Quantropi. Quantum encryption can protect companies, systems, applications...and don’t forget grandma

I wrote an article on quantum cryptography and quantum encryption for the website Quantropi a while back. Since then, I’ve decided it needed a slight rewrite, so I took a second stab at it.

Here’s the result:

In recent years, the world has witnessed an unprecedented surge of interest in the realm of quantum computing. The headlines paint a picture of rapid progress, from Google's quantum supremacy claim in 2019 to Honeywell's declaration of the fastest quantum computer in June 2020. In February 2021, a quantum computer solved a decades-old problem millions of times faster than its classical counterpart. China entered the race in October 2021 with a quantum computer boasting a millionfold increase in power compared to Google's. IBM joined the fray in November 2021, asserting its quantum machine's superiority over standard computers.

Yep. These headlines might lead you to believe that quantum computers are on the brink of replacing classical computers, ready for mainstream use, and significantly faster. But as with all headlines, the reality is … blown out of proportion.

It’s no lie. Quantum computing is advancing. And at quite an astonishing pace. But we need to  remember that the world of algorithms and supercomputers is evolving in tandem with quantum computers. Risks, challenges, and potential attacks are growing stronger alongside our technological achievements.

Quantum encryption is the key to safeguarding our data

So, what's the solution to keeping your private communications secure five, ten, or even a hundred years from now? One significant threat, known as "Steal Now Crack Later," arises from the use of quantum computers to crack encryption algorithms used on documents sent today or in the past. In short, what if you knew that, in a few years, your confidential files, messages, or documents could be accessed by malicious actors, competitors, or rogue governments? This scenario could render our current encryption methods obsolete. And your enemies are very patient.

One particular concern among security professionals is asymmetric encryption, which employs public and private keys. Here's how it works:

You create and publish a public key based on two large prime numbers, along with an auxiliary value. One key is public, while the other remains a secret. You can share the public key with anyone, and when someone wants to communicate with you, they use the public key to encrypt the message, ensuring only you can read it. Asymmetric encryption is widely used for secure internet sessions to exchange a strong session key, which, in turn, encrypts and decrypts all messages exchanged between parties.

The looming threat is that, in the future, quantum computers could potentially crack the message encrypted with the public key, gain access to the session key, and then unlock all subsequent messages and data protected by it. Or, quantum computers might compute or guess the session key in mere minutes.

As of today, quantum computers lack the necessary size (insufficient qubits) to break the asymmetric encryption and extract the session key or efficiently calculate/guess the key itself. Still, cybersecurity experts are advising companies to start implementing some form of protection now.

The road to post-quantum encryption

To address the vulnerability of today's asymmetric encryption algorithms, the starting point is to upgrade existing algorithms or develop new methods for securely exchanging session keys. Encryption that is immune to quantum attacks is known as Post-Quantum Encryption (PQC).

The United States National Institute of Standards and Technology (NIST) initiated a PQC standardization process in 2016. The new algorithms are expected to be ready in 2024.

An alternative to algorithm-based key exchange is Quantum Key Distribution (QKD), which explores the entanglement of photons across fiber optic networks. But distributing QKD at high speed over the current internet infrastructure is no easy feat, despite ongoing research and commercial development efforts.

Overcoming quantum attacks … to protect grandma

To thwart potential quantum attacks aimed at calculating or guessing the session key, one solution involves generating a strong, truly random number as the encryption key. The challenge lies in developing technology capable of generating a large number of truly random numbers and distributing them through a quantum-secure channel.

So how does grandma fit in? Well, quantum cryptography is pretty much a surefire way to protect her privacy, and make sure risks like ID theft are moot points. But it’s not just about protecting the vulnerable, it’s about protecting all vulnerabilities.

555 vCTO tech advisors can help you gauge your company’s security

Is your company ready for a cybersecurity check? Growing businesses need to keep their data and systems safe from cybersecurity threats. At 555vCTO.com, our experts can guide your team through a cybersecurity response plan for that just in case scenario. Contact us today.