The State of Quantum Security

The concept of the quantum computer can trace its inception back to the 1960s and later in 1976 with a scientific paper ‘Quantum Information Theory’ from 

Roman Stanislav Ingarden. Fast forward, and we are on the cusp of making the theoretical a practical business application. Quantum computers will have many applications, none more so than fundamentally changing digital security as we know it.

Unlike classical computers that are binary, quantum computers can simultaneously hold a state of 1 or 0 (a qubit) and only show the results of a computation (searching a vast database, for example) when the state of the qubit is measured. This massive parallel state also has severe consequences for digital security as we know it today.

From a hardware perspective, quantum computers also need carefully controlled environments to operate efficiently and accurately. For example, 2011 saw D-Wave One and, more recently, D-Wave 2000Q, with IBM’s System One becoming the world’s first commercial circuit-based quantum computer. More recent examples include AWS Braket shifting this technology to become a practical option for business users.

Much of the debate that has surrounded quantum computing has been the statement that if a practical quantum computer did exist, this would be the end of digital security as we know it, as quantum computers would be able to break the public-key cryptography used to protect the most sensitive information such as financial records and digital payments.

Speaking to Silicon UK, Duncan Jones, head of cybersecurity at Quantinuum, commented: “We’ve known since 1994 that a sufficiently powerful quantum computer will break the encryption typically used today. As the industry continues to make advances with quantum hardware, we get closer to the moment these attacks become possible. However, we also get closer to the many benefits that quantum will bring, so I view this progress as a positive step.”

The quantum world is fast approaching. From a cybersecurity perspective, businesses must begin to prepare and minimise the impact a security breach could have on their networks. The end of digital security as we know it is hyperbole to a degree. As with most security aspects, the devil is in the detail and the specific security needs of a business and its customers. For now, becoming more quantum aware is a sensible step to take.

 The quantum threat

According to research from EY, 81% of senior UK executives expect quantum computing to play a significant role in their industry by 2030. However, despite growing anticipation among senior leaders, most organisations’ strategic planning for quantum computing is in the early stages. For example, only 33% are engaged in strategic planning related to quantum computing, and a quarter has appointed specialist leaders or sets up pilot teams.

“This study reveals a disconnect between the pace at which industry leaders expect quantum to start significantly transforming businesses and their general preparedness for its impact,” comments Piers Clinton-Tarestad, Quantum Computing Leader EY UKI. “’Quantum readiness’ is not so much a gap to be assessed as a road to be walked, with next steps being regularly revisited as the landscape evolves. Businesses that expect industry disruption within the next three or five years, therefore, need to act now.”

How businesses react to the imminent quantum security threat will largely depend on which industry they are in and the level of sensitive data they need to protect. Moving from AES 128-bit encryption to AES-256 is a sensible move as this will make these systems more quantum resistant.

Quantinnum’s Duncan Jones also explained: “Today’s digital security systems rely on certain mathematical problems being hard to solve. For instance, much of our Internet traffic is secured by the RSA algorithm, which is secure because it is widely believed that attackers cannot break very large numbers into their prime factors. Unfortunately, quantum computers will be able to solve some of these problems, including the one that RSA relies upon. This means that many current encryption schemes will be broken and need to be replaced with alternatives that are resistant to attack from both classical and quantum computers.”

New forms of quantum-resistant security protocols are in active development. No one expects existing digital security measures to be rendered obsolete when a quantum computer appears that can crack today’s encryption. But, of course, threat actors are also watching the development of this technology with interest. As a result, businesses need to be vigilant as they always have regarding the digital security measures they have in place.

Post-quantum security

“We are entering the golden years of Quantum Security innovation. From the advanced development of QKD systems by Toshiba to the invention and commercialisation of quantum memory operating at room temperature by innovative startup, Qunnect. These technologies will secure the future quantum internet,” said John Prisco, CEO of Safe Quantum.

With David Mahdi, cryptography and quantum expert at Sectigo, also place the quantum threat into a realistic environment: “While the much-touted ‘Quantum Apocalypse’ may be several years away, governments and organisations across the globe must begin preparing for the new age of quantum computing; an advanced type of computation that leans on quantum physics to run multiple processes simultaneously. For over fifty years, public key infrastructure, or PKI, has been relied upon by almost all organisations to provide the cryptographic backbone which secures devices and the humans using them.”

Mahdi continued: “Like most things, nothing lasts, and the PKI we all rely upon to maintain digital trust is severely threatened by quantum computing. Quantum computing will render traditional PKI, as we know it, no longer fit for purpose. This poses a very real threat to the information security systems we all rely on to protect our freedom, liberty, privacy, and security. To remain secure, the world will have to adopt new families of quantum-resistant cryptography. The US-based NIST is currently working on selecting what the world’s post-quantum standards will be.”

Today’s digital security protocols operate with an adequate level of efficiency. However, Dr Francis Gaffney, Senior Director at Mimecast Labs and Future Operations, points out that even these standards are not infallible: “On 05 July 2022, NIST identified four candidate algorithms for standardisation. It was also announced that there were four candidates for the separate standardisation process for the Public-Key Encryption Mechanism (KEM) requirement process: BIKE, HQC, Classic McEliece, and SIKE.

“One of the final candidates proposed for standardisation, SIKE (supersingular isogeny key encapsulation), developed by teams from Amazon, Infosec Global, Microsoft Research, and Texas Instruments, has already reportedly been cracked by researchers from KU Leuven. The flaw was reportedly a minor one but demonstrates that although these new standards are significantly better than the current ones, they are not without their own vulnerabilities. This makes it impossible to promise that the quantum cryptographic standards will be 100% unbreakable.”

And in conclusion, Quantinnum’s Duncan Jones offers practical steps business leaders can take today to start their journey to becoming quantum ready:

“At this stage, the immediate need is to plan what a migration to post-quantum technology will look like. This will involve taking an inventory of the current use of cryptography within an organisation, as well as understanding the sensitivity of the data being protected. With this information in hand, it is possible to begin prioritising systems for migration. It is likely that companies will need to discuss migration with their vendors to understand how they plan to support these emerging algorithms. There is a lot of work to be done to get ready for this change, so business leaders need to be making this a priority.”

With work continuing by the National Institute of Standards and Technology (NIST) to create standards for quantum cryptography that may appear next year, businesses and security vendors alike will have a significant step towards a quantum security future that will place the potential threats into context, but more work needs to be done to secure the transition to a world where quantum computers are commonplace.

Jon Geater, Chief Product and Technology Officer and Co-Founder at RKVST.

Jon has deep expertise in cryptography, cybersecurity, and blockchains, having held senior global technical roles at Thales e-Security, Trustonic, ARM, and nCipher, where he built chip-to-cloud solutions for mobile, IoT, payments, and smart cities while managing large global teams of experts. In addition, Jon is a serial leader of open standards at the board committee level, having served GlobalPlatform, Trusted Computing Group, OASIS, and Linux Foundation’s Hyperledger. He is currently Chair of the Security and Trustworthiness Working Group in the Digital Twin Consortium.

What are the main components of the quantum threat to the digital security systems businesses currently rely upon?

“The main threat is the break of the ‘browser padlock’. Next, people talk about ‘internet encryption’ being broken, but that’s not right. Encryption (in the way we usually use the word) is already relatively safe because it uses algorithmic shuffling rather than math. The big problem is that the security of the math-based crypto we use for key exchange at a distance (RSA, ECC) relies on a particular math problem being very hard to solve. Unfortunately, this problem can be solved relatively quickly, given a suitably capable quantum computer. So, the quantum adversary doesn’t have to break the encryption: it actually breaks the initial key exchange conversation and simply steals the whole encryption key! From there, decryption is easy.

“The significant threat everyone talks about now is the store-now-decrypt-later attack. In theory, an adversary could be recording internet traffic today (or yesterday, for that matter) and waiting for quantum computers to get good. They can then go to this massive archive of historical traffic, break the recorded vital exchanges, and decrypt the traffic. If your data is still sensitive in, say ten years, you might consider this a real threat. On the other hand, if your data is not likely to have value outside of the specific transaction you’re undertaking, then good news: you’ll be OK.

“Understanding that it is an asymmetric key exchange that is most threatened rather than pure encryption is really important because the risks of breaking an Internet communication are total, while the risks of breaking an encrypted backup tape are very minimal (because no key exchange happened, or at least was not observable)

“One area that doesn’t get as much airtime as the big “store now decrypt later” attack is an attack on the integrity of backups. Digital signatures today rely on quantum-vulnerable algorithms and so risk being forged. There are a lot of non-crypto techniques to defend against back dating forgeries but if you have one copy of something, signed once, and stored somewhere that’s not checked very often, then in principle a quantum-enabled forgery could replace the legitimate backup. Everyone needs to consider the circumstances under which they would reinstate a backup of this nature and think whether future forgeries could pose a risk. If they do, then better provenance traceability should be implemented.”

Quantum computers can deliver quantum cryptography. Does this resolve the threat that quantum computing poses to current public-key cryptography?

“Not really. We can’t throw away all our existing web servers and computers and replace them with quantum computers just to do the crypto. In any case, we already have CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON and SPHINCS+ that have been approved by NIST for post quantum operations and which run perfectly well on a classical computer. Not to say there’s anything bad with quantum encryption but it’s not widely needed right now.”

How can businesses become more ‘quantum resilient’ as quantum computers become more practical and widespread?

“Lean hard on your software and security vendors to implement crypto-agility in the products you buy and use.

“Classify your information assets and secure them appropriately. If you have data genuinely threatened by the quantum apocalypse, then adjust your handling of that; otherwise, keep calm and carry on.

“Start turning over your crypto estate to MIST-approved quantum-safe modes as soon as practicable.”

What steps should businesses take to prepare for their post-quantum security future?

“Make sure you are on top of your information risk irrespective of the quantum threat. Know where your value and risk lie, then take steps to protect accordingly.

“Ensure you are crypto-agile. We’ve had several big ‘crypto sunsets’ already and had to move away from a presumed mathematical safe haven: in many ways, this is no different.

“Adopt a more resilience-focused Zero Trust approach to security. Know that everything will be compromised sooner or later, so implement defence in depth and continuous verify-then-trust instead of trust-but-verify. Cryptography is only one piece of the cyber puzzle. So don’t blindly trust it, EVER. Quantum or otherwise.

“Know that your security increasingly relies on the digital security and operations of your supply chain partners, so invest in supply chain integrity, transparency and trust technologies to give your business insight into what they’re doing and how well they’re keeping ahead of the threat. Supply chain visibility can also help quickly identify compromised devices and revoke access, whether the break is through quantum cryptanalysis, cloning, or a simple code bug.

“Unless you’re a very special organisation that is particularly interesting for the store-now-decrypt-later case, then you really just need to sit tight and make sure you’re evaluating your vendor base to ensure they are going to upgrade you to quantum-safe crypto at the appropriate time for a reasonable cost.

“Supply chain risks are repeatedly identified as among the most harmful in the digital age so make sure you have the appropriate SCITT infrastructure in place. This will help you identify whether your supply chain partners are adopting the same quantum posture as you, as well as eliminating blind spots to traditional security threats.”