While the potential opportunities quantum brings are impressive, the seismic risk it poses to current encryption methods cannot be ignored. Do you know the steps your organisation should be taking now to reduce your quantum cyber risk?
Last week Rob Sumroy, head of Slaughter and May’s Tech practice, spoke at ITech law’s European conference on this very subject. He was joined by Dr Ali El Kaafarani (a visiting professor at Oxford University and founder of PQShield) and Professor Yasser Omar (Professor at IST University of Lisbon and President of the Portuguese Quantum Institute).
The problem – quantum will break commonly used PKC
Put simply, we know that our data and systems need to be kept secure, and encryption methods like RSA (a type of public-key cryptography or PKC) help us do this. However, a ‘cryptographically relevant quantum computer’ will, in the future, be able to solve the mathematical problems on which these encryption methods are based exponentially faster than a classical computer can. This means that an encryption algorithm that would have taken thousands of years to break (making it unbreakable in practice) could be cracked in a day or so by a quantum computer, creating both a current, and future, risk:
- The current risk is that threat actors are intercepting encrypted data now with a view to decrypting it when the quantum technology exists (sometimes called ‘harvest now, decrypt later).
- The future risk is that the most commonly used PKC / encryption will no longer work. PKC uses: (i) a key agreement to establish a shared cryptographic key (with public and private keys) for secure communication; and (ii) digital signatures to provide certainty around the identity of the sender and comfort that the information has not been tampered with. A quantum computer could, however, allow an attacker to read information that was encrypted in the past or forge information in the future (for example, by impersonating the legitimate private key holder or tampering with the information).
Thankfully, a number of solutions to the encryption problem exist, and there are steps organisations can take now to prepare.
The international community has been developing quantum-proof encryption based on both classical computing (quantum-safe cryptography) and quantum mechanics (quantum key distribution).
- Quantum-safe cryptography: The US National Institute of Standards and Technology (NIST) are currently running a process to solicit, evaluate and standardise a number of quantum-resistant PKC algorithms. Dr Ali El Kaafarani, who is involved in this standardisation process, explained both:
- the current timeframe for this project - he expects NIST to announce some developments in the next few months, although a timeline on the NIST website suggests draft standards will be available in 2022/2024 and FAQs published by the US Department of Homeland Security in October state that NIST plans to publish the standards themselves in 2024. It states that, by this time, commercial products will be available using those standards; and
- why more than one algorithm will be announced - NIST decided to diversify and standardise multiple algorithms which come from different mathematical fields to spread risk but also because encryption is used in a diverse range of products, systems and use cases and different algorithms will suit different use cases.
- Quantum key distribution (or QKD): QKD uses properties of quantum mechanics, rather than hard mathematical problems, to provide security. Professor Omar discussed some of the benefits of QKD (it is highly secure) as well as its limitations (for example, it cannot be used in long-distance communications and is hardware specific). Interestingly, in the UK, the National Cyber Security Centre has publicly said that it does not endorse the use of QKD for any government or military applications as QKD requires specialist hardware and does not provide a way of doing digital signatures (one of the key functions of PKC). The NCSC is following NIST’s work, and will provide guidance to UK organisations on how to adopt quantum-safe cryptography when the NIST standards are published.
What can organisations do now?
Organisations should consider the quantum risk now, and build transitioning to quantum-safe products and services into their future plans. Preparations include:
- Ensure that you understand what information is currently vulnerable to ‘harvest now, decrypt later’ attacks.
- Audit encryption use on key data assets and develop a cryptography inventory.
- Identify high priority systems and hardware for transition to quantum-safe systems / products / services.
- Plan for a hybrid approach during transition (where both conventional and quantum-safe cryptography may be in operation).
- Consider the supply chain and export control risk.
- Monitor developments in this space – the NCSC expect many commercial products and services to transition to quantum-safe cryptography when the NIST standards are published and protocols (IPSec, TLS etc.) are updated to support this. As well as the NCSC, standards bodies NIST and ETSI have said they will provide guidance for transition to quantum safe cryptography which should help organisations mitigate their transition risk. It will, however, take time for organisations to be ready to make this transition (as set out in this helpful inforgraphic from the US government) and so now is the time to start preparing.
For more information on quantum, please see our quantum computing podcasts series, which includes a podcast on Cyber security in the era of quantum with Dr Ali El Kaafarani and Robert Hannigan (Chairman of BlueVoyant International and ex Director of Government Communications Headquarters (GCHQ)).