Quantum computers are getting nearer and nearer every day, sending information security experts in a frenzy to look for unbeatable ways to safeguard electronic information.
Modern internet communication, e-commerce, and other online transactions heavily rely on cryptography. Cryptography is a way of encoding data to protect it from malicious parties. Complex mathematical problems generate the codes used for encoding. The codes are said to be very hard to reverse engineer.
However, experts warn that if you can get your mitts on a functional quantum computer, you will be cracking codes and making away with valuable information without breaking for lunch!
What are quantum computers?
Quantum computers are very powerful computers for the future. They utilize the quantum property of subatomic particles to perform feats that are not possible with classical computers.
Quantum algorithms are especially good on problems requiring numbers to be broken down to their prime factors. Mathematicians call these Hidden Subgroup Problems.
Many modern public-key cryptography problems can be reduced to HSPs over abelian groups and solved easily. That means that if you can build yourself a quantum computer, current cryptography programs don’t stand a chance.
Luckily for the world, right now, quantum computers do not have this kind of processing power. That means there is time to develop better encryption
algorithms that can’t be manipulated by quantum computers.
Currently, the National Institute of Standards and Technology is keen on the matter. Quantum cryptography is the future of data encryption. But before we look at the progress made, let’s look at the basics of cryptography.
What is cryptography?
Cryptography is the art of encoding data to protect it from malicious parties. From online banking records to person info on hard disks, data is encrypted such that only those with a key can decrypt it.
To put it in layman’s terms, encryption takes clear data and turns it into gibberish using a set of keys. Only parties with a digital key to decrypt the can access the information.
What are the types of encryption?
To secure personal information or exchange messages online, systems employ either of the following encryption:
- Asymmetric (public-key cryptography)
Public key encryption uses a pair of linked keys to encrypt data. One key is made to the public, and the other is kept private. Only parties with the private key can decrypt the data. On the other hand, symmetric encryption uses the same key to encrypt and decrypt data.
Public-key encryption is more secure.
Public key encryption is more secure. Codes that are very hard to reverse engineer are generated from complex mathematical algorithms. Think of it as a slotted mailbox that anyone can drop mail in, but only a few parties have the key to open it and access the mail. However, for symmetric encryption, the mailbox is not slotted. Instead, it’s open, so anyone who drops mail inside it can access its contents. To protect the contents, the mailbox must be kept hidden at all times.
But symmetric encryption is faster:
But symmetric encryption is significantly faster compared to public-key encryption. Many communications and stored info are encrypted symmetrically.
On the other hand, Public-key encryption is useful in securing symmetric key exchanges. It is also used in digital signatures to authenticate messages, certificates, and documents when paired with owners’ identities.
For example, HTTP protocols require browsers and servers to perform handshakes using public-key encryption. After the ‘handshake,’ a private (Symmetric) key is established. The key encrypts future information exchanges between the two parties.
Code cracking or breaking is the art of trying to find the key used to encrypt information. Symmetric and asymmetric encryption uses different math to generate code for encrypting info, but fundamentally, code-breaking just involves trying all possible keys till you find the right one.
Symmetric encryption is a bit easy to reverse engineer. It is just an advanced form of substitution cipher. For example, any keen person can figure out that to decrypt data encrypted by shifting alphabets some specific digits ahead, one needs to switch the alphabet back. But this is an elementary form of symmetric encryption. Current methods are more advanced, requiring large teams of people and years of work to crack.
Trying in all possible keys takes time and only increases with the bits in the keys. A 64-bit key has 2ˆ64 possible solutions. For a 128-bit key, it’s 2ˆ128. It will literally take trillions of years to crack the code.
However, for quantum computers, possible keys can be tried exponentially, coming up with the right key in mere hours!
Problems with current cryptography methods.
Current cryptography methods don’t stand a chance against the computational power of quantum machines. Here is exactly why quantum computation is a threat to current cryptography problems:
They are a few decades old.
Current cryptography methods to secure data were developed decades ago before quantum algorithms came to fruition. As a matter of fact, quantum computers can solve current cryptographic problems really fast.
As it happens, Grover’s algorithm can reduce the number of evaluations to finding the right key for decrypting data. And it does so with very high probability.
To a quantum computer, a 256-bit key has the same security as a 128-bit key has against a normal computer. A 128-bit key is the same as a 64-bit key, and so on.
They can be broken down into easy-to-solve HSPS problems.
Many popular public-key encryption problems can be broken down to HSPS problems, and from there, it’s just a matter of looking for factors. For example, RSA is a popular asymmetric encryption algorithm. Still, the generated code can be reverse-engineered quickly using a quantum computer and Shor’s algorithm without the need to try all possibilities.
Shor’s algorithm is a quantum algorithm for computing the factors of the product of prime numbers at an exponential rate. Therefore, as it stands, RSA encryption can’t stand a chance against quantum computers’ power.
Another threat of quantum computer to cybersecurity is data scraping:
Scraping is a real threat now. Malicious actors are stealing data for storage until they can get their hands on quantum machines for decryption. If information security experts cannot safeguard their data now with quantum-proof cryptography, they risk losing data to nefarious actors.
Quantum computer also threatens the Internet of Things (IoT)
Right now, people trust online transactions because of public-key encryption. Encryption makes e-commerce and modern communication possible. However, if people can’t trust public-key encryption anymore because of the threat of quantum computers, then it’s is the death of IoT, including:
- Online banking
- Connected appliances
- Smart home
But quantum computers are not all-powerful. It is possible to find quantum-proof ways to secure data.
Information security organizations are looking for new encryption methods to protect data from the power of quantum computers. Experts at IBM says the trick is in avoiding cryptography problems that can be reduced to HSP.
One example of a problem that doesn’t require breaking down numbers to their prime factors is lattice reduction. IBM has successfully tasted an encryption algorithm based on this problem. The algorithm is dubbed CRYSTALS (Cryptographic Suite for Algebraic Lattices). The company hopes to start using the algorithm on its products this year.
NIST is examining systems for the post-quantum cryptography world too
NIST is also currently evaluating 26 other quantum-proof encryption algorithms to select the best for use on internet applications.
QKD could be the safest way to communicate in the future
Data security organizations are looking into quantum-key-distribution (QKD) as an alternative to asymmetric encryption too. Quantum methods can be used by senders and receivers to perform � handshakes’ and establish a secret key. This is referred to as hybrid certificates, i.e., quantum-proof algorithms are used together with symmetric-key schemes.
However, keep in mind that even quantum-proof cryptography won’t protect from malware, inevitable software glitches, and data misuse by insiders. Here are additional cybersecurity measures:
Watch out for apps that don’t secure private keys from the public.
Even quantum-proof cryptography won’t protect against apps that carelessly make their API public. Watch out for such information security sloppiness.
Certainly, uncrackable keys are the foundation for safe information transmission and storage. However, additional care is needed to protect private keys and stop the spread of malware.
Who can governments do?
Governments and individual enterprises need to act now. A council for establishing ethical standards on the use of quantum resources is needed. People also need to be educated on quantum computers, the benefits, and risks they pose. Governments should also incentivize individuals to embrace quantum cryptography as a possible way to safeguard the worldwide ecosystem.
Even though powerful quantum computers are only theoretical now, the threat they pose to cybersecurity is immense. These monster machines can calculate mathematical problems thousands of times than classical computers. They hold so much promise to nefarious actors; they are currently stealing data for storage until they can use quantum computers to decrypt them. Quantum-resistant ways to secure information start now before these machines find you unprepared.