Standards: The Key To Building A Sustainable Quantum-Safe Future 

Uploaded on 2024-09-02 in TECHNOLOGY-Key Areas-Quantum Computing, TECHNOLOGY--Developments, FREE TO VIEW

As the digital landscape becomes increasingly more complex, one area of technological advancement that promises to deliver both opportunities and challenges is quantum computing.

That’s because while quantum computing presents a number of advantages to a range of industries - information security for financial services and government, streamlined processes and improved efficiency for manufacturing, accelerated drug discovery and development processes for pharmaceuticals - it also poses significant threats to existing encryption standards, which in turn raises real concerns about data security.

Public-key cryptography - widely used on the internet today - is dependent on the mathematical problems believed to be difficult to solve given the computational power available now and in the medium term. A quantum computer would have no trouble breaking these popular cryptographic schemes. Which means in a quantum future, our global information infrastructure may be at risk.  

Cracking the code of quantum computing

Quantum computing leverages the core principles of quantum mechanics to process information in a way that is fundamentally different to traditional computers. Where older computers have traditionally used bits as the smallest unit of data, representing either a 0 or a 1, quantum computers use quantum bits or qubits, which may exist simultaneously in multiple states owing to superposition. At the same time, qubits can be entangled, which means that the state of one qubit can depend on the state of another, regardless of the distance between them. Such properties provide quantum computers with the ability to execute complex calculations at an exceptional rate.

What Does This Mean For Encryption?

Currently, the majority of security systems in existing IT environments depend on public-key cryptography, which is ubiquitous across messaging, financial transactions and securing data at rest. These cryptographic paradigms are based on mathematical problems that are challenging and time-consuming for traditional computers to address.

But for the quantum computers of the future, such problems will not be so difficult to un-pick.

Historically, the primary advantage of common encryption methods like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) is that they are proficient in tackling the computational difficulty of specific mathematical problems - for instance, factoring large prime numbers or solving discrete logarithms. So, the security of encrypted data is assured as finding the factor of extraordinarily large numbers would take a non-quantum computer millions of years to determine.

But the advent of quantum computers represents such a dramatic departure from the traditional methods of encryption, that said methods have the potential to become obsolete. Even a reasonably advanced quantum computer could factor large numbers exponentially faster than traditional machines, with the effect of cracking RSA encryption. Meanwhile, the security of ECC could be undermined by quantum algorithms that efficiently solve elliptic curve discrete logarithms. 

Data Security At Risk

Quantum computers with the power to break established encryption algorithms poses a severe threat to many of the current information security frameworks we take for granted. The safety of bank accounts and transactions, the privacy of medical records, and that of trade and national security secrets, and more, would all be undermined. The integrity and confidentiality of digital communications would also be on the line, and as a result, the very concepts that are foundational to modern cybersecurity can no longer be relied upon.

In light of this, governments, organisations and enterprises across the world are mobilised to respond to this challenge through exploring and investing in quantum-resistant encryption.

Many see post-quantum cryptography as the means of establishing the algorithms capable of resisting quantum attacks.  

Standards: Underwriting The Future Of Cybersecurity 

While researchers devote time and effort to developing the post-quantum cryptographic algorithms capable of withstanding the computational power of quantum computers, those of us in the standards community are also stepping up to deliver on quantum-safe readiness. It is essential to define, evaluate, and standardise quantum-resistant algorithms to ensure robust security, practical, and commercially successful implementation. Naturally, standardisation of cryptographic algorithms requires a significant amount of time and effort for their security to be trusted by both governments and the wider industry. 

ETSI’s Quantum-Safe Cryptography (QSC) working group, for example, aims to assess and make recommendations for quantum-safe cryptographic protocols and implementation considerations, while keeping in mind the industrial requirements for real-world deployment. By prioritising performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications, it will be possible to enable a smooth transition to a quantum secure cryptographic future.

Quantum Key Distribution: Holding The Line On Cybersecurity

Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys known only to exclusive parties. It draws-on properties found in quantum physics to exchange cryptographic keys in such a way that is provable and guarantees security. It enables two parties to produce and share a key that is used to encrypt and decrypt messages. Fundamentally, QKD is a means of distributing the key between parties. The London Quantum Secure Network is just one example of a quantum-secure data transmission which effectively delivers security key payload to customer sites using QKD. The high level of current activity in quantum communications, however, means that there is a critical need to develop industrial standards for the technology.

To respond to this challenge, ETSI’s Industry Specification Group (ISG) on QKD is leading activities develop common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. From a standards perspective then, such purposeful innovation is helping to ensure that QKD can be used more widely in the commercial realm, but at a steady pace.  

Quantum Readiness: How Soon Is Now?

Quantum computing has the potential to address some of society’s most pressing problems, while simultaneously representing a risk to the integrity of our security infrastructure. In the wrong hands, quantum computing could jeopardise the confidentiality, integrity, and availability of sensitive data which could have real world, geo-political consequences.

In order to protect against those threats, standards are essential in supporting the commercial viability and wider adoption of the technology, as well as enabling end-to-end use cases through the empowerment of a thriving vendor ecosystem. 

Issam Toufik is CTO at ETSI

Image: mesh cube

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« X Blocked In Brazil By Supreme Court Order
The Rise Of SD-WAN And Its Implications For Security & Performance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

LastPass

LastPass

LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.