Introduction to Quantum Computing:
Quantum computing is a rapidly developing field with the potential to revolutionize the way we know computing and one aspect of it, which is cryptography. Quantum computers are able to perform certain types of calculations much faster than classical computers, including the mathematical problems used in some encryption methods. As a result, quantum computers could theoretically break many of the encryption standards that organizations use today.
This could pose a serious threat to growing classical encryption systems and thus digital sovereignty. Digital sovereignty is the ability of a country or organization, even an individual to control their own digital data and infrastructure. Without strong encryption, digital data is vulnerable to theft and exploitation by foreign organizations and other adversaries especially within industries such as banking, railways, energy, telecommunications, and other critical infrastructures.
We know the impact that a serious cyber-attack can have on organizations. But as quantum computers become more powerful and accessible, it is important for governments and organizations to take steps to protect their digital data from the surveillance strategy of “Harvest Now, Decrypt Later” where the current encrypted data could be stored in the hopes of being decrypted by a quantum computer at one point.
Proposed Mitigation Strategies:
One way to mitigate the threat of quantum computing is to transition to post-quantum cryptography. Post-quantum cryptography (PQC) is a type of cryptography that is designed to be resistant to attacks from quantum computers. In other words, these cryptographic algorithms are based on concepts that are yet thought to be uncrackable by quantum computers. An example of some of them is Lattice-based, code-based, hash-based, multivariate polynomial.
Many researchers are currently developing post-quantum cryptography algorithms, and some of these algorithms are already being defined by organizations such as the National Institute of Standards and Technology (NIST). As the result of an extensive program, NIST announced the first four quantum-resistant cryptographic algorithms that it will standardize:
- CRYSTALS-KYBER
- CRYSTALS-Dilithium
- FALCON
- SPHINCS+
Another way to mitigate the threat of quantum computing is to use quantum key distribution (QKD). QKD is a secure communication protocol that uses quantum mechanics to distribute encryption keys. Some governments and organizations are already using QKD to protect their most sensitive data.
QKD relies on the properties of quantum physics. Secure key distribution is achieved by sending a sequence of quantum states, such as single photons, and measuring them at the receiving end. Because of the laws of quantum physics, it is impossible for an eavesdropper to intercept the key without being detected: bits of information are encoded on a physical phenomenon with such a small quantity of energy that seeing this phenomenon is already altering it.
There have been many projects carried out within the different parts of the world. EUROQCI within the EU is one such example. An extensive network of QKD systems is being built, also called Quantum Communications Infrastructure, for the secure transmission of critical data within its member states with the help of three segments:
- Satellite Segment for large distances
- Terrestrial Segment for shorter distances
- Quantum Hub as an orchestrator for the network
Evaluating these strategies:
Within the scope of my master’s studies at EM Lyon Business School, I had a chance to gain insights and dive deeper into upcoming technologies concerning cyberspace, such as Quantum Key Distribution along with SES Satellites, as a part of my end-of-studies internship. With an opportunity to study the QKD and PQC technologies at their conceptual level, here are a few advantages that QKD has over PQC:
- Security is based on the laws of physics, not mathematical algorithms. This makes QKD immune to attacks from quantum computers, regardless of how powerful they become. PQC algorithms, on the other hand, are still under development and it is possible that they could be broken by future quantum computers.
- The ability to detect eavesdropping attempts: Any attempt to eavesdrop on a QKD transmission will inevitably disturb the qubits, which can be detected by the sender and receiver. PQC algorithms do not have this ability so eavesdropping attempts could go undetected.
- The ability to transmit keys over larger distances with the use of satellites, so that terrestrial nodes can link strategic sites within and between neighboring countries, whereas satellite segments will be used to cover larger distances across the EU.
- Can be a permanent and reliable solution for the implementation, compared to the other mitigation strategies when it comes to tackling quantum supremacy, as QKD works on the physical properties of quantum which cannot be eavesdropped.
Although with the strong pros that these strategies present, there have been certain downsides that could hinder their adoption:
- Cost: The deployment of QKD and PQC infrastructure can be expensive. This is because the technology is still in its early stages of development, and the components required to build and operate QKD and PQC systems can be costly but could be resolved later in time as these products get commercialized.
- Complexity: QKD and PQC systems can be complex to implement and manage. This is because they rely on sophisticated quantum physics principles. As a result, it can be difficult to ensure that QKD and PQC systems are deployed and operated correctly.
- Security: There are still some security vulnerabilities that need to be addressed in QKD and PQC systems. For example, there have been some successful attacks on commercial QKD systems. Additionally, some researchers have raised concerns about the security of certain PQC algorithms.
- Interoperability: There is a need to develop standards for interoperability between QKD and PQC systems. This is because different vendors are developing different QKD and PQC products and solutions. Without standards for interoperability, it will be difficult to build and operate large-scale QKD and PQC networks.
- Scalability: It is not yet clear how well QKD and PQC can be scaled to meet the needs of large organizations and governments.
- Performance: QKD and PQC systems can have lower performance than traditional cryptographic systems. This is because QKD and PQC systems need to perform additional operations to ensure security. Also, QKD transmissions can be affected due to environmental factors when it comes to satellite communications.
- Usability: QKD and PQC systems can be more difficult to use than traditional cryptographic systems. This is because QKD and PQC systems require users to have a good understanding of quantum physics and cryptography.
Conclusion:
Evaluating the overall posterity, the development of these mitigation strategies to counter the impending threat posed by quantum computing is a field that remains in its formative stages, far from achieving flawless efficacy. However, the imperative of the moment is for cybersecurity professionals to proactively consider and begin contemplating the integration of these evolving strategies within their respective industries. This urgency stems from the demonstrated potential of quantum-resistant technologies in ongoing research endeavors, which hold the promise of safeguarding sensitive data against the looming threat of decryption by quantum computers. Even in the present, with quantum computing not yet mainstreamed, the need to prepare transition towards it is necessary for the secure transactions carried out today.
But along with the technological prowess of these strategies proposed, it doesn’t only boil down to the advancements provided by QKD but also to the correct pressure and incentives on the industries to use this technology and implement it correctly. On a larger scale, there is a need for these technologies to be integrated with public-private partnerships, allowing governments, academia, and industry to join forces together, allowing them to pool their resources and expertise together more than ever before.
Some Additional References:
- Inside big tech’s high-stakes race for quantum supremacy
- The state of U.S.-China quantum data security competition
- MIT Explainer – What is post-quantum cryptography?
- Microsoft – Cryptography in the era of quantum computers
- Post-Quantum Cryptography: Anticipating Threats and Preparing the Future
- Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
- A new vulnerability threatens three finalists of the NIST Post-Quantum Cryptography contest
- Experimental vulnerability analysis of QKD based on attack ratings
- Practical Side-Channel Attack on Free-Space QKD Systems With Misaligned Sources and Countermeasures