Mediaboss Marketing

Impacts of quantum computing threats of tomorrow will change how we use encryption today

Our business and personal lives depend on many things we do not often think about including encryption. Normally this area evolves under its own steam without most business decision-makers having to pay attention, but over the next few years that has to change or else you might inadvertently cede your secrets to adversaries both known and unknown.

A lot has been made of how quantum computing will change the world, but most of these pronouncements are long on hyperbole and short on actual details.

Quantum computing does have a great deal of promise and will eventually change the world in areas such as material science. The more immediate impact of a medium-scale quantum computer is the threat it and those that come after it will pose to how we all use encryption today. To make sense of this, and therefore understand how to mitigate the risk now, we have to back up and define some things.

Encryption today

As of this writing, there are two general types of encryption in use today: symmetric and asymmetric encryption. Symmetric encryption is when the sender and receiver both have the key that is used to encrypt and decrypt the protected data. This is used almost everywhere, but it is often enabled by the use of asymmetric encryption to exchange that key, given many parties need secure communications without meeting. The latter type is where quantum computers expose a major weakness.

Quantum computing

To make sense of this next part, your understanding of quantum computing does not have to go too deep, but you have to accept some strange truths in exchange. The best way to get through this is to remember the last superhero movie you saw and recall that to enjoy the film you had to suspend disbelief and not question how that person is flying or shooting lasers from body parts in ways that defy logic.

Quantum computing leverages the strange world of quantum mechanics, which fails to make sense when held to our day-to-day experiences. The bit to grasp is that a quantum calculation can evaluate all possible values at once rather than having to walk through each possible value one at a time the way a classical computer would have to approach a problem.

A brilliant mathematician at MIT named Peter Shor created an algorithm that could use this quantum weirdness to enable a sufficiently powerful quantum computer to break the hard math problem that lies at the heart of all mainstream asymmetric encryption in use today. We are all awaiting the day (or year) when a sufficient quantum computer breaks our encryption and guts our current security.

Post quantum encryption

Rather than just waiting for the end, the U.S. government has been busy evaluating replacement encryption mechanisms that can replace the soon-to-be vulnerable asymmetric mechanisms in use today. The National Institute of Standards and Technology (NIST) is just about to crown Crystals Kyber and Crystals Dilithium (very geeky names indeed) as the heirs.

Swapping out your encryption is no easy task and will take time. The first step is to dig in and understand where you are using encryption in the first place, and then differentiating where the asymmetric encryption is employed. While not easy, this is likely the easiest part. Once you have completed this inventory, you have to make some complicated changes to code, ensure your vendors make these changes, or change solutions to a vendor who has, or soon will, make these changes.

Many pundits are assuring all who will listen that we have a long time before this threat becomes real, but that is, at best, wishful thinking and, at worst, a disaster in the making. The truth is we do not know. It could be 30 years, but many concede that it could be just a few years. It is not today or tomorrow, but it is so close that it is widely accepted that some threat actors are already storing encrypted data in anticipation of being able to use a future quantum computer to decrypt it. They are betting that this threat will come home to roost sooner rather than later. How will you bet?

Patrick Hynds is the CEO of DTS, a cybersecurity solutions provider in Derry.

Excerpt from:
Why quantum computing is a threat to encryption, and what to do about it - New Hampshire Business Review