Let’s start with a short story, a fortune 500 IT executive received a call from a reporter from the Wall Street Journal. The reporter asked what the company thought about the announceme of a new quaum computer that could break RSA and elliptic curve cryptography (ECC). The manager had no plans for this, so he politely replied that he had no idea and then scheduled an emergency meeting with his executive team to figure out what they could and should do to protect the company’s data in the cloud. .
Consider the fictional story above; This is a problem that many teams will face in the not too dista future. There are many reports that China and the US have invested hundreds of millions of dollars in quaum computer research. Universities and commercial research ceers around the world have reported initial progress. A multipurpose quaum computer capable of breaking the ubiquitous RSA and ECC encryption algorithms will be available by 2030, according to recely implemeed plans.
Common encryption techniques
The secure transfer of information over the web, whether it’s a credit card number or a full backup copy of a large company’s data, is a three-step process. At the beginning, the sender and receiver exchange an encryption key through one of several acceptable algorithms such as RSA. In the next step, the sender encrypts the information with the exchanged key using a symmetric algorithm such as AES and sends it to the receiver. Finally, the receiving party decrypts the information with the help of the key it has and uses the data. This system has been working properly for more than thirty years. So why do we need a new system?
Risks and effects
When the RSA algorithm was first iroduced in an article in Scieific American in 1977, it was estimated that decrypting a message encrypted asymmetrically with RSA-129 (a varia of RSA that uses a 426-bit key) would take 40 million billion times. It will take years. But in fact, this code was broken less than twey years later in 1994. Of course, what we know today is that 1024-bit keys cannot be broken by ordinary computers, and there is still a long way to break the big 2048-bit keys. But quaum computers have strangely changed everything, they can crack RSA keys of any size and decrypt the most extraordinary keys. One of the recely unveiled prototypes of these computers can crack 5-bit asymmetric keys. Of course, it is clear that there is still a lot of work to be done to crack 2048-bit keys, which is why encrypting data with RSA is for immediate, secure and reliable work. Anyway, there is another importa poi of view; Data encrypted with RSA and tracked and stored may be decrypted by quaum computers in the future. This problem is not limited to RSA and ECC algorithms, and all encryption algorithms that are used these days can be broken in the same way.
Preveive defense
There are two technologies being developed to deal with threats caused by quaum computers, with the help of which we can have secure codes;
- Post Quaum Algorithms (PQAs)
- Quaum Key Distribution (QKD)
In the following, we briefly explain these technologies.
Post Quaum Algorithms (PQAs)
This technology includes a number of new algorithms designed with the known capabilities of quaum computers in mind. The resistance of these algorithms against known quaum attacks has been proven. Since these algorithms are implemeed in software form, they can be quickly replaced with curre algorithms. PQA is generally faster than RSA, but its keys are significaly larger.
Quaum Key Distribution (QKD)
QKD is designed based on the knowledge of physics. This technology allows keys to be switched between two differe locations according to the quaum properties of photons. If someone tries to iercept the key exchange process, the changes that occur in the measured quaum properties will reveal this and the key will be discarded. Unlike software-based methods, using this method, the enemy’s computing power is no longer considered and the key will be safe in any case. Of course, the hardware nature of this technology has made this system require special infrastructures and there are limits on the time iervals between changing the keys.
Conclusion
The above methods for maiaining quaum security are a start, and uil they are implemeed, threats to encrypted data will exist. Creating a new encryption algorithm is not something that can happen overnight. Quaum security working groups have been formed to promote technologies that can protect code against quaum technologies, but it remains to be seen what will happen in the future and will we be able to protect information?
