Protecting Your Data from a Quantum Attack: The Path to Migration PQC

You can’t attend Transform 2022? View all summit sessions in our on-demand library now! See here.

For many in this community, a working quantum computer may still be quite a fantasy – an innovation that is still light years away. Is there also the idea that, well, isn’t a working quantum computer a good thing? Won’t work Quantum computerfor example, allowing scientists to accelerate drug discovery and development?

The flip side is that while these computers will bring many benefits, they also bring New security risks, closer to hand than many expect. The first operational Cryptographically Related Quantum Computer (CRQC) will have the power to surpass public key encryption widely used today to protect information. That means data, no matter how secure it may be right now, will be vulnerable to future attacks on a scale never before seen.

To overcome this danger, the National Institute of Standards and Technology (NIST) began holding a competition in 2016 to identify new quantum-secure cryptographic algorithms. It recently made a decision on which algorithms should become the new standard. Companies that have been waiting for certainty about the new type of encryption to use can now start migrating their infrastructure to protect their data.

Let’s see what this migration will look like and how organizations can best set themselves up to protect their data for years to come.


MetaBeat 2022

MetaBeat will bring together thought leaders to deliver guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

register here

Quantum threat

As mentioned above, it is widely accepted that a sufficiently mature quantum computer should be able to break today’s public key cryptography (PKC) standards – RSA and Elliptic Curve.

So what are the impacts? Simply put, without secure encryption, the digital economy stops working, as PKC is used everywhere in our daily digital interactions. With a mature quantum computer, a hacker can:

  • Empty everyone’s bank account or electronic money wallet
  • Intercept and decrypt sensitive communications
  • Disabling critical infrastructure such as power grids and communication networks
  • Revealing almost every secret we want to keep secret

The timing here is still controversial, but many mistaken predictions focus on commerce quantum computer up to 15-20 years. The threat I am referring to is not a trading quantum computer that JP Morgan can buy to do its own trading analysis. I’m talking about the sheer power to do code breaking in lab conditions, which will come out a lot sooner. The network security The community estimates this could happen in as little as five years.

Even if we can’t predict exactly when a functioning quantum machine will proliferate, billions of dollars are being poured into quantum computer R&D, meaning it’s really just a matter of time until encode relies on almost every app in use today being able to be cracked. Furthermore, even if the first quantum computer isn’t seen until 2030, we’re still in a race against time to stay safe. It is estimated that it will take at least 10 years to migrate the existing cryptographic infrastructure, because that would require the conversion of most electronic devices that connect to the internet.

Harvest now, decode later

Adding to this threat is the possibility that, even today, organizations with sensitive data with a long shelf life could find that the data is being collected and captured by criminals with intent. decode when a sufficiently powerful quantum computer appears. In other words, any data that is many years old can be collected today and decrypted in the future. This could include government secrets, R&D innovation, transaction data in financial services, and strategic plans.

This Harvest Now, Decode Later (HNDL) threat is supported by many parts of research, discovered that fraudsters will likely begin collecting data encrypted with the long-running utility, hoping to eventually decrypt it with a quantum computer. I argue that this could have happened, such as in cases where we see internet traffic being rerouted on unusual global paths for no apparent reason before returning to normal. In support of my observations, several Five Eyes agencies have also commented on the phenomenon becoming more frequent.

Map a path to protection

With this range of threats, NIST has taken the lead in coordinating a global response. The Post-Quantum Cryptography (PQC) program is a multi-year effort to identify new cryptographic algorithms that are resistant to a future quantum computer breaking codes and can protect data from malicious attacks. HNDL attack.

After drawing on entries from leading cryptographers and the private sector, NIST has finally decided which algorithm should become the new standard in global cryptography. NIST selected CRYSTALS-Kyber for general encryption and CRYSTALS-Dilithium, EAGLEand SPHINCS + for electronic signatures. It also raised four other contenders for extra oversight, including the super-secure Classic McEliece. While current PKC standards (RSA and Elliptic Curve) can be used for both encryption and digital signing, various post-quantum algorithms cannot, which means they will replace current PKC with a pair of different algorithms.

With these new standards now finalized, companies waiting for certainty about the new type of encryption to use can begin migrating their infrastructure to protect their data. This will not be an easy task, so here is a non-exhaustive list of recommendations for organizations looking to take this PQC migration seriously:

1. If you have not already done so, set up your Y2Q crypto migration project now and give it substantial support and investment. As with any major IT program or project, you will need to have a dedicated team with the right skills and resources to ensure success.

2. Once this is done, the initial goal of the project team should be to perform a crypto inventory check. This means understanding where crypto is deployed across the organization today, ensuring that you can map out a roadmap for prioritizing high-value assets while identifying any any expected impact on operational systems.

3. One of the main considerations for your project team is hybrid adoption. This means choosing and implementing the tried and tested classical cryptographic retention solutions we use today, like RSA, along with one or more post-quantum algorithms, that guarantee you are protected against current and future threats.

Furthermore, use cases for cryptography vary across industries and sectors, so adoption of crypto flexibility – where different PQC algorithms can be used depending on the application – will give you more flexibility. This is particularly the case with algorithms being analyzed in the fourth round, which are likely to become future standards, some of which are potentially more appropriate for high security use cases. .

4. Finally, you should consider implementing a hybrid quantum secure VPN. The Internet Engineering Task Force (IETF) has developed a set of specifications for such VPN products that propose fast encryption solutions that support combination key establishment, that is, back-end algorithms. element can work in conjunction with today’s standards. Quantum secure VPN products based on the IETF specification are already on the market, so upgrading is a relatively simple step you can take.

Andersen Cheng is the CEO of Postquantum.


Welcome to the VentureBeat community!

DataDecisionMakers is a place where professionals, including technical people who work with data, can share data-related insights and innovations.

If you want to read about cutting-edge ideas and updates, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You can even consider contribute an article your own!

Read more from DataDecisionMakers

Source link


Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button