Standards: The Key To Building A Sustainable Quantum-Safe Future 

Uploaded on 2024-09-02 in TECHNOLOGY-Key Areas-Quantum Computing, TECHNOLOGY--Developments, FREE TO VIEW

As the digital landscape becomes increasingly more complex, one area of technological advancement that promises to deliver both opportunities and challenges is quantum computing.

That’s because while quantum computing presents a number of advantages to a range of industries - information security for financial services and government, streamlined processes and improved efficiency for manufacturing, accelerated drug discovery and development processes for pharmaceuticals - it also poses significant threats to existing encryption standards, which in turn raises real concerns about data security.

Public-key cryptography - widely used on the internet today - is dependent on the mathematical problems believed to be difficult to solve given the computational power available now and in the medium term. A quantum computer would have no trouble breaking these popular cryptographic schemes. Which means in a quantum future, our global information infrastructure may be at risk.  

Cracking the code of quantum computing

Quantum computing leverages the core principles of quantum mechanics to process information in a way that is fundamentally different to traditional computers. Where older computers have traditionally used bits as the smallest unit of data, representing either a 0 or a 1, quantum computers use quantum bits or qubits, which may exist simultaneously in multiple states owing to superposition. At the same time, qubits can be entangled, which means that the state of one qubit can depend on the state of another, regardless of the distance between them. Such properties provide quantum computers with the ability to execute complex calculations at an exceptional rate.

What Does This Mean For Encryption?

Currently, the majority of security systems in existing IT environments depend on public-key cryptography, which is ubiquitous across messaging, financial transactions and securing data at rest. These cryptographic paradigms are based on mathematical problems that are challenging and time-consuming for traditional computers to address.

But for the quantum computers of the future, such problems will not be so difficult to un-pick.

Historically, the primary advantage of common encryption methods like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) is that they are proficient in tackling the computational difficulty of specific mathematical problems - for instance, factoring large prime numbers or solving discrete logarithms. So, the security of encrypted data is assured as finding the factor of extraordinarily large numbers would take a non-quantum computer millions of years to determine.

But the advent of quantum computers represents such a dramatic departure from the traditional methods of encryption, that said methods have the potential to become obsolete. Even a reasonably advanced quantum computer could factor large numbers exponentially faster than traditional machines, with the effect of cracking RSA encryption. Meanwhile, the security of ECC could be undermined by quantum algorithms that efficiently solve elliptic curve discrete logarithms. 

Data Security At Risk

Quantum computers with the power to break established encryption algorithms poses a severe threat to many of the current information security frameworks we take for granted. The safety of bank accounts and transactions, the privacy of medical records, and that of trade and national security secrets, and more, would all be undermined. The integrity and confidentiality of digital communications would also be on the line, and as a result, the very concepts that are foundational to modern cybersecurity can no longer be relied upon.

In light of this, governments, organisations and enterprises across the world are mobilised to respond to this challenge through exploring and investing in quantum-resistant encryption.

Many see post-quantum cryptography as the means of establishing the algorithms capable of resisting quantum attacks.  

Standards: Underwriting The Future Of Cybersecurity 

While researchers devote time and effort to developing the post-quantum cryptographic algorithms capable of withstanding the computational power of quantum computers, those of us in the standards community are also stepping up to deliver on quantum-safe readiness. It is essential to define, evaluate, and standardise quantum-resistant algorithms to ensure robust security, practical, and commercially successful implementation. Naturally, standardisation of cryptographic algorithms requires a significant amount of time and effort for their security to be trusted by both governments and the wider industry. 

ETSI’s Quantum-Safe Cryptography (QSC) working group, for example, aims to assess and make recommendations for quantum-safe cryptographic protocols and implementation considerations, while keeping in mind the industrial requirements for real-world deployment. By prioritising performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications, it will be possible to enable a smooth transition to a quantum secure cryptographic future.

Quantum Key Distribution: Holding The Line On Cybersecurity

Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys known only to exclusive parties. It draws-on properties found in quantum physics to exchange cryptographic keys in such a way that is provable and guarantees security. It enables two parties to produce and share a key that is used to encrypt and decrypt messages. Fundamentally, QKD is a means of distributing the key between parties. The London Quantum Secure Network is just one example of a quantum-secure data transmission which effectively delivers security key payload to customer sites using QKD. The high level of current activity in quantum communications, however, means that there is a critical need to develop industrial standards for the technology.

To respond to this challenge, ETSI’s Industry Specification Group (ISG) on QKD is leading activities develop common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. From a standards perspective then, such purposeful innovation is helping to ensure that QKD can be used more widely in the commercial realm, but at a steady pace.  

Quantum Readiness: How Soon Is Now?

Quantum computing has the potential to address some of society’s most pressing problems, while simultaneously representing a risk to the integrity of our security infrastructure. In the wrong hands, quantum computing could jeopardise the confidentiality, integrity, and availability of sensitive data which could have real world, geo-political consequences.

In order to protect against those threats, standards are essential in supporting the commercial viability and wider adoption of the technology, as well as enabling end-to-end use cases through the empowerment of a thriving vendor ecosystem. 

Issam Toufik is CTO at ETSI

Image: mesh cube

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« X Blocked In Brazil By Supreme Court Order
The Rise Of SD-WAN And Its Implications For Security & Performance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Swick Technologies (SWICKtech)

Swick Technologies (SWICKtech)

SWICKtech offer IT managed services to increase IT security, stability, and performance for your organization.

ThoughtSol

ThoughtSol

Thoughtsol help brands grow through Digital Transformation enabling them to leverage the power of IT for an all-embracing impact on their businesses.