Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/28/2018
10:30 AM
Tim Hollebeek
Tim Hollebeek
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Start Preparing Now for the Post-Quantum Future

Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.

Search on the phrase "quantum computing," and you'll find a furious debate. On the one hand, you'll read breathless articles predicting groundbreaking advances in artificial intelligence, genomics, economics, and pretty much every field under the sun. On the other, you'll find the naysayers: It's all hype. Large-scale quantum computers are still decades away — if they're possible at all. Even if they arrive, they won't be much faster than standard computers except for a tiny subset of problems.

There's one area, however, where you'll find all sides agree: Quantum computing will break most of the encryption schemes on which we rely today. If you're responsible for your organization's IT or security systems, and that sentence made the hair on the back of your neck stand up, good. To get ready for a post-quantum world, you should be thinking about the problem now.

So Long, Encryption
Much of the debate around what quantum computers can do remains speculative, but there are a few areas where we know they'll excel. Back in 1994, mathematician Peter Shor developed a quantum algorithm that can perform certain types of calculations, such as finding the prime factors of huge numbers, far more quickly than classical computers. Well, today's most widely used encryption systems rely on those types of calculations.

According to the Cloud Security Alliance's Quantum Safe Security Working Group (emphasis added):

Large-scale quantum computers will be able to use Shor's algorithm to break all public key systems that employ RSA (integer factorization-based), Diffie—Hellman (finite field discrete log-based), and Elliptic Curve (elliptic curve discrete log-based) Cryptography. These algorithms underpin essentially all of the key exchange and digital signature systems in use today. Once reasonably sized quantum computers capable of operating on tens of thousands of logic quantum bits (qubits) exist, these public key algorithms will become useless.

For the moment, quantum computing at those scales is still hypothetical. Current quantum computers, like those being developed by IBM and Google, can process a limited number of qubits. But researchers are pushing those limits every day.

"It might still cost an enormous amount of money to build," says one of those researchers, MIT's Isaac Chuang. "But now it's much more an engineering effort, and not a basic physics question."

Time Is Not on Your Side
So, breaking RSA and other common encryption schemes sounds pretty bad. But if large-scale quantum computers are still 10 to 15 years away, as even optimistic researchers believe, we have plenty of time to develop post-quantum cryptography solutions, right? Not really. There are two issues.

First, if you accept that 10- to 15-year window, products shipping right now will still be in the field when the first large-scale quantum computers come online. Consider Internet of Things (IoT) devices like connected cars, smart power and water meters, control systems for major power, and transportation infrastructure. Many of those devices are designed to operate for a decade or longer. Almost all of them use RSA.

Second, while some of the world's brightest minds are working on "quantum-safe" encryption mechanisms, the process will take time. Implementing the new standards they ultimately recommend will take even longer.

Think about every process and device in your organization that relies on public key systems: Email. Authentication. Every online financial transaction. How long will it take to change and update those systems? Years, most likely. If you're in a heavily regulated industry like financial services, with complex and specific compliance requirements, expect the process to take even longer.

"It has taken almost 20 years to deploy our modern public key cryptography infrastructure," notes the National Institute of Standards and Technology (NIST) in its "Report on Post-Quantum Cryptography." "It will take significant effort to ensure a smooth and secure migration from the current widely used cryptosystems to their quantum computing resistant counterparts. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing."

Take Action
It may take a while for industry groups to settle on the best approaches to post-quantum encryption and authentication, but you don't have to wait. There are steps you can take now to prepare:

  • Keep an eye out: Monitor the development of both quantum computers and post-quantum standards and protocols, especially when designing IoT devices with a 10-year-plus lifespan.
  • Double key sizes: If you think your current systems will still be around when quantum computing debuts, double your key sizes for symmetric algorithms. A good place to start is AES-256, which is not much less efficient than the shorter key versions. For collision-resistant hash functions, use SHA-512.
  • Embrace the hash: Hash-based signatures are a viable quantum-safe trust mechanism you can use in the near future, with NIST expected to standardize them in 2019. These signatures can also be used to securely deploy more advanced quantum-safe technologies in the future.
  • Mix and match crypto: Some in the financial industry are exploring hybrid cryptography, which combines conventional RSA or elliptic-curve cryptography with one or more of the new "quantum-resistant" algorithms. In this model, cracking a key exchange would require an attacker to break multiple encryption schemes at once.
  • Talk to your provider: Make sure you're talking to your cryptography provider about their plans for quantum-resistant computing, particularly if you're producing IoT-enabled products with long operating lives. An experienced provider should be able to help you build quantum-resistant crypto into your deployments, such as certificate-based authentication using public key infrastructure.

The debate around quantum computing will likely rage on, and we may not have clear answers to the biggest questions for several years. But smart IT and cybersecurity professionals are taking a proactive approach. By starting to prepare now for a post-quantum world, you can make sure that when the wave comes, you're able to ride it — instead of getting crushed.

Related Content:

Timothy Hollebeek has 19 years of computer science experience, including eight years working on innovative security research funded by the Defense Advanced Research Projects Agency. He then moved on to architecting payment security systems, with an emphasis on encryption and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
timhollebeek
50%
50%
timhollebeek,
User Rank: Author
1/2/2019 | 1:41:25 PM
Re: Classical is better
It is true that potential number-theoretic breakthroughs could threaten RSA before quantum computers do.  I know several experts who view this as an additional reason to move to post-quantum methods before that happens.

However, it is not true that smart people have ignored or neglected the problem of finding better classical factoring algorithms.  Plenty of effort has been expended by some extremely smart number theoreticians for a long, long time, yet 2048-bit numbers still cannot be factored in "minutes" as you suggest.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/29/2018 | 6:21:10 PM
trumping the 5G race
Making these trends all the more important is the notion that secure quantum communications will be the next big thing after 5G -- and, thus, critical to national security, as highlighted by a recent USAF report.

In particular, the report pointed to recent experiments involving a Chinese launched satellite from which tthe altering of quantum subparticles entangled with quantum subparticles on Earth affected the latter subparticles -- and further experimentation in that field by scientists around the globe.
fojo123
50%
50%
fojo123,
User Rank: Apprentice
12/29/2018 | 7:27:56 AM
Classical is better
"While some of the world's brightest minds are working on "quantum-safe" encryption mechanisms, the process will take time..."

 

It's all very well being "some of the world's brightest minds", but when number theoretic problems like integer factoriation are solved in practically fast polynomial time on classical computers, thanks to a very deep understanding of number theory translated into clever and efficient algorithms that can break RSA-1024, 2048 or 4096 in a matter of minutes, then quantum computers will become a rather moot point. It's like saying I can build a ten tonne hydraulic steam hammer press, and it can crack all types of nuts instantly, including cashews, walnuts, almonds and brazils, when in fact a small, hand-held vise-like tool can perform the job just as well, and with magnitudes less effort and expense. Added further to that, is the fact that with quantum computers, there's a form of 'quantum cop-out', where we have no greater understanding of number theory than we did before, we simply rely on quantum spookiness to solve our problems for us, instead of old fashioned ingenuity, tenacity and resilience when tackling difficult mathematical problems. You'd be suprised how far you could progress in solving these problems classically, if you but only tried. Maybe some old-fashioned discernment and wisdom would go a long way in general in the modern world. If as many people as are working on quantum computers, worked with as much effort and enthusiasm on understanding number theory problems, then these problems would have been solved satisfactorily quickly and efficiently many years ago, all the while increasing our insight into the nature of these problems, and having many important and useful corollaries and knock-on effects in other fields as well.   
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.