Earlier this year it seemed for a while that quantum computers were capable of cracking existing encryption. The reason was the publication of a scientific paper connected to seven different research institutions in China. Fortunately, that turned out to be a false alarm. But what not everyone realizes is that we are further along with quantum technology than we think.
In a few years, existing encryption will probably be easily cracked by powerful quantum computers. Only no one knows exactly when. Today is World Quantum Day and thus the perfect time to think about ways to protect the integrity and confidentiality of our data from misuse using quantum technology.
All state and corporate secrets currently transmitted in encrypted form could potentially be intercepted and stored. Malicious parties collect this information and wait until this confidential information can be decrypted using quantum technology. Thus, to keep this data secure into the future, organizations must adopt encryption techniques now that are unbreakable by quantum computers.
Currently, there are two different schools of thought on how to protect data from quantum computers. At the European Quantum Network and Security conference in early March in The Hague, the focus was mainly on Quantum Key Distribution (QKD), applying a cryptographic protocol that uses elements of quantum mechanics. Two parties produce a random secret key known only to them to encrypt data. The unique feature of QKD is that it manages to detect a third party trying to extract the key. This is because observable anomalies occur when a third party tries to break into the communication line. Once anomalies are detected, the communication is immediately terminated. This means that the application of QKD is extremely secure.
On the other hand, the U.S. National Institute of Standards and Technology (NIST) is working on a new standard based on PQC, post-quantum cryptography. These are encryption algorithms believed to be secure against attack by a quantum computer. NIST announced last July that it had selected four encryption algorithms for their standard, which is expected to be ready next year. Less than a month later, it was brought out that one of the algorithms was cracked. The big question is whether the other three algorithms will hold up. Remarkably, then, the AIVD appears to be fully committed to PQR. The Dutch secret service published a PQR migration manual last week that rejects QKD because it would not be a practical alternative for the time being.
Probably the solution for the most sensitive and (state) secret data lies in a combination of the two security methods. A hybrid model. Organizations are already mostly using post-quantum crypto-methods and this is expected to take off further in the coming period. But because we cannot be sure that these encryption algorithms will prove to be secure in the future, it is important to protect truly critical data with QKD technology.
Gone are the days when quantum computing was just a research project of professors. Organizations must now consider how they share and protect their data. What information is truly critical and should absolutely not get out? It is advisable to identify the risks now and consider where to apply PQC and QKD technology to optimally and future-proof most critical data. After all, your trade secrets could suddenly turn out to be on the street tomorrow.
More information: www.cisco.com