Unbreakable. How to protect against the hackers of the future

My last post about quantum computers brought a question from one of my readers.

The question was: What do you think about quantum encryption?

Good question, long answer.

First, quantum encryption: that’s using quantum physics to encrypt my communication or using encryption resistant to quantum computers.

How could this come into play? Let’s think about the famous threat of man-in-the-middle attacks, where you are trying to protect from somebody to eavesdrop on your communication. There, you can take advantage of quantum properties of light and use photons to send messages from A to B. Basically, this comes down to securing the communication channel, not encrypting the message itself. For instance, banks looking to improve the security of financial transactions could use quantum communication over short distances. There are numerous players in the market that could provide this kind of capability, but to scale over long distances is challenging.

The other threat could come from using quantum computers to crack the encryption algorithm on any document you’ve sent today (or last week, or some time in the past). Or to put it another way: What if you knew that in 2, 3 or maybe 5 years from now, any file, instant message or document you sent was being viewed by some very shady people (or your business competitors. I’m not sure which would be worse). It could make our current encryption efforts obsolete. Your adversaries may be more than willing to wait.

More and more security professionals are very worried about asymmetric encryption, This uses the method of public/private keys. How does it work? You create and publish a public key based on two large prime numbers, along with an auxiliary value. It is arbitrary, which one you call public or private, but one has to remain secret. You can share the other key with anyone. Then someone who wants to communicate with you can use the public key to encrypt the message and you are the only one who can read it.

It is assumed that in future, quantum computers will be able to crack this type of encryption. Today’s quantum computers are nowhere the size right now (not enough qubits) to crack the code and identify your private key.

Nonetheless, security vendors are advising companies to start implementing 'some kind of protection' now. Their solution is - generate a random number to create an encryption key, distribute it and use an unbreakable algorithm to send encrypted messages.

The challenge starts with a technology which can generate a high number of truly random numbers and distribute them over a secure channel.

The argument from skeptics of this approach is this: “If I already have a secure channel, why do I need anything else?”

Implementing the encryption key distribution requires companies to build more infrastructure, which makes the whole thing more complex and expensive.

Second, use algorithms which can withstand the future attacks of quantum computers. Encryption using an algorithm that can’t be broken by a quantum computer is referred to as 'post-quantum encryption'.

Everyone is waiting for a new standard of algorithm. So far there is no algorithm which has been approved by the National Institute of Science and Technology (NIST). Out of 40 or so, only few are in the final stage of approval. However, the word on the street is that even these won't be approved and then we’ll be back at square one. So far the process has taken almost 6 years.

Perhaps you’d like to know: is there a solution right now? Is there any encryption which I could use right now which won’t be cracked? Yes, there is. You can use the combination of linear algebra, a random keys generator and one-time pad encryption.

Then you are guaranteed that there is no recurrent pattern and you'll be safe.