forms - it’s a subtle nod to the transformative capabilities and versatility of quantum computing technology.
In fact, if scientists and engineers are able to overcome the challenges facing quantum computer development, the potential to solve some of humanity’s most complex problems is huge. They could accelerate the development of new treatments for diseases, for example, or help global financial markets become more stable and resilient.
Basically, because quantum computers leverage the principles of quantum mechanics - processing information using quantum-bits (or qubits), which can represent multiple states simultaneously - they can solve certain mathematical problems much faster than traditional (digital) computers, which can only process zeros and ones (known as bits).
This capability enables them to simulate quantum systems, optimise complex systems, solve certain types of optimisation and machine learning problems, factor large numbers and solve so-called discrete logarithm problems. But it’s the ability to complete these last two tasks that open the door to a darker side.
A “quantum apocalypse” and Solutions To Navigate It
Being able to factor large numbers and solve discrete logarithm problems - which lie at the base of all current security protocols on the internet - would render widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) completely obsolete. It would create a situation that would not only break the internet and all the systems we use daily - such as online banking and email software - but could lead to a total breakdown in digital security systems, jeopardising sensitive data and digital privacy on a global scale.
While there may still be some time before quantum computers reach their full potential for practical applications, and are powerful enough to disrupt the security of all digitally-held data, it doesn’t mean we shouldn’t be putting steps in place now to avoid what many fear may be a “quantum apocalypse”.
For businesses, organisations and even governments that truly care about the privacy of their data and their users’ and customers’ data, now is the time to start looking into and learning about existing quantum-resistant encryption technologies and solutions, and how they might be integrated across all operations and processes.
One of these includes Quantum Key Distribution (QKD). Unlike classical cryptographic methods, which rely on the computational difficulty of certain mathematical problems, QKD offers security based on quantum mechanics, particularly the principles of quantum superposition and entanglement, to distribute cryptographic keys between two parties. It’s a secure communication method that solves the problem of key distribution - making it well suited to private connections between two fixed government buildings. However, because it requires dedicated quantum connections between the parties, it’s simply not scalable to solve the problems of internet security.
Another proactive measure currently being developed is Post-Quantum Cryptography (PQC) algorithms. In fact, the US’s National Institute for Standards and Technology (NIST) recently announced new standards for public key encryption and signatures that are post-quantum secure. They’re based on different mathematical problems that are believed to be hard even for quantum computers to solve efficiently, the most prominent of which is a form of noisy linear algebra, called the Learning-with-Errors problem (LWE). NIST’s standards, however, only consider traditional forms of public key encryption and signatures, meaning they may overlook potentially more robust and efficient post-quantum cryptographic solutions.
Additionally, the field of post-quantum cryptography is still evolving, and new algorithms and techniques continue to be developed. As such, there is a need for a more comprehensive and inclusive approach that considers a broader range of cryptographic primitives and solutions to address the full spectrum of security requirements in the era of quantum computing.
Finally, Fully Homomorphic Encryption (FHE) is gaining real momentum as a method to become post-quantum secure. It's different from traditional public key encryption in that it allows the processing of the data encrypted within the ciphertexts, without the need to decrypt the ciphertexts first. As a first approximation one can view traditional public key encryption as enabling efficient encryption of data in transit, whilst FHE offers efficient encryption of data during usage. Most importantly, with FHE nobody would be able to see your data but you because they wouldn’t have your key. All modern FHE encryption schemes are based on the LWE problem, thus FHE is already able to be post-quantum secure. Therefore, deploying an FHE system today provides protection against the potential threat of quantum computers in the future.
Top Tips to Mitigate the Risks Posed by Quantum Computing
As well as getting to grips with some of the security methods out there, now is the time to be proactive if you are to mitigate the risks posed by quantum computing:
1. Develop a roadmap: Take stock of your current cryptographic infrastructure and identify vulnerabilities that may be susceptible to quantum attacks. With that insight, you can then develop a roadmap for implementing quantum-safe solutions to shore up your defences against future threats.
2. Explore NIST Standards for PQC: Familiarising yourself with the standards provided by NIST for PQC is well-advised. These guidelines include recommendations for traditional public key encryption and signatures, as well as emerging quantum-safe cryptographic algorithms.
3. Raise awareness across the board: Stakeholders in particular must be educated about the implications of quantum computing on encryption and the critical importance of adopting quantum-resistant PQC-based solutions to protect data privacy, as well as the new opportunities afforded by the new cryptographic paradigms such as FHE.
4. Remain vigilant and adaptive: Monitor developments in quantum technology, research breakthroughs in post-quantum cryptography, and updates to industry standards. By remaining vigilant and adaptive, organisations can stay ahead of the curve and proactively address potential security challenges posed by quantum computing.
Professor Nigel Smart is Chief Academic Officer at Zama
Image: Unsplash
You Might Also Read:
DIRECTORY OF SUPPLIERS - Post-Quantum Security:
___________________________________________________________________________________________
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible