GovLoop

Cracking Encryption: The Quantum Threat

There’s no doubt that quantum computing offers great promise: Mathematical problems that are impossible today will be trivial tomorrow, allowing for drug discoveries and other breakthroughs. But just as radiation can be used both for good — to treat cancer, for example — and bad, quantum computing poses risk, said Michael Redding, Quantropi’s Chief Technology Officer.

“We can start to guess at all the potential ways a powerful [quantum] computer can be misused,” he said, “but one that is clear and … very specific is the fact that it will break current encryption.”

The initial industry consensus was that quantum would realistically threaten encryption in 10 to 20 years, but artificial intelligence (AI) has dramatically shortened that window to three to five years, he said.

AI Revolution

That’s because AI is great at extracting patterns in massive datasets. Research shows, said Redding, that we can use AI as a data pre-processor to “chew on the ciphertext” and vastly reduce how much data a quantum computer must analyze. That means the quantum computer can be smaller than anticipated because it’s working with less information.

Without AI, you might need 8 million qubits to break a single encryption; using AI, you might need less than 400, he said.

Here and Now

The first problem when trying to quantum-proof your encryption is locating it — because encryption, Redding said, is “literally sprinkled throughout every system.” It’s like trying to identify all the rubber in your car and decide whether to replace the parts or retrofit them, and whether you or a third party will perform the work.

Although federal standards for quantum-safe encryption are still pending, agencies can take steps today to be quantum-ready, Redding said. They should inventory their network systems, establish security priorities and work with vendors on a quantum-security transition plan.

Agencies also can make the random numbers their encryption relies on — that comprise the digital keys that encryption algorithms use — even more unpredictable, he said.

And third, organizations need only minutes, he stressed, to quantum-harden the IPsec VPN channels that are the backbone of secure communication, connecting one data center to another, for instance. In other words, even if “all the [agency] applications themselves are [not secure],” he said, “as they go over the wire … they’re protected.”

Being TrUE

There are three elements — what Redding collectively calls “TrUE” — to a complete cryptographic system. First, you must Trust that you’re engaging in a secure discussion; the technology underlying that is asymmetric encryption, he said.

Then you need Uncertainty, based on symmetric encryption, so hackers don’t know if they’ve accessed data in motion or at rest. And you need Entropy, which means having truly unguessable, incalculable random numbers, he explained.

Quantropi offers a platform, QiSpace, that delivers quantum security by providing all three “TrUE” quantum solution components — as an “upgrade [or] addition to what you have,” Redding said, “vs. a rip-and-replace.”

One thing is certain, he said: “The next few years will be unprecedented.”

This article appeared in our guide, “Quantum Computing 101: Getting Ready for Tomorrow’s Tech.” To learn more about this groundbreaking technology, including how and when it will impact you, download the guide here:

 

Image by Pete Linforth from Pixabay
Exit mobile version