Cybersecurity in The Time of Post-Quantum Cryptography

Quantum computers are coming within reach, significantly outpacing even supercomputers in terms of computing power. It is expected that as early as 2023, more than three quarters of all high-performance computing centers will integrate quantum computers into their networks. It is urgent to start thinking about the security of future encryption now.

By 2030, quantum computers are expected to be heavily available in commercial data processing platforms and other production networks. Calculations that would otherwise take years or even millennia can sometimes be computed in seconds with quantum computers. Incidentally, this is also true for cryptography keys based on RSA. At the beginning of their proliferation, quantum computers will initially be used primarily in areas where conventional computers take too long to perform the necessary calculations. Examples include climate research, new medicines and optimization for artificial intelligence.

The analyst and consulting firm OMDIA predicts that the global market for quantum computers will grow strongly by 2030. The largest markets are North America (30 percent), Europe (29 percent), Asia and Oceania (24 percent). Quantum computing will solve traditional business problems as early as this year. Two percent of companies are already implementing this technology and 15 percent plan to do so in 2023, so the era of quantum computing has long since begun.

So it’s time for businesses to prepare, to start planning for secure encryption services and to prepare network security for quantum computing. That’s because cybercriminals can also use quantum computers to penetrate corporate security barriers that are not designed for quantum computing.

Governments call for preparation for quantum computing proliferation

As a result, several nations are already actively looking at the technology to effectively protect themselves from cyberattacks based on quantum computers in the future. In the U.S., President Joe Biden has signed an executive order as well as a national security memorandum to prepare for the challenge posed by quantum computers. In addition, the U.S. and Finland recently signed a bilateral agreement on cooperation in quantum research and development; QED-C recently added Finnish companies as members. There is also strong demand for cybersecurity in the UK. The National Cyber Security Centre (NCSC) has urged companies to prepare for the technological change triggered by wider access to quantum computing. In doing so, the NCSC believes post-quantum cryptology (PQC) is the best solution to prepare organizations for the challenges posed by quantum computing. Japan has launched a new digital agency for quantum computing, and in Germany, a project by IBM together with the Fraunhofer-Gesellschaft has been underway since last year.

Quantum computing as part of cybersecurity

At the same time, quantum computers are not the adversaries of encryption, but can also take it to a new level of performance. With quantum technology, it is possible to develop encryption technologies that can be much more secure than current security services while also being safe from cracking by quantum computers. Quantum cryptography enables the development of cryptographic functions using quantum computers. Post-quantum cryptography, in turn, works with conventional technologies to prepare cryptography for quantum computing even without quantum computers. Post-quantum cryptography, then, is the first step companies and organizations can take to prepare for the challenges of quantum computing. This requires support and new standards, some of which are currently being developed and some of which are even being standardized.

READ:  What is Threat Hunting In Cyber Security?

One example of this is Post Quantum Cryptography Finland (PQC) [6]. The PQC project is developing quantum secure encryption technologies and integrating them into cybersecurity products and solutions. The consortium consists of various universities, companies and also government agencies are helping with PQC to develop cybersecurity solutions in preparation for quantum computing. The project’s mission is to develop algorithms and APIs that can be used to implement quantum-safe technologies. For example, the government organization Business Finland supports research in cybersecurity and digital trust.

Post-quantum cryptography does not require any quantum computers, but protects against attacks with quantum computers. The PQC algorithms Kyber (Key Encapsulation Mechanism, KEM) and Dilithium (Signature Mechanism) of the CRYSTALS family are designed to withstand attacks even by large and powerful quantum computers.

Quantum computers are also not required to develop standards for designing quantum-safe cryptographic functions. Of course, the new technologies also protect against classical attacks. Therefore, with quantum-safe key exchange and quantum-safe authentication, networks can be protected from attacks by quantum computers, as well as attacks by conventional computers, even without quantum computers.

PQC is working with the National Institute of Standards and Technology (NIST) to develop a crypto standard that is quantum computer secure, to be published between 2023 to 2025. At the same time, data transmission enhancements are currently being developed to make remote data transmissions secure from quantum computing. The solutions being developed should reliably protect networks from attacks on data transmissions.

READ:  What Is Software Security?

The brave new world of quantum computing is (almost) here

The technology community must begin developing cybersecurity innovations that will enable the world to take full advantage of the opportunities presented by quantum technologies for the benefit of society and the economy at large. Cybersecurity plays an essential role in this effort. There is no time to lose, and we must prepare in time for more widespread use of quantum computers.