Quantum threat to the encryption algorithms
Public-Key-Cryptography (PKC) also known as Public-Key-Infrastructure (PKI) makes use of a public and private key pair to encrypt data traffic, exchange symmetric key or used for digital signing. Almost all secured data transfers are encrypted using PKC. The PKC algorithms used nowadays are Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC).
The core of the PKC principle is based on prime numbers. A prime number is only divisible through itself. Simply explained, the PKC relies on the inability or limitations of supercomputers to compute prime factors derived from large numbers. As long as the current supercomputers do not evolve regarding computational power, PKC remains unbreakable and safe.
However, a new type of computer is expected by 2030, the so called Quantum Computer. The main characteristic of this quantum computer is that many calculations can be carried out at the same time. Besides all the beneficial applications of such a quantum computer, there are also threats. The quantum computer can compute prime factors in a relatively short time compared to conventional supercomputers. This means that all PKC based encryption will be broken in a minimal amount of time.
PKC is mainly used to safeguard confidentiality and authenticity. When these two aspects can no longer be guaranteed, sensitive information will be disclosed and digital signing will be forged. This implies for instance that online banking will no longer be reliable. Secure communication with other websites will be impossible. For example, actual encrypted medical files will be disclosed in the future. This threat also applies for many other applications like encrypted messengers.
Cybercriminals are aware of the possibilities of quantum computing and are already collecting encrypted data to later decrypt these. Therefore, not only will future encrypted data be in danger, but also older data and data currently being generated and encrypted. For this reason, it is very important that all companies and government entities start to plan and take the necessary countermeasures.
The National Institute of Standards and Technology (NIST) of the United States has started a process to standardize Quantum Safe Cryptography (QSC) also known as Post-Quantum-Cryptography (PQC) algorithms. These are algorithms which cannot be broken by quantum computers and should replace the vulnerable PKC algorithms.
Recommendations- Make an inventory of information that needs to be protected.
- Analyze how the information is protected at the moment.
- Analyze which information will be obsolete before the adoption of quantum computing and which information has to be protected in the PQC era.
- Monitor the progression of quantum computing and when they will enter the market.
- Based on the abovementioned assumptions, determine when and how to add additional protection to the information.
- Determine the time needed for implementation.
- Update this process whenever needed based on the development of quantum computing and QSC.
Links
www.ncsc.nl
www.ncsc.gov.uk