Let’s start with a short story, a fortune 500 IT executive received a call from a reporter from the Wall Street Journal. The reporter asked what the company thought about the announcement of a new quantum computer that could break RSA and elliptic curve cryptography (ECC). The manager had no plans for this, so he politely replied that he had no idea and then scheduled an emergency meeting with his executive team to figure out what they could and should do to protect the company’s data in the cloud. .
Consider the fictional story above; This is a problem that many teams will face in the not too distant future. There are many reports that China and the US have invested hundreds of millions of dollars in quantum computer research. Universities and commercial research centers around the world have reported initial progress. A multipurpose quantum computer capable of breaking the ubiquitous RSA and ECC encryption algorithms will be available by 2030, according to recently implemented plans.
Common encryption techniques
The secure transfer of information over the web, whether it’s a credit card number or a full backup copy of a large company’s data, is a three-step process. At the beginning, the sender and receiver exchange an encryption key through one of several acceptable algorithms such as RSA. In the next step, the sender encrypts the information with the exchanged key using a symmetric algorithm such as AES and sends it to the receiver. Finally, the receiving party decrypts the information with the help of the key it has and uses the data. This system has been working properly for more than thirty years. So why do we need a new system?
Risks and effects
When the RSA algorithm was first introduced in an article in Scientific American in 1977, it was estimated that decrypting a message encrypted asymmetrically with RSA-129 (a variant of RSA that uses a 426-bit key) would take 40 million billion times. It will take years. But in fact, this code was broken less than twenty years later in 1994. Of course, what we know today is that 1024-bit keys cannot be broken by ordinary computers, and there is still a long way to break the big 2048-bit keys. But quantum computers have strangely changed everything, they can crack RSA keys of any size and decrypt the most extraordinary keys. One of the recently unveiled prototypes of these computers can crack 5-bit asymmetric keys. Of course, it is clear that there is still a lot of work to be done to crack 2048-bit keys, which is why encrypting data with RSA is for immediate, secure and reliable work. Anyway, there is another important point of view; Data encrypted with RSA and tracked and stored may be decrypted by quantum computers in the future. This problem is not limited to RSA and ECC algorithms, and all encryption algorithms that are used these days can be broken in the same way.
Preventive defense
There are two technologies being developed to deal with threats caused by quantum computers, with the help of which we can have secure codes;
- Post Quantum Algorithms (PQAs)
- Quantum Key Distribution (QKD)
In the following, we briefly explain these technologies.
Post Quantum Algorithms (PQAs)
This technology includes a number of new algorithms designed with the known capabilities of quantum computers in mind. The resistance of these algorithms against known quantum attacks has been proven. Since these algorithms are implemented in software form, they can be quickly replaced with current algorithms. PQA is generally faster than RSA, but its keys are significantly larger.
Quantum Key Distribution (QKD)
QKD is designed based on the knowledge of physics. This technology allows keys to be switched between two different locations according to the quantum properties of photons. If someone tries to intercept the key exchange process, the changes that occur in the measured quantum properties will reveal this and the key will be discarded. Unlike software-based methods, using this method, the enemy’s computing power is no longer considered and the key will be safe in any case. Of course, the hardware nature of this technology has made this system require special infrastructures and there are limits on the time intervals between changing the keys.
Conclusion
The above methods for maintaining quantum security are a start, and until they are implemented, threats to encrypted data will exist. Creating a new encryption algorithm is not something that can happen overnight. Quantum security working groups have been formed to promote technologies that can protect code against quantum technologies, but it remains to be seen what will happen in the future and will we be able to protect information?
RCO NEWS