Quantum Computers and the Encryption Crisis: Securing Our Digital Future

Flash news : Researchers at Shanghai University in China have reportedly made a significant breakthrough in the field of quantum cryptography, raising new concerns about the security of current encryption methods.

In the world of Cybersecurity, “encrypt anything and everything and avoid being the next headline” is the success mantra. Breaking one of the current encryption standards such as AES or RSA would require testing every possible key, which would take an enormous amount of time. For example, AES is a symmetric encryption algorithm that uses a 128-bit or 256-bit key to encrypt data, meaning many possible keys exist to try. Even the fastest supercomputer available today would take millions of years to test every possible key and crack the encryption.

However, “Everything fails all the time”. Humans make mistakes, software crashes, and machines break. Everyone saw how a flaw in OpenSSL led to the Heartbleed bug! Incidents such as the CrowdStrike Falcon outage and Microsoft Exchange breach reminds us that “Anything that can go wrong, will go wrong”.

In the rapidly evolving landscape of technology, the emergence of quantum computing poses a significant challenge to current encryption standards. An important quantum computing algorithm known as Shor’s algorithm would allow a large-scale quantum computer to quickly break essentially any of the current encryption systems. This means that trillions of dollars in financial transactions, confidential communications, and critical intellectual property could be compromised, putting businesses, governments, and individuals at grave risk.

So, what’s next?
The goal of Post-Quantum Cryptography (PQC) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.

NIST recently released the first 3 Post-Quantum Encryption Standards that can withstand the attack of a quantum computer.

· FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
· FIPS 204, Module-Lattice-Based Digital Signature Standard
· FIPS 205, Stateless Hash-Based Digital Signature Standard

The finalized standards include instructions for incorporating them into products and systems. The new standards are designed for general encryption, protect information exchanged across a public network, digital signatures, and for identity authentication.

How?
Organizations must develop and implement quantum-resistant strategies to safeguard their digital assets and ensure the long-term security of their operations.

• During the Discovery phase, you will evaluate the current encryption landscape and gather information of all the assets where crypto materials reside. You will create awareness among the business and application communities regarding the risks that large scale quantum computer poses.
• During the Analyze and Strategize phase, you will conduct a comprehensive risk assessment and impact analysis based on the crypto information gathered during the discovery phase. During this phase you will also prioritize the sequence of remediation based on the level of risk and business criticality.
• In the Remediation phase, you will migrate your infrastructure landscape and remediate existing applications to quantum safe standards and protocols.
• Continuous improvement is the key to having secure environment. It’s crucial to maintain a collaborative and transparent approach, involving stakeholders from the government, industry, academia, and the broader cryptographic community.

The business imperative for adopting quantum-resistant encryption is clear. As the threat of quantum computing looms, organizations that fail to address this challenge risk exposing their sensitive data to potentially catastrophic breaches. The cost of inaction can be staggering, both in terms of financial losses and reputational damage.

The impending threat of quantum computers breaking current encryption standards is a pressing issue that demands immediate attention. By embracing quantum-resistant encryption strategies and partnering with leading software companies, businesses can safeguard their digital assets and ensure the long-term security of their operations. The future of secure communication and data protection lies in our ability to stay ahead of the quantum computing curve and prepare for the encryption challenges of tomorrow.

Stay encrypted:
Post-Quantum Cryptography
Open Quantum Safe (OQS) project
AWS Open Source Security
Open Cybersecurity Schema Framework
NIST Asks Public to Help Future-Proof Electronic Information
Preparing today for a post-quantum cryptographic future
How to tune TLS for hybrid post-quantum cryptography with Kyber

Authors

Jinu Abraham: Jinu is a passionate Technical Program Manager experienced in managing large scale enterprise programs related to Identity and Access Management (IAM), Business Application Integration, Enterprise Infrastructure and Cyber Security. With more than 20 years of experience, he loves challenging opportunities, helping customers achieve their business goals within stipulated time.

Arun Chandapillai: Arun Chandapillai is a Senior Engineering Architect who is a diversity and inclusion champion. He is passionate about helping his Customers accelerate IT modernization through business-first Cloud adoption strategies and successfully build, deploy, and manage applications and infrastructure in the Cloud. Arun is an automotive enthusiast, an avid speaker, and a philanthropist who believes in ‘you get (back) what you give’.