Standards: The Key To Building A Sustainable Quantum-Safe Future 

Uploaded on 2024-09-02 in TECHNOLOGY-Key Areas-Quantum Computing, TECHNOLOGY--Developments, FREE TO VIEW

As the digital landscape becomes increasingly more complex, one area of technological advancement that promises to deliver both opportunities and challenges is quantum computing.

That’s because while quantum computing presents a number of advantages to a range of industries - information security for financial services and government, streamlined processes and improved efficiency for manufacturing, accelerated drug discovery and development processes for pharmaceuticals - it also poses significant threats to existing encryption standards, which in turn raises real concerns about data security.

Public-key cryptography - widely used on the internet today - is dependent on the mathematical problems believed to be difficult to solve given the computational power available now and in the medium term. A quantum computer would have no trouble breaking these popular cryptographic schemes. Which means in a quantum future, our global information infrastructure may be at risk.  

Cracking the code of quantum computing

Quantum computing leverages the core principles of quantum mechanics to process information in a way that is fundamentally different to traditional computers. Where older computers have traditionally used bits as the smallest unit of data, representing either a 0 or a 1, quantum computers use quantum bits or qubits, which may exist simultaneously in multiple states owing to superposition. At the same time, qubits can be entangled, which means that the state of one qubit can depend on the state of another, regardless of the distance between them. Such properties provide quantum computers with the ability to execute complex calculations at an exceptional rate.

What Does This Mean For Encryption?

Currently, the majority of security systems in existing IT environments depend on public-key cryptography, which is ubiquitous across messaging, financial transactions and securing data at rest. These cryptographic paradigms are based on mathematical problems that are challenging and time-consuming for traditional computers to address.

But for the quantum computers of the future, such problems will not be so difficult to un-pick.

Historically, the primary advantage of common encryption methods like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) is that they are proficient in tackling the computational difficulty of specific mathematical problems - for instance, factoring large prime numbers or solving discrete logarithms. So, the security of encrypted data is assured as finding the factor of extraordinarily large numbers would take a non-quantum computer millions of years to determine.

But the advent of quantum computers represents such a dramatic departure from the traditional methods of encryption, that said methods have the potential to become obsolete. Even a reasonably advanced quantum computer could factor large numbers exponentially faster than traditional machines, with the effect of cracking RSA encryption. Meanwhile, the security of ECC could be undermined by quantum algorithms that efficiently solve elliptic curve discrete logarithms. 

Data Security At Risk

Quantum computers with the power to break established encryption algorithms poses a severe threat to many of the current information security frameworks we take for granted. The safety of bank accounts and transactions, the privacy of medical records, and that of trade and national security secrets, and more, would all be undermined. The integrity and confidentiality of digital communications would also be on the line, and as a result, the very concepts that are foundational to modern cybersecurity can no longer be relied upon.

In light of this, governments, organisations and enterprises across the world are mobilised to respond to this challenge through exploring and investing in quantum-resistant encryption.

Many see post-quantum cryptography as the means of establishing the algorithms capable of resisting quantum attacks.  

Standards: Underwriting The Future Of Cybersecurity 

While researchers devote time and effort to developing the post-quantum cryptographic algorithms capable of withstanding the computational power of quantum computers, those of us in the standards community are also stepping up to deliver on quantum-safe readiness. It is essential to define, evaluate, and standardise quantum-resistant algorithms to ensure robust security, practical, and commercially successful implementation. Naturally, standardisation of cryptographic algorithms requires a significant amount of time and effort for their security to be trusted by both governments and the wider industry. 

ETSI’s Quantum-Safe Cryptography (QSC) working group, for example, aims to assess and make recommendations for quantum-safe cryptographic protocols and implementation considerations, while keeping in mind the industrial requirements for real-world deployment. By prioritising performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications, it will be possible to enable a smooth transition to a quantum secure cryptographic future.

Quantum Key Distribution: Holding The Line On Cybersecurity

Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys known only to exclusive parties. It draws-on properties found in quantum physics to exchange cryptographic keys in such a way that is provable and guarantees security. It enables two parties to produce and share a key that is used to encrypt and decrypt messages. Fundamentally, QKD is a means of distributing the key between parties. The London Quantum Secure Network is just one example of a quantum-secure data transmission which effectively delivers security key payload to customer sites using QKD. The high level of current activity in quantum communications, however, means that there is a critical need to develop industrial standards for the technology.

To respond to this challenge, ETSI’s Industry Specification Group (ISG) on QKD is leading activities develop common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. From a standards perspective then, such purposeful innovation is helping to ensure that QKD can be used more widely in the commercial realm, but at a steady pace.  

Quantum Readiness: How Soon Is Now?

Quantum computing has the potential to address some of society’s most pressing problems, while simultaneously representing a risk to the integrity of our security infrastructure. In the wrong hands, quantum computing could jeopardise the confidentiality, integrity, and availability of sensitive data which could have real world, geo-political consequences.

In order to protect against those threats, standards are essential in supporting the commercial viability and wider adoption of the technology, as well as enabling end-to-end use cases through the empowerment of a thriving vendor ecosystem. 

Issam Toufik is CTO at ETSI

Image: mesh cube

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« X Blocked In Brazil By Supreme Court Order
The Rise Of SD-WAN And Its Implications For Security & Performance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

Cyber Observer

Cyber Observer

Cyber Observer’s team specializes in providing corporate officers with comprehensive, visual, real-time performance overview, critical security control (CSC) analysis.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.