Standards: The Key To Building A Sustainable Quantum-Safe Future 

Uploaded on 2024-09-02 in TECHNOLOGY-Key Areas-Quantum Computing, TECHNOLOGY--Developments, FREE TO VIEW

As the digital landscape becomes increasingly more complex, one area of technological advancement that promises to deliver both opportunities and challenges is quantum computing.

That’s because while quantum computing presents a number of advantages to a range of industries - information security for financial services and government, streamlined processes and improved efficiency for manufacturing, accelerated drug discovery and development processes for pharmaceuticals - it also poses significant threats to existing encryption standards, which in turn raises real concerns about data security.

Public-key cryptography - widely used on the internet today - is dependent on the mathematical problems believed to be difficult to solve given the computational power available now and in the medium term. A quantum computer would have no trouble breaking these popular cryptographic schemes. Which means in a quantum future, our global information infrastructure may be at risk.  

Cracking the code of quantum computing

Quantum computing leverages the core principles of quantum mechanics to process information in a way that is fundamentally different to traditional computers. Where older computers have traditionally used bits as the smallest unit of data, representing either a 0 or a 1, quantum computers use quantum bits or qubits, which may exist simultaneously in multiple states owing to superposition. At the same time, qubits can be entangled, which means that the state of one qubit can depend on the state of another, regardless of the distance between them. Such properties provide quantum computers with the ability to execute complex calculations at an exceptional rate.

What Does This Mean For Encryption?

Currently, the majority of security systems in existing IT environments depend on public-key cryptography, which is ubiquitous across messaging, financial transactions and securing data at rest. These cryptographic paradigms are based on mathematical problems that are challenging and time-consuming for traditional computers to address.

But for the quantum computers of the future, such problems will not be so difficult to un-pick.

Historically, the primary advantage of common encryption methods like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) is that they are proficient in tackling the computational difficulty of specific mathematical problems - for instance, factoring large prime numbers or solving discrete logarithms. So, the security of encrypted data is assured as finding the factor of extraordinarily large numbers would take a non-quantum computer millions of years to determine.

But the advent of quantum computers represents such a dramatic departure from the traditional methods of encryption, that said methods have the potential to become obsolete. Even a reasonably advanced quantum computer could factor large numbers exponentially faster than traditional machines, with the effect of cracking RSA encryption. Meanwhile, the security of ECC could be undermined by quantum algorithms that efficiently solve elliptic curve discrete logarithms. 

Data Security At Risk

Quantum computers with the power to break established encryption algorithms poses a severe threat to many of the current information security frameworks we take for granted. The safety of bank accounts and transactions, the privacy of medical records, and that of trade and national security secrets, and more, would all be undermined. The integrity and confidentiality of digital communications would also be on the line, and as a result, the very concepts that are foundational to modern cybersecurity can no longer be relied upon.

In light of this, governments, organisations and enterprises across the world are mobilised to respond to this challenge through exploring and investing in quantum-resistant encryption.

Many see post-quantum cryptography as the means of establishing the algorithms capable of resisting quantum attacks.  

Standards: Underwriting The Future Of Cybersecurity 

While researchers devote time and effort to developing the post-quantum cryptographic algorithms capable of withstanding the computational power of quantum computers, those of us in the standards community are also stepping up to deliver on quantum-safe readiness. It is essential to define, evaluate, and standardise quantum-resistant algorithms to ensure robust security, practical, and commercially successful implementation. Naturally, standardisation of cryptographic algorithms requires a significant amount of time and effort for their security to be trusted by both governments and the wider industry. 

ETSI’s Quantum-Safe Cryptography (QSC) working group, for example, aims to assess and make recommendations for quantum-safe cryptographic protocols and implementation considerations, while keeping in mind the industrial requirements for real-world deployment. By prioritising performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications, it will be possible to enable a smooth transition to a quantum secure cryptographic future.

Quantum Key Distribution: Holding The Line On Cybersecurity

Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys known only to exclusive parties. It draws-on properties found in quantum physics to exchange cryptographic keys in such a way that is provable and guarantees security. It enables two parties to produce and share a key that is used to encrypt and decrypt messages. Fundamentally, QKD is a means of distributing the key between parties. The London Quantum Secure Network is just one example of a quantum-secure data transmission which effectively delivers security key payload to customer sites using QKD. The high level of current activity in quantum communications, however, means that there is a critical need to develop industrial standards for the technology.

To respond to this challenge, ETSI’s Industry Specification Group (ISG) on QKD is leading activities develop common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. From a standards perspective then, such purposeful innovation is helping to ensure that QKD can be used more widely in the commercial realm, but at a steady pace.  

Quantum Readiness: How Soon Is Now?

Quantum computing has the potential to address some of society’s most pressing problems, while simultaneously representing a risk to the integrity of our security infrastructure. In the wrong hands, quantum computing could jeopardise the confidentiality, integrity, and availability of sensitive data which could have real world, geo-political consequences.

In order to protect against those threats, standards are essential in supporting the commercial viability and wider adoption of the technology, as well as enabling end-to-end use cases through the empowerment of a thriving vendor ecosystem. 

Issam Toufik is CTO at ETSI

Image: mesh cube

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« X Blocked In Brazil By Supreme Court Order
The Rise Of SD-WAN And Its Implications For Security & Performance »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

Sandia National Laboratories

Sandia National Laboratories

Sandia National Laboratories is a premier science and engineering lab for national security and technology innovation.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.