Safeguarding Data In The Quantum Computing Era

Uploaded on 2024-05-31 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

While it’s not clear when - or even if - a fully functional quantum computer will be realised, as our understanding of quantum mechanics deepens and our ability to control quantum systems improves, the potential becomes increasingly promising. 

Just this month, Chinese startup Origin Quantum successfully started domestic production of a crucial component for its self-developed quantum computer, ‘Origin Wukong’. Named after Chinese mythology’s Monkey King - the superhero that can transform into 72 different forms - it’s a subtle nod to the transformative capabilities and versatility of quantum computing technology.

In fact, if scientists and engineers are able to overcome the challenges facing quantum computer development, the potential to solve some of humanity’s most complex problems is huge. They could accelerate the development of new treatments for diseases, for example, or help global financial markets become more stable and resilient.

Basically, because quantum computers leverage the principles of quantum mechanics - processing information using quantum-bits (or qubits), which can represent multiple states simultaneously - they can solve certain mathematical problems much faster than traditional (digital) computers, which can only process zeros and ones (known as bits). 

This capability enables them to simulate quantum systems, optimise complex systems, solve certain types of optimisation and machine learning problems, factor large numbers and solve so-called discrete logarithm problems. But it’s the ability to complete these last two tasks that open the door to a darker side.

A “quantum apocalypse” and Solutions To Navigate It

Being able to factor large numbers and solve discrete logarithm problems - which lie at the base of all current security protocols on the internet - would render widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) completely obsolete. It would create a situation that would not only break the internet and all the systems we use daily - such as online banking and email software - but could lead to a total breakdown in digital security systems, jeopardising sensitive data and digital privacy on a global scale. 

While there may still be some time before quantum computers reach their full potential for practical applications, and are powerful enough to disrupt the security of all digitally-held data,  it doesn’t mean we shouldn’t be putting steps in place now to avoid what many fear may be a “quantum apocalypse”.

For businesses, organisations and even governments that truly care about the privacy of their data and their users’ and customers’ data, now is the time to start looking into and learning about existing quantum-resistant encryption technologies and solutions, and how they might be integrated across all operations and processes.

One of these includes Quantum Key Distribution (QKD). Unlike classical cryptographic methods, which rely on the computational difficulty of certain mathematical problems, QKD offers security based on quantum mechanics, particularly the principles of quantum superposition and entanglement, to distribute cryptographic keys between two parties. It’s a secure communication method that solves the problem of key distribution - making it well suited to private connections between two fixed government buildings. However, because it requires dedicated quantum connections between the parties, it’s simply not scalable to solve the problems of internet security.

Another proactive measure currently being developed is Post-Quantum Cryptography (PQC) algorithms. In fact, the US’s National Institute for Standards and Technology (NIST) recently announced new standards for public key encryption and signatures that are post-quantum secure. They’re based on different mathematical problems that are believed to be hard even for quantum computers to solve efficiently, the most prominent of which is a form of noisy linear algebra, called the Learning-with-Errors problem (LWE). NIST’s standards, however, only consider traditional forms of public key encryption and signatures, meaning they may overlook potentially more robust and efficient post-quantum cryptographic solutions.

Additionally, the field of post-quantum cryptography is still evolving, and new algorithms and techniques continue to be developed. As such, there is a need for a more comprehensive and inclusive approach that considers a broader range of cryptographic primitives and solutions to address the full spectrum of security requirements in the era of quantum computing.

Finally, Fully Homomorphic Encryption (FHE) is gaining real momentum as a method to become post-quantum secure. It's different from traditional public key encryption in that it allows the processing of the data encrypted within the ciphertexts, without the need to decrypt the ciphertexts first. As a first approximation one can view traditional public key encryption as enabling efficient encryption of data in transit, whilst FHE offers efficient encryption of data during usage. Most importantly, with FHE nobody would be able to see your data but you because they wouldn’t have your key. All modern FHE encryption schemes are based on the LWE problem, thus FHE is already able to be post-quantum secure. Therefore, deploying an FHE system today provides protection against the potential threat of quantum computers in the future.

Top Tips to Mitigate the Risks Posed by Quantum Computing

As well as getting to grips with some of the security methods out there, now is the time to be proactive if you are to mitigate the risks posed by quantum computing:

1.    Develop a roadmap: Take stock of your current cryptographic infrastructure and identify vulnerabilities that may be susceptible to quantum attacks. With that insight, you can then develop a roadmap for implementing quantum-safe solutions to shore up your defences against future threats.

2.    Explore NIST Standards for PQC: Familiarising yourself with the standards provided by NIST for PQC is well-advised. These guidelines include recommendations for traditional public key encryption and signatures, as well as emerging quantum-safe cryptographic algorithms. 

3.    Raise awareness across the board: Stakeholders in particular must be educated about the implications of quantum computing on encryption and the critical importance of adopting quantum-resistant PQC-based solutions to protect data privacy, as well as the new opportunities afforded by the new cryptographic paradigms such as FHE. 

4.    Remain vigilant and adaptive: Monitor developments in quantum technology, research breakthroughs in post-quantum cryptography, and updates to industry standards. By remaining vigilant and adaptive, organisations can stay ahead of the curve and proactively address potential security challenges posed by quantum computing.

Professor Nigel Smart is Chief Academic Officer at Zama

Image: Unsplash 

You Might Also Read: 

Facing The Quantum Challenge:

DIRECTORY OF SUPPLIERS - Post-Quantum Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Massive Breach At Ticketmaster
The Key Components Of Embedded Systems Development Services »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.