- Quantum computing poses a threat to cryptography
- The top priority is to protect public keys
- What is quantum computing and why is it seen as a threat?
The US Cybersecurity and Infrastructure Security Agency (CISA) conducted a study on the security of encryption technologies in the crypto space. According to the conclusion, quantum computing poses a direct threat to existing cybersecurity because quantum computers can achieve enough power to crack public keys.
National governments and private companies are actively exploiting the power of quantum computers. Quantum computing opens up exciting new possibilities, but the implications of this new technology include threats to existing cryptographic standards.
The challenge for standards is to ensure data confidentiality and integrity and to maintain key elements of network security. And while quantum computing technology capable of cracking the public key of encryption algorithms does not yet exist, the government and critical infrastructure facilities – including both public and private organizations – must work together to prepare for a new post-quantum cryptographic standard to protect against future threats.
In March 2021, US Homeland Security Secretary Alejandro N. Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority. The government and critical infrastructure organizations must take coordinated preparatory actions now to ensure a smooth migration to the new post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024.
The first thing to do is to test the protection of vulnerable critical infrastructure systems across 55 national critical functions (NCFs). Each has its own risks.
All digital communications – email, online banking, online messaging, etc., are based on data encryption built into the devices and applications used to transmit and store data. This encryption is based on mathematical functions that protect information from tampering or espionage.
Public key encryption (asymmetric encryption) relies on mathematical functions that rely on cryptographic keys to encrypt data and authenticate the sender and receiver.
Public key encryption requires each message to use two separate but related keys (one known as the public key and the other the private key) to protect the data. The sender and receiver of the data do not share their private keys, whereas public keys can be shared without compromising security.
The sender uses the recipient’s public key to encrypt the message, and the recipient uses his private key to decrypt the message. To reply, the recipient will follow the same procedure. Digital signatures work in a similar way.
All organizations routinely use asymmetric cryptography to securely send emails, verify digital signatures, and protect sensitive data and user information on the Internet.
When quantum computers reach higher levels of computing power and speed, they will be able to crack asymmetric encryption algorithms, threatening the security of business transactions, secure communications, digital signatures and customer information.
Quantum computers use properties of quantum physics to produce computational capabilities that are different and, in some respects, far superior to those of classical computers. Using quantum mechanics, quantum computers use qubits, or “quantum bits” rather than binary bits, to achieve greater computational power and speed.
The algorithms underlying today’s encryption standards are based on solving mathematical problems that classical computers cannot solve in a reasonable amount of time. Because of their high cost and physical size, quantum computers capable of cracking encryption algorithms are likely to be developed first for use by technology companies, research institutes, or nation-states. In the hands of adversaries, sophisticated quantum computers can threaten states’ national security. As a result, CISA is urging organizational leaders and the US government to begin preparing now for the transition to new security standards.