Quantum computing may soon undermine existing cryptographic techniques. Aline Gouget, a technical consultant and security researcher at Gemalto, shares the steps taken to ensure that the arrival of quantum computing is something to be welcomed, not feared.
Quantum computing is moving rapidly from science fiction to reality. Large corporations and countries are investing heavily to become pioneers in establishing the age of commercial quantum computing, since it is believed that quantum computing will dramatically impact many industries in the next decade. China, for example, is building a $ 10 billion National Laboratory for Quantum Information Science in Hefei, which will focus on the development of quantum computers and related technologies.
With these investments, IDC believes that quantum computing will be commercially available through cloud services in three years and that its global market will exceed $ 10 billion by 2027. Another Tractica report estimates that North America will be the leading region for adoption of quantum computing, with revenues of $ 718.3 million by 2025, followed closely by Europe ($ 695.8 million) and Asia Pacific ($ 650.9 million). In fact, Alibaba Cloud (in partnership with the Chinese Academy of Sciences) is already offering such services today to enable enterprises to experience quantum applications in a real-world environment and accelerate the development of future quantum computers.
But what is quantum computing and why is it important? Simply put, quantum computing is defined to redefine the limits of the power of data processing. In doing so, it will offer vast potential to address a number of critical scientific challenges.
Quantum computing rewrites rule book
What is unique about quantum computing is the radically new way of performing data calculations. Since the 1960s, computing relies on silicon transistors to store and manipulate data encoded as a series of zeros and ones. Quantum computing, by contrast, explores the ability of subatomic particles to exist in more than one state at a time. Consequently, it encodes data in quantum bits or qubits, which can be compared to a sphere. While a traditional bit can only be at any of the two poles of the sphere, a qubit can exist at any position on the sphere, allowing more data to be stored and manipulated much faster. With such capabilities, quantum computers are poised to solve problems that traditional computers have never been able to solve.
Breaking the Unbreakable
From time to time, we have seen examples of innovative technologies being exploited by people with less than pure intentions. Quantum computing is no exception, with Michele Mosca of the Institute for Quantum Computing, recently stating that there is "a seven-fold chance that some key public key cryptography will be broken by quantum by 2026, and one in two chances of the same by 2031. "
Cryptographic algorithms are classified according to characteristics such as the type of underlying mathematical functions on which they are based, the type of use for which they are designed (eg, data exchange protection or secret type of secret management required (ie, a secret key or a public and private key pair).
Of these, families of algorithms that may be weakened by the implementation of quantum computing have been identified as primarily including public key based methodologies such as RSA and elliptic curve cryptography for PKI applications and key exchange applications such as Diffie-Hellman. Although this is a major headache, since much of today's secure communication relies on some of these cryptographic algorithms, the good news is that the industry's top players have recognized the problem in advance and are already taking steps to address it.
Some industry players have already implemented strategies to protect products throughout the entire life cycle. Gemalto, for example, is working on designing products that incorporate so-called cryptographic agility, which allows the software to load and replace keys and algorithms when and when they become obsolete. This powerful mechanism allows a fleet of resilient products to be maintained, even when the algorithms are considered vulnerable.
The other axis of defense lies in the choice of the family of algorithms. Generally speaking, there are three main approaches to ensuring sturdy products:
– Implementation of symmetric key algorithms with larger keys (approximately twice the current average key size), which are well known for resisting quantum computation;
– Deploy securely proven algorithms that have already demonstrated robustness, such as hash-based signature; or
– Implementing a subtle combination of pre- and post-quantum algorithms.
The latter option is notable as it takes a more innovative approach, maintaining the existing effective encryption that the security industry has truly and truly mastered.
A matter of teamwork
Protecting the future of public key cryptography means finding algorithms that can withstand the power of quantum computing, but remain safe when used with a "classic" computer. This is what the industry refers to as "secure encryption" or "post-quantum" encryption. So far, several research teams have submitted more than 80 proposals for new public key cryptographic systems that meet the criteria of the US National Institute of Standards and Technology (NIST) for evaluation. Once the proposals have been examined, the standardization work will begin. NIST expects to deliver solid results at its second conference of standardization of post-quantum cryptography in 2019.
Stay in touch
In the dark days of World War II, a remarkable international group of Allied code-decipherers based in Bletchley Park, England, successfully unlocked the "unbreakable" figures of the Enigma machine, with which much of their enemy's communications were guaranteed . To help them, they created a historic piece of electromechanical equipment, the "bombe".
More than 70 years later, another new generation of technology is poised to undermine supposedly infallible cryptographic techniques. However, the main message here is not just about the broader industry's willingness to research and implement new forms of protection against this latter threat. Quantum computing – or at least quantum physics on which it is based – will also open the door to completely new approaches to data security. Even though it's still too early, it's worth it for those with an interest in encrypted communication to stay abreast of developments.
In other words, do not calm down and continue. Stay tuned too.
Gemalto's technical advisor and security researcher Aline Gouget.