Standards: The Key To Building A Sustainable Quantum-Safe Future 

As the digital landscape becomes increasingly more complex, one area of technological advancement that promises to deliver both opportunities and challenges is quantum computing.

That’s because while quantum computing presents a number of advantages to a range of industries - information security for financial services and government, streamlined processes and improved efficiency for manufacturing, accelerated drug discovery and development processes for pharmaceuticals - it also poses significant threats to existing encryption standards, which in turn raises real concerns about data security.

Public-key cryptography - widely used on the internet today - is dependent on the mathematical problems believed to be difficult to solve given the computational power available now and in the medium term. A quantum computer would have no trouble breaking these popular cryptographic schemes. Which means in a quantum future, our global information infrastructure may be at risk.  

Cracking the code of quantum computing

Quantum computing leverages the core principles of quantum mechanics to process information in a way that is fundamentally different to traditional computers. Where older computers have traditionally used bits as the smallest unit of data, representing either a 0 or a 1, quantum computers use quantum bits or qubits, which may exist simultaneously in multiple states owing to superposition. At the same time, qubits can be entangled, which means that the state of one qubit can depend on the state of another, regardless of the distance between them. Such properties provide quantum computers with the ability to execute complex calculations at an exceptional rate.

What Does This Mean For Encryption?

Currently, the majority of security systems in existing IT environments depend on public-key cryptography, which is ubiquitous across messaging, financial transactions and securing data at rest. These cryptographic paradigms are based on mathematical problems that are challenging and time-consuming for traditional computers to address.

But for the quantum computers of the future, such problems will not be so difficult to un-pick.

Historically, the primary advantage of common encryption methods like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) is that they are proficient in tackling the computational difficulty of specific mathematical problems - for instance, factoring large prime numbers or solving discrete logarithms. So, the security of encrypted data is assured as finding the factor of extraordinarily large numbers would take a non-quantum computer millions of years to determine.

But the advent of quantum computers represents such a dramatic departure from the traditional methods of encryption, that said methods have the potential to become obsolete. Even a reasonably advanced quantum computer could factor large numbers exponentially faster than traditional machines, with the effect of cracking RSA encryption. Meanwhile, the security of ECC could be undermined by quantum algorithms that efficiently solve elliptic curve discrete logarithms. 

Data Security At Risk

Quantum computers with the power to break established encryption algorithms poses a severe threat to many of the current information security frameworks we take for granted. The safety of bank accounts and transactions, the privacy of medical records, and that of trade and national security secrets, and more, would all be undermined. The integrity and confidentiality of digital communications would also be on the line, and as a result, the very concepts that are foundational to modern cybersecurity can no longer be relied upon.

In light of this, governments, organisations and enterprises across the world are mobilised to respond to this challenge through exploring and investing in quantum-resistant encryption.

Many see post-quantum cryptography as the means of establishing the algorithms capable of resisting quantum attacks.  

Standards: Underwriting The Future Of Cybersecurity 

While researchers devote time and effort to developing the post-quantum cryptographic algorithms capable of withstanding the computational power of quantum computers, those of us in the standards community are also stepping up to deliver on quantum-safe readiness. It is essential to define, evaluate, and standardise quantum-resistant algorithms to ensure robust security, practical, and commercially successful implementation. Naturally, standardisation of cryptographic algorithms requires a significant amount of time and effort for their security to be trusted by both governments and the wider industry. 

ETSI’s Quantum-Safe Cryptography (QSC) working group, for example, aims to assess and make recommendations for quantum-safe cryptographic protocols and implementation considerations, while keeping in mind the industrial requirements for real-world deployment. By prioritising performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications, it will be possible to enable a smooth transition to a quantum secure cryptographic future.

Quantum Key Distribution: Holding The Line On Cybersecurity

Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys known only to exclusive parties. It draws-on properties found in quantum physics to exchange cryptographic keys in such a way that is provable and guarantees security. It enables two parties to produce and share a key that is used to encrypt and decrypt messages. Fundamentally, QKD is a means of distributing the key between parties. The London Quantum Secure Network is just one example of a quantum-secure data transmission which effectively delivers security key payload to customer sites using QKD. The high level of current activity in quantum communications, however, means that there is a critical need to develop industrial standards for the technology.

To respond to this challenge, ETSI’s Industry Specification Group (ISG) on QKD is leading activities develop common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. From a standards perspective then, such purposeful innovation is helping to ensure that QKD can be used more widely in the commercial realm, but at a steady pace.  

Quantum Readiness: How Soon Is Now?

Quantum computing has the potential to address some of society’s most pressing problems, while simultaneously representing a risk to the integrity of our security infrastructure. In the wrong hands, quantum computing could jeopardise the confidentiality, integrity, and availability of sensitive data which could have real world, geo-political consequences.

In order to protect against those threats, standards are essential in supporting the commercial viability and wider adoption of the technology, as well as enabling end-to-end use cases through the empowerment of a thriving vendor ecosystem. 

Issam Toufik is CTO at ETSI

Image: mesh cube

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« X Blocked In Brazil By Supreme Court Order
The Rise Of SD-WAN And Its Implications For Security & Performance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

IT Solutions Consulting

IT Solutions Consulting

IT Solutions is a full-service IT partner providing managed services and other information technology solutions nationwide.