Post-quantum and pre-quantum security concerns are increasing

General-purpose quantum computers will be able to crack the codes that protect much of the world’s information, and while such machines don’t yet exist, security experts say governments and businesses are beginning to prepare for encryption in a post-quantum world. The task is all the more difficult since no one knows exactly how future quantum machines will work, or even what materials will be used.

Unlike traditional computers, in a quantum computer the unit of information is a quantum bit or qubit. Qubits can have a value of 0, 1, or a superposition of both values ​​at the same time. A widely useful computer will need qubits that are more reliable, error-corrected, more durable, and more plentiful than can be produced today.

Once developed, the power of these machines could be harnessed to accelerate discoveries in areas like AI and pharmaceuticals, not to mention security. The integration of quantum cryptography is expected to usher in a new era of data security as experts explore quantum key distribution (QKD) and other quantum mechanical based cryptography methods.

The flip side is that some encryption methods based on classical computing principles will be obsolete in a post-quantum world. This, in turn, will leave countless systems vulnerable to attack.

But the concerns are also more immediate. Experts are preparing for “harvest now, decrypt later” attacks. As the name suggests, HNDL threats involve hackers collecting encrypted data now with the assumption that new developments in quantum computing will allow them to decrypt this information in the future. A recent Deloitte survey found that half of professionals in organizations considering the benefits of quantum computing believe that their organizations are vulnerable to such attacks.

The solution to securing existing cryptographic algorithms is simple, but problematic.

“All we have to do is replace these algorithms with newer versions that are quantum resistant,” said Marc Witteman, CEO of Risk. “Unfortunately, that’s easier said than done.”

The scale of the challenge is illustrated by recent developments at the National Institute of Standards and Technology. In 2016, the NIST asked the public for help in creating and identifying cryptography standards that can withstand quantum threats. In July, NIST announced four winning algorithms and four algorithms under consideration. Then, at the end of the month, the researchers said they were able to crack one of four algorithms under study – variously called Diffie-Hellman supersingular isogeny key exchange, SIDH or SIKE – using only a laptop.

Witteman says SIKE’s failure is actually a good thing because it proves the need for NIST’s rigorous review and testing process, and shows that researchers are doing their job in trying to crack the codes under study. “Designing, implementing, validating and adopting new cryptographic algorithms is a slow and painful process.”

Fig 1: NIST plans to finalize post-quantum cryptography standards in 2024, but it could take between five and 15 years after that for the industry to fully adopt these standards. Source: NIST.

While the Advanced Encryption Standard was being adopted, it took five years to replace the data encryption standard in the early 2000s, but another decade for the industry to adopt the new standard. Indeed, proving algorithmic security is difficult, if not sometimes impossible, and updating all relevant applications and protocols is extremely time-consuming. “Both hurdles are more painful in hardware than in software, because patching vulnerabilities and functional updates to hardware typically require device replacement,” Witteman said.

Dana Neustadter, Senior Product Marketing Manager for IP Security at Synopsissaid quantum computing will pose a particular threat to public key infrastructure, which currently protects a wide range of sensitive information on the Internet and elsewhere, because quantum computers can be used to crack elliptic curve cryptography (ECC ), and Rivest-Shamir – Adleman Cryptosystems (RSA) – algorithms that are technically solvable but would require impractical time to do with conventional computing methods.

“Therefore, manufacturers of devices and systems with longer lifecycles, or targeting more sensitive applications, need to start implementing a pathway to quantum-safe systems,” Neustadter said. “While the standardization effort is still ongoing, there is a wide range of candidate algorithms, some of which may be broken before or after being standardized, and knowing that a migration to a post-quantum safe world will be a lot more complex than the transitions observed in the past.”

However, there are ways to go. “First, symmetric cryptographic algorithms can be quantum safe using large keys and hashing algorithms using larger output sizes. When it comes to public keys, traditional and post-quantum cryptography algorithms will have to coexist for some time. Cryptographic agility in protocols and implementations will be needed to be able to replace/update algorithms more transparently. Software agility through firmware updates is much easier than hardware agility. However, much like today’s algorithms, hardware acceleration and hardware implementations are necessary for post-quantum cryptography to meet performance and security goals.

Meanwhile, George Wall, product marketing manager for the Tensilica Xtensa IP processor at Cadence, said it was imperative for SoC designers to think about quantum security at the hardware architecture level. “By the time the devices designed today are ready for the market, it may no longer be enough to rely primarily on software techniques to secure algorithms or sensitive data,” he said. “Some companies are focusing on adopting quantum-based encryption techniques, such as using the unique characteristics of a single silicon device to generate a unique, uncloneable signature.”

Beyond Crypto
The concept of security in the quantum age also goes beyond cryptography.

Michael Osborne, CTO of IBM Quantum Safe, said in a recent webinar, “We understand quantum safety to be safe in the quantum age. Some of that replaces the cryptography we use. The other part is making sure that unencrypted data becomes encrypted, or that we apply things like “zero trust” to the quantum. When we talk about the crypto side, it’s really about understanding where crypto is being used and where it’s not safe as we move into the quantum age. It really is a more holistic perspective that we have in terms of security in the coming era. »

Adopting the new algorithms carries a risk, but waiting longer also increases the risk. “Organizations considering this change must carefully weigh the importance of keeping data confidential longer to justify a transition now,” Riscure’s Witteman said.

Those who choose to do so will find themselves in an enviable position compared to other organizations that do not see the advent of quantum computing on the horizon.

Useful quantum computers are probably still a decade away, many experts say, but such predictions are hard to make.

“Many companies have ambitious roadmaps that they have shared publicly and intentionally, or unintentionally because they go public and have to release something to investors,” Eric Holland, director of strategic growth initiatives at key sight, said during a recent presentation. “As a listener, you’re trying to figure out if they improved quality, quantity, or speed. If you don’t see any progress on these, that means the device they have is probably not more powerful or a big step forward.

Yet just six years ago, Holland encountered investors and end users who were convinced not only that quantum computing was not on the horizon, but that it was in fact a scam. “These doubters have been put down.”

Like most other disruptive technologies, quantum computing has the potential to fundamentally alter the world for better and for worse. These powerful computers could greatly accelerate the pace of scientific innovation, but they will also render some previously sufficient encryption methods unnecessary. HNDL attacks allow malicious parties to harvest sensitive data now and decrypt it later after the quantum computing field develops.

Many experts agree that the solution is to develop quantum encryption methods, but this can be a slow and painful process. The failure of SIKE, one of the post-quantum encryption standards being considered by NIST, demonstrated both the difficulty of creating such standards and the need to do so through a rigorous process. There are activities organizations can do now to start securing their quantum data, such as using large keys on symmetric cryptographic algorithms and larger output sizes on hashing algorithms. Cryptographic agility in protocols and implementation will also help, and hardware acceleration and hardware implementation will be crucial. There are also non-cryptographic steps to take, such as encrypting unencrypted data and applying zero-trust methods to the quantum.

Previous Magsasaka party list will continue to push for debt consolidation bill – Manila Bulletin
Next INEC, beware of hackers in 2023 elections — Opinion — The Guardian Nigeria News – Nigeria and World News