The path to quantum cybersecurity
Dr. Francis Gaffney, Senior Director – Mimecast Labs & Future Operations at Mimecast, charts the course for quantum cybersecurity
Based on the values of quantum mechanics, quantum computers use rapidly emerging technology to effortlessly process complex algorithms. As quantum computers can perform certain types of computations more efficiently than classical computers, they could also pose a significant threat to current cryptographic cybersecurity systems. This is why there is a need for quantum cybersecurity.
Quantum computing has the potential to unlock secrets ranging from personal finances to a nation’s defense strategy. Large-scale quantum computers, if realized, may allow hackers and nation states to crack current cryptographic protocols.
Essentially, they are capable of threatening the security of commonly used public-key cryptosystems and exposing vulnerabilities that exist in today’s fundamental digital systems that are used to power various Internet services, including online financial transactions. , electronic commerce and secure communications.
NIST Post-Quantum Cryptography Standards Process
Over the next few years, quantum computers of sufficient size and complexity will become capable of running Shor’s algorithm, one of the most widely used algorithms that can easily break factorization-based encryption. Modern encryption systems are designed in such a way that it would take conventional computers billions of years of computation time to crack these codes. However, by combining Shor’s algorithm with the enormous computing power of quantum machines, attackers will become able to decrypt data protected by asymmetric cryptography.
Concerned about the potential threat these machines pose to data security in government and private organizations, since 2017 the US National Institute of Standards and Technology (NIST) has been working on the process of standardizing post-quantum cryptography with the crypto community to combat cyber threat actors, including those who now operate under the concept of “harvest now, decrypt later”. This means that encrypted data that is safe from today’s cyber threats, can be stored or recorded now using vulnerable quantum algorithms, and then decrypted when large-scale, usable quantum computers emerge.
The NIST process was initiated to evaluate and establish new public key cryptography standards and specify at least one publicly disclosed digital signature, public key encryption and key establishment algorithms. On July 5, 2022, NIST completed its third round of the Post-Quantum Cryptography Standards Process (PQC), during which it identified four new algorithms to withstand the risks imposed by quantum processors.
Security Implications for Organizations
While NIST is scheduled to hold its fourth conference later this year to refine the algorithms and further develop concrete implementation strategies, we are still a few years away from facilitating full adoption of these standards. And as research continues to accelerate to circumvent Shor’s algorithm, organizations should now consider working with cybersecurity specialists to better prepare for the potential for quantum implementation vulnerabilities.
By working with highly trained cybersecurity specialists, businesses and government organizations can now help their CIOs and other IT managers increase their engagement with standards development organizations to keep abreast of the latest developments related to IT changes. dependent algorithms and protocols.
These cybersecurity specialists or managers can also help organizations audit their current inventory to identify the most sensitive and critical data sets that need to be secured. This information can help identify critical data that is at risk of being decrypted once a cryptographically exploitable quantum computer becomes available.
It is also important that organizations work with cybersecurity leaders to identify data acquisition, cybersecurity, and data security standards that will need to be updated to reflect post-quantum requirements. From this audit, organizations will be able to identify where and for what purpose public key cryptography is currently being used and mark these systems as “quantum vulnerable”.
Overall, these early preparations, including inventorying all systems using cryptographic technologies for any function, can help organizations better protect against potential quantum implementation vulnerabilities while facilitating a smooth and efficient transition to new post-quantum cryptography standards in the future. .
from the editor Recommended Articles