To safeguard digital networks and systems from attacks by powerful quantum computers, organisations have to start thinking about deploying quantum-resistant encryption algorithms.
Called quantum-safe cryptography, these algorithms can keep networks and information assets secure, said Ray Harishankar, IBM Fellow, IBM Quantum Safe.
The first step for organisations is to identify the cryptography that exists in digital networks and systems. The process is lengthy and cannot be done overnight and is akin to looking for a needle in a haystack, he said.
The networks and databases have several layers of encryption that have to be peeled back to identify the encryption codes that have been used before they are replaced with the quantum-safe algorithms.
The next key step is to do an inventory of where the cryptography is being used so that the professionals know the locations to fix the problem. Fixes should also be prioritised with the critical communication systems and the data crown jewels taking the lead so as to limit potential exposure to external threats, he recently told Deeptech Times in a virtual interview.
The algorithms are open sourced. Their development was initiated by the US-based National Institute of Standards and Technology (NIST) in an effort to identify quantum-resistant algorithms that will lead to a standard and significantly increase the security of digital information. It has identified four algorithms with more scheduled in coming months. The algorithms will be designed for different situations, use varied approaches for encryption and offer more than one approach for each use case in the event one proves vulnerable.
According to the World Economic Forum, quantum computing at scale will break today’s encryption methods. Its 2022 white paper on Transitioning to a Quantum-Secure Economy argued that it is a business imperative for organisations to start thinking about what a secure quantum transition could look like and understand their cryptographic and data exposure to avoid disruption of business operations.
Quantum computers have always been on the horizon. Computer scientists believed they will arrive as early as 2030, several years earlier than expected. Conventional computers today use mathematics to encrypt and protect sensitive digital networks and information like bank ATM systems, email systems and the ecommerce sites.
However, quantum computer which is based on a different technology can crack the mathematical equations in a few minutes defeating current encryption systems.
In Harishankar’s estimation, organisations will take between seven and 10 years to replace the current encryption with the quantum-safe cryptography.
Organisations must also be aware that after the quantum computer arrives, any information protected by current cryptography becomes insecure.
“There is also the notion of harvest now and decrypt later. People can steal or download loads of data, whether valuable or not and store them. When the quantum computer becomes available, they can crack the encryption and see what valuables they have uncovered,” said Harishanker who is based in the US.
Data such as patent information, drug discoveries, engineering design and other intellectual property content can “live long, as long as 15 to 20 years and so can become compromised”.
Even blockchains which are immutable today can be cracked by the power of quantum computers, he emphasised. “With quantum computers, signatures that are stored on the blockchain can be broken and become invalid. So the basic premise of identity being preserved and non-repudiated on blockchains is no longer valid.”
There are secondary issues related to quantum-safe cryptography. One is that there are few sufficiently trained security professionals in this new field.
Harishankar is hopeful that as the definition of the quantum safe cryptography standards emerges, they can provide guidance for security professionals to pick up the technology.
Another issue is to get organisations quickly move to a quantum-safe situation quickly. An industry-wide effort must be implemented to move all the stakeholders in the right direction. IBM is working with Vodafone to create standards and approaches that the whole telecom industry can adopt.
“Together we can analyse and evaluate business rules. How do telcos know what’s important to them? What can be the telco’s best practice industry framework and prioritisation of work items?”
They have also engaged the telecom switch makers and GSMA, an industry group which represents about 750 mobile operators globally. All these organisations that make up the telecom industry have to move together, no one can afford to fall behind, for quantum-safe network to succeed, he stressed.
Singapore has addressed the quantum security challenge with the National Quantum-Safe Network Plus infrastructure announced in June 2023. This programme will facilitate trials of commercial technologies and evaluation of security systems. An initiative of the Infocomm Media Development Authority, it will advance the vision for a quantum-safe country within the next 10 years by partnering with universities and government agencies.
