Quantum computers are based on the principles of quantum theory, which focuses on the behaviour of atoms and protons. The first difference between currently deployed (so-called ‘classic’) computers and quantum computers is the advantage of ‘superposition’. While classic computers operate on ‘Bits’ (zero or one), quantum computers make use of a quantum-mechanical phenomenon that represents data as ‘Qubits’ (zero, one, or a little bit of both). The superposition effect means that, instead of being constrained to one of two possible values (i.e. 1 or 0), Qubits can exist as a mixture of both.
The second advantage is ‘entanglement’, which is a unique quantum physics behaviour. Entanglement creates an extremely strong correlation that exists between quantum particles so that what happens to one will affect the others, even if separated by great distances. When applied to quantum computers, this means they can manipulate all their Qubits at the same time, and so do not need to perform a set of calculations one after another. They can do them simultaneously.
Due to ‘superposition’ and ‘entanglement’, quantum computers will be able to process a vast number of calculations concurrently. As a result, quantum computers will quickly and efficiently achieve tasks that have long been thought of as beyond the scope of classic computers.
“Quantum Computers Present an Unprecedented Opportunity to Solve many Future Challenges; They Also Create a Problem in the Field of Data Security”
Quantum-related technologies will redefine industries including banking, pharmaceuticals, weather and climate modelling, space exploration, pure science, machine learning and logistics. While quantum computers present an unprecedented opportunity to solve many future challenges, they also create a problem in the field of data security. This is because quantum computers solve complex mathematical problems better and faster, including those used at the core of modern cryptography. Quantum computers, when deployed by malicious attackers, will be able to decrypt the data protected by many of the public key cryptography methods currently used by governments and corporates to protect sensitive data. They will be able to do this relatively quickly.
While quantum computers won’t become mainstream until around 2025, organisations and governments holding sensitive data, or that are otherwise required to archive data over long time-frames (up to a decade or more), need to start planning for a post-quantum computing world now.
One method of developing quantum-safe public key cryptography is to develop a new set of public key cryptosystems for classic computers that are capable of resisting quantum computer attack. These cryptosystems are called ‘quantum-safe’ or ‘post-quantum cryptography’. The principle behind them is the use of mathematical problems of a complexity beyond quantum computing’s ability to solve them. The information security industry currently recognises five types of cryptosystems as promising replacement candidates for current cryptography. These are: hash-based, code-based, lattice-based, multivariate-based and super-singular isogeny-based. International standards bodies, including the National Institute of Standards and Technology (NIST), are currently in the process of conducting more analysis and research before they can go forward on determining which of these to adopt.
Secure Chorus recently collaborated with its partner member, ISARA Corporation, to publish a white paper about post-quantum cryptography. Secure Chorus is a not-for-profit membership organisation providing thought leadership, common interoperability standards and tangible capabilities for the information security industry. ISARA Corporation is a global leader in post-quantum cryptography, committed to the collaborative development of quantum-safe standards at the European Telecommunications Standards Institute (ETSI). Secure Chorus is also collaborating with ISARA Corporation to evolve MIKEY-SAKKE – the Secure Chorus cryptography standard of choice – to become quantum-safe.
Entitled ‘The Quantum Revolution: Security Implications and Considerations’, the white paper provides a framework for assessing if and when governments and corporates need to start protecting themselves against the threat posed by quantum computers. It also addresses the key considerations an organisation needs to take into account when migrating to a new cryptography standard.
The paper further introduces the MIKEY-SAKKE identity-based public key cryptography standard, and explains how, when made quantum safe, it would continue to offer its unique combination of benefits for enterprise-grade technologies. MIKEY-SAKKE provides for end-to-end encryption and can be used in a variety of environments, both at rest (e.g. storage) and in transmission (e.g. network systems). Designed to be centrally managed, it gives enterprises full control of system security as well as the ability to comply with any auditing requirements, through a ‘managed and logged’ process. Additional benefits include scale and flexibility.
MIKEY-SAKKE has been developed by the UK government’s National Technical Authority for Information Assurance (CESG), which is now part of the National Cyber Security Centre (NCSC), a government member of Secure Chorus. MIKEY-SAKKE was standardised by the Internet Engineering Task Force (IEFT). It has also recently been approved by the 3rd Generation Partnership Project (3GPP), the body responsible for standardising mobile communications for use in critical applications, hence receiving endorsement at global level for its approach to public key cryptography.
While it will probably be a decade before quantum computing starts to significantly affect our global digital environment, the potential impact of this technology means that governments and corporates must begin to prepare for its data security challenges now.. This should be done through quantum risk assessments as well as investment in well-recognised and endorsed quantum-safe public key cryptography.
This article is based on a new white paper entitled ‘The Quantum Revolution: Security Implications and Considerations’ co-authored by Secure Chorus and the ISARA Corporation. Secure Chorus is a not-for-profit membership organisation, serving as a platform for government-industry collaboration, for the development of strategies, common technology standards and capabilities for the long-term information security of our global digitally enabled economy.