Safeguarding Data In The Quantum Computing Era

Uploaded on 2024-05-31 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

While it’s not clear when - or even if - a fully functional quantum computer will be realised, as our understanding of quantum mechanics deepens and our ability to control quantum systems improves, the potential becomes increasingly promising. 

Just this month, Chinese startup Origin Quantum successfully started domestic production of a crucial component for its self-developed quantum computer, ‘Origin Wukong’. Named after Chinese mythology’s Monkey King - the superhero that can transform into 72 different forms - it’s a subtle nod to the transformative capabilities and versatility of quantum computing technology.

In fact, if scientists and engineers are able to overcome the challenges facing quantum computer development, the potential to solve some of humanity’s most complex problems is huge. They could accelerate the development of new treatments for diseases, for example, or help global financial markets become more stable and resilient.

Basically, because quantum computers leverage the principles of quantum mechanics - processing information using quantum-bits (or qubits), which can represent multiple states simultaneously - they can solve certain mathematical problems much faster than traditional (digital) computers, which can only process zeros and ones (known as bits). 

This capability enables them to simulate quantum systems, optimise complex systems, solve certain types of optimisation and machine learning problems, factor large numbers and solve so-called discrete logarithm problems. But it’s the ability to complete these last two tasks that open the door to a darker side.

A “quantum apocalypse” and Solutions To Navigate It

Being able to factor large numbers and solve discrete logarithm problems - which lie at the base of all current security protocols on the internet - would render widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) completely obsolete. It would create a situation that would not only break the internet and all the systems we use daily - such as online banking and email software - but could lead to a total breakdown in digital security systems, jeopardising sensitive data and digital privacy on a global scale. 

While there may still be some time before quantum computers reach their full potential for practical applications, and are powerful enough to disrupt the security of all digitally-held data,  it doesn’t mean we shouldn’t be putting steps in place now to avoid what many fear may be a “quantum apocalypse”.

For businesses, organisations and even governments that truly care about the privacy of their data and their users’ and customers’ data, now is the time to start looking into and learning about existing quantum-resistant encryption technologies and solutions, and how they might be integrated across all operations and processes.

One of these includes Quantum Key Distribution (QKD). Unlike classical cryptographic methods, which rely on the computational difficulty of certain mathematical problems, QKD offers security based on quantum mechanics, particularly the principles of quantum superposition and entanglement, to distribute cryptographic keys between two parties. It’s a secure communication method that solves the problem of key distribution - making it well suited to private connections between two fixed government buildings. However, because it requires dedicated quantum connections between the parties, it’s simply not scalable to solve the problems of internet security.

Another proactive measure currently being developed is Post-Quantum Cryptography (PQC) algorithms. In fact, the US’s National Institute for Standards and Technology (NIST) recently announced new standards for public key encryption and signatures that are post-quantum secure. They’re based on different mathematical problems that are believed to be hard even for quantum computers to solve efficiently, the most prominent of which is a form of noisy linear algebra, called the Learning-with-Errors problem (LWE). NIST’s standards, however, only consider traditional forms of public key encryption and signatures, meaning they may overlook potentially more robust and efficient post-quantum cryptographic solutions.

Additionally, the field of post-quantum cryptography is still evolving, and new algorithms and techniques continue to be developed. As such, there is a need for a more comprehensive and inclusive approach that considers a broader range of cryptographic primitives and solutions to address the full spectrum of security requirements in the era of quantum computing.

Finally, Fully Homomorphic Encryption (FHE) is gaining real momentum as a method to become post-quantum secure. It's different from traditional public key encryption in that it allows the processing of the data encrypted within the ciphertexts, without the need to decrypt the ciphertexts first. As a first approximation one can view traditional public key encryption as enabling efficient encryption of data in transit, whilst FHE offers efficient encryption of data during usage. Most importantly, with FHE nobody would be able to see your data but you because they wouldn’t have your key. All modern FHE encryption schemes are based on the LWE problem, thus FHE is already able to be post-quantum secure. Therefore, deploying an FHE system today provides protection against the potential threat of quantum computers in the future.

Top Tips to Mitigate the Risks Posed by Quantum Computing

As well as getting to grips with some of the security methods out there, now is the time to be proactive if you are to mitigate the risks posed by quantum computing:

1.    Develop a roadmap: Take stock of your current cryptographic infrastructure and identify vulnerabilities that may be susceptible to quantum attacks. With that insight, you can then develop a roadmap for implementing quantum-safe solutions to shore up your defences against future threats.

2.    Explore NIST Standards for PQC: Familiarising yourself with the standards provided by NIST for PQC is well-advised. These guidelines include recommendations for traditional public key encryption and signatures, as well as emerging quantum-safe cryptographic algorithms. 

3.    Raise awareness across the board: Stakeholders in particular must be educated about the implications of quantum computing on encryption and the critical importance of adopting quantum-resistant PQC-based solutions to protect data privacy, as well as the new opportunities afforded by the new cryptographic paradigms such as FHE. 

4.    Remain vigilant and adaptive: Monitor developments in quantum technology, research breakthroughs in post-quantum cryptography, and updates to industry standards. By remaining vigilant and adaptive, organisations can stay ahead of the curve and proactively address potential security challenges posed by quantum computing.

Professor Nigel Smart is Chief Academic Officer at Zama

Image: Unsplash 

You Might Also Read: 

Facing The Quantum Challenge:

DIRECTORY OF SUPPLIERS - Post-Quantum Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Massive Breach At Ticketmaster
The Key Components Of Embedded Systems Development Services »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

Panzura

Panzura

Panzura optimizes enterprise data storage management and distribution in the cloud, making cloud storage simple and secure.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

LinkUp

LinkUp

LinkUp is a leading data-driven job search company. Every day we index millions of job openings directly from employer websites.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Littlefish

Littlefish

Littlefish provide world-class, award-winning Managed IT and Cyber Security Services, delivered from our 24/7 UK service centres.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.