In a few years’ time, existing encryption will probably be easy to crack by powerful quantum computers.
Earlier this year, it seemed for a while that quantum computers were capable of cracking existing encryption. The reason was the publication of a scientific article associated with seven different research institutions in China. Fortunately, that turned out to be a false alarm. But what not everyone realizes is that we are further along with quantum technology than we think.
In a few years’ time, existing encryption will probably be easy to crack by powerful quantum computers. Only nobody knows exactly when. Today is World Quantum Day and therefore the perfect time to think about ways to protect the integrity and confidentiality of our data against misuse using quantum technology.
All state and trade secrets that are currently sent encrypted may be intercepted and stored. Malicious people collect this information and wait until this confidential information can be decrypted using quantum technology. To keep this data secure in the future, organizations must therefore already apply encryption techniques that are uncrackable for quantum computers.
At the moment there are two different schools of thought to protect data against quantum computers. During the European Quantum Network and Security conference in The Hague in early March, the focus was mainly on Quantum Key Distribution (QKD), the application of a cryptographic protocol that uses elements of quantum mechanics. Two parties produce a random secret key that only they know to encrypt data. The unique feature of QKD is that it can detect a third party trying to steal the key. This is because observable anomalies arise when a third party tries to break into the communication line. As soon as anomalies are detected, communication is immediately cut off. This means that the application of QKD is extremely safe.
On the other hand, the US National Institute of Standards and Technology (NIST) is working on a new standard based on PQC, post-quantum cryptography. These are encryption algorithms that are believed to be safe from attack by a quantum computer. NIST announced last July that it had selected four encryption algorithms for its standard, which is expected to be ready next year. Less than a month later, it was revealed that one of the algorithms had been cracked. The big question is whether the other three algorithms will hold up. It is therefore striking that the AIVD seems to be fully committed to PQR. The Dutch secret service published a PQR migration handbook last week that QKD rejects because it would not yet be a practical alternative.
The solution for the most sensitive and (state) secret data probably lies in a combination of the two security methods. A hybrid model. Organizations already often use post-quantum crypto methods and it is expected that this will take off in the coming period. But because we are not sure whether these encryption algorithms will prove to be secure in the future, it is important that we protect the real critical data with QKD technology.
Gone are the days when quantum computing was just a research project of professors. Organizations now need to think about how they share and protect their data. What information is really critical and should absolutely not come out? It is advisable to map out the risks now and to consider where to apply PQC and QKD technology in order to optimally secure most critical data and future-proof. Because it could just be that your trade secrets suddenly turn out to be on the street tomorrow.
Read also: Construction of ‘national headquarters for quantum technology’ in Delft has started
Read also: Vodafone Netherlands uses Cisco Quantum software-based network solutions to manage broadband services