Why quantum resistance is key to your company’s security

Thorsten Stremlau

Wednesday 28 March 2018

Big changes in computing will soon leave many companies more vulnerable to hackers. Here’s how to create a long-term strategy to protect yours.

We’re at the start of a very exciting time: the age of quantum computing. Up until now, quantum computing has been purely theoretical, but researchers at the University of Sussex recently announced blueprints for the first-ever large-scale quantum computer. On the one hand, this is incredibly exciting, as it will give us a huge amount of processing power that will revolutionise what computers are capable of. On the other hand, it will have massive – and potentially devastating – security repercussions for companies globally.

Because of their huge processing power, quantum computers make it much easier to break encryption codes. I’m simplifying here to make it easier to understand, but it basically works like the Schrödinger’s cat thought experiment – in quantum physics, atoms can take on multiple states in multiple dimensions at the same time. This lets you do very large, complex mathematical operations extremely quickly, which makes it much easier to compromise encrypted data.

If you want to protect your company’s data against this new technology, you’ll have to make sure your encryption solutions are quantum resistant.

Asymmetric cryptography: Potentially hackable in hours

There are two different methods of encryption to consider when analysing how vulnerable algorithms are to quantum hacking. These are symmetric and asymmetric cryptography.

Asymmetric cryptography – also known as public key cryptography – is used in all SSL connections on the internet today in order to ensure the connection is secure. Examples include the RSA algorithm or the elliptic curve algorithm. It uses a pair of keys – one is public key, the other is private. Everyone can see the public key, but it can only be verified using the private key that someone owns.

It’s essentially an algorithm-secured business card that lets you know the name on the card is truly the one you’ve been given. It relies on really large numbers for key generation, and in many cases also relies on prime numbers. Quantum computers are very adept at generating large prime numbers, making them ideal machines with which to hack asymmetric keys. While at the moment it might take years to hack an asymmetric algorithm, quantum computers could reduce this to hours.

Symmetric cryptography: Secure, but not immune

The other type of cryptography is based on a symmetric algorithm. This is what’s used to encrypt HDDs, emails and traffic across the network – an example is AES, which stands for advanced encryption standard. With symmetric algorithms, the key is private – you don’t have a public one like you would with asymmetric algorithms. That means you can only share the key with people you want to access your decrypted data.

Because it uses a private key, a symmetric algorithm usually chains the information. So in order to decrypt data, it uses the previous data it has encrypted in order to generate the next key in line. Say I have four or five words in a sentence that I want to encrypt using a symmetric key. I’ll use the key of the first word that I’ve generated, then add part of the first word to a key of the second word in order to encrypt the second word. I’m not using the same key for all of the words, but I use a slightly modified key depending on which part of the sentence I’m encrypting.

Put simply, because of the nature of the private key and of the encryption method, quantum computing shouldn’t have as dramatic an effect on symmetric algorithms as it would on asymmetric ones. However, symmetric algorithms aren’t completely immune. I suspect that once quantum computing is a reality, even symmetric algorithms will only be about half as secure as they currently are.

Changes will need to be made in the next three to five years, but it’s definitely worth thinking about now. I would advise enterprises to choose software or encryption solutions that are planning on implementing an AES 384 or 512-bit key. That’s much higher than today’s standard of 256 bits. As ever, it won’t guarantee you’re safe from hackers, but it will greatly reduce the risk of your data being compromised.


Building the next-gen data centre

Where traditional and web-scale apps co-exist