Debates about encryption have been a hot button issue for some time, as privacy advocates and law-enforcement agencies debate about the merits of privacy versus security. However, a revolutionary advance in computing is just around the corner – and it could change the entire debate. Quantum computers have the potential to effortlessly break the encryption algorithms that protect data all around the world. The Cipher Brief spoke to Mark Pecen, Andrew Shields, and Charles Brookson, all of whom are currently working with the European Telecommunications Standards Institute to develop encryption that cannot be broken by quantum computers. According to them, the adoption of quantum-safe encryption must be done as soon as possible in order to ensure that private data stays private.
The Cipher Brief: Some of our readers may be unfamiliar with the importance of encryption. Could you briefly explain what encryption is used for and how it affects people’s daily lives?
Mark Pecen, Andrew Shields, & Charles Brookson: Encryption is the art of hiding information that is intended to remain private. It permits authorized parties to have access to information, while preventing its access by others. There may not be much public awareness, but encryption affects us all on a daily basis. Encryption is used to maintain confidentiality of such information as credit card transactions, personal identity, and bank account details. You use encryption every time you log into your bank account or purchase something online using a credit card or PayPal. Encryption is also used to maintain privacy of healthcare, billing, and insurance records.
Companies, whether large or small, also use encryption on a daily basis to maintain confidentiality of their product roadmap, sales, finance and employee data, as well as confidential information about their customers. Your local merchant uses it to safely store your banking information when you pay by debit card. As for governments, they use it to protect sensitive military and diplomatic information. A growing percentage of information sent over the Internet is now being encrypted to ensure greater privacy of information and to reduce the cost of its compromise.
Fundamentally, encryption is used to prevent the misuse of information. Imagine if your identity or banking information were available to anyone who wants it! Without encryption to keep information secure, society would have no effective barrier to prevent rampant online criminal activity, and identity theft and financial fraud would become common. The cost of doing business would rise significantly. Non-cryptographic techniques might be employed to keep information secret. For example, sensitive information could be sent by secure personal courier service. But solutions that cannot rely on technology are more expensive and less efficient than the cryptographic solutions we use now.
TCB: How would quantum computing adversely affect our current methods of encrypting information? What effect would this have on both individuals and countries?
MP, AS, & CB: Today’s encryption is based on mathematics. Simply put, the math we currently rely on to encrypt information will no longer be enough. It can protect against attacks using the conventional computers available today, but quantum computers don’t operate in the same way.
Securing data means making the cryptographic keys we use to encrypt very difficult for attackers to guess. Even when a highly advanced conventional computer is used, solving the mathematical problems necessary to know the cryptographic key is extremely difficult or impossible. The security of the encryption is related to the difficulty of solving those mathematical problems.
Quantum computing challenges our accepted standards of mathematical difficulty. Certain classes of problems that are otherwise extremely difficult or impossible to solve using a very powerful but conventional computer are simple to solve on a quantum computer. This means that information that is secure against attacks by a conventional computer becomes weak against attacks by a quantum computer.
We already know that quantum computers will be able to easily factor numbers. The encryption that secures much of the Internet today (called RSA public key encryption) relies on the difficulty of factoring numbers on a conventional computer. We also know that the quantum computer will easily solve another math problem that is the basis for Elliptic Curve Cryptography (ECC), which secures many global wireless systems and the Internet of Things (IoT). Data secured using RSA or ECC is at risk once a fully functional quantum computer becomes available.
The social, economic and political implications of the introduction of quantum computing may be severe. All information that is encrypted and unreadable today can be decrypted and read if it is accessed by a quantum computer attack. Locations and capabilities of secret military installations falling into enemy hands, leading to civil unrest and chaos. Rampant identity-theft, bank failures and a temporary shift back to hard currency. Each of these scenarios will seriously cost governments and citizens unless conventional computer systems are made quantum resistant.
TCB: Functional quantum computers have only become available very recently, and they are not yet widely available. Why is it important to begin working on quantum-safe encryption now? What are some of the challenges associated with developing quantum-safe encryption and how are they being overcome?
MP, AS, & CB: We have small quantum computers today. Fortunately, they are not yet able to break the cryptography we’re using. But the progress to build bigger, fully-functional quantum computers is steady. In fact, last summer the National Security Agency (NSA) in the United States warned that, because of the progress on large-scale quantum computers, it’s changing its plans for the cryptography it will use in the near future.
Changes to government, industrial, and consumer information systems take a long time. This fact creates an important challenge to making conventional computer systems resistant to quantum. Systems being designed today will not be available for many years. Once deployed, these systems must remain strong against attacks for many years to come. The automotive industry faces the same issue. Cars that won’t be released as ‘model year’ product until around 2022 are in the design phase today. These cars have to be resistant to a quantum attack for their lifetime, which may easily be until 2042 or beyond. It’s easy to foresee that big advances in quantum computing within this timeframe could make early designs vulnerable to newly-possible attacks.
There are two potential solutions to the threat posed by quantum computers. The first is to base cryptography on a new mathematical algorithm, which should have better resistance to a quantum computer. The second uses the same quantum phenomena at the heart of a quantum computer to secure network communications. Quantum cryptography is probably secure against all algorithms on a quantum computer and indeed all future advances in computing and mathematics. Unlike the quantum computer, practical quantum cryptography systems are available from several companies, and large scale pilot networks have been announced in the UK, Japan, and China.
Irrespective of the approach adopted, quantum resistant (often referred to as quantum safe) cryptography, and in particular how it will be used, is beginning standardization now at ETSI (European Telecommunications Standards Institute). This is an essential process. We need the technology to be interoperable and work reliably and consistently in every country. The objective is similar to the ubiquitous cellular mobile communication system¾you can use your mobile or smartphone in Germany or France and it works the same way as it does in the U.S. or Japan.
Cryptographic subsystems reside at the very heart of any larger communication and/or computing system. The primary challenges to making them quantum resistant are based on that fact. Extreme care must be taken not to disturb other aspects of the system while upgrading for quantum resistance. We want to avoid introducing new problems when we solve the existing quantum safety issue. We need to consider multiple options regarding the selection of appropriate cryptographic primitives, meaning the mathematics that run the cryptographic engines. Rather than choosing a so-called “best” option, the standards community is considering flexible approaches, by which multiple options may be used to reduce technology switching-costs. This may become important as newer quantum safe techniques are developed, as well as newer methods of quantum attack.
TCB: What can governments and businesses do to better work together to prepare for how greater access to quantum computing could affect the way individuals interact in the cyber domain?
MP, AS, & CB: The first step is awareness. Become aware of what requires quantum resistance and what doesn’t. For example, if your system relies largely on symmetric key cryptography, it is already largely resistant to quantum attack. On the other hand, system components using public key infrastructure (PKI), such as RSA and ECC, should be isolated while you analyze the best way to introduce a quantum resistant solution. Analysis should consider available processing power, both present and future. We should also consider the impact of architectural changes, as these may have further impact on the operation of the system as a whole. This means that new techniques for regression testing and certification may need to be developed and standardized to some degree as well.
Andrew Shields leads R&D in Quantum Technology at the Cambridge Research Laboratory of Toshiba Research Europe Ltd. His research interests include quantum photonics and its applications to secure communications, imaging and quantum computing. He has co-authored over 300 peer reviewed articles in this field and filed over 70 inventions. In 2013 he was elected a Fellow of the Royal Academy of Engineering and awarded the Mott Medal by the Institute of Physics.
Charles Brookson worked in the Department for Business, Innovation and Skills of the United Kingdom Government for 12 years. He previously was Head of Security for the UK mobile operator one2one, and worked within British Telecom for 20 years before that, in the last few years in the Chairman's Office. He has worked in many security areas over the last 40 years, including Cryptographic systems, secure designs, policies, auditing, and mobile radio.
