Encryption is a hot topic these days, thanks partly to Apple's resistance to helping the FBI access encrypted data on the San Bernardino shooters' iPhone. Much of the current focus is on vendor-provided back doors, which hackers could find and exploit. It's tougher for vendors to sell encryption products when potential customers worry that protection is penetrable by design.
But another threat is emerging under the radar: Quantum computing, which has the processing power necessary to figure out the cryptographic keys that all encryption systems use. Quantum computers are new and limited in terms of their ability to break today's encryption, but their capabilities are advancing. That's why the National Security Agency (NSA), for example, is exploring ways to both use quantum computing to crack encryption and protect organizations against such hacks, too.
"The notion of a large-scale quantum computer just appearing one day is not the major risk at this point," says Mark Pecen, CEO of Approach Infinity, which advises tech companies and other organizations about cryptography and telecom technologies. "There is a still higher probability that multiple small quantum computers can be used in parallel to solve certain types of problems, and possibly in conjunction with conventional computing. All that is necessary to have a serious threat is a quantum computer that may not be huge, but [is] big enough to solve certain niche problems to become a serious threat to security."
Quantum computers, either standalone high performance computers or smaller, interconnected systems, could become dangerous weapons in the hands of criminals.
There are two potential solutions:
Quantum Safe Cryptography (QSC), whose name comes from its use of conventional cryptographic techniques that are supposed to withstand quantum-enabled attacks. That belief is based on what today's quantum algorithms are capable of doing. QSC algorithms are used in Public Key Infrastructure (PKI) systems. "This is important because most of the Internet is secured by RSA in the PKI today, which depends on the integer factorization approach to security and this is easily breakable by a quantum computer," says Pecen, who also chairs ETSI's QSC group.
Quantum Key Distribution (QKD), which leverages the way information is transferred over fiber or the air. "QKD uses a basic physical property of electromagnetic radiation to protect the transference of information, typically a bit sequence comprising a key for symmetric key cryptography," Pecen tells The New IP. "QKD is believed to be completely secure because of the quantum mechanical properties of single photons when sent over fiber or free space."
One current drawback to QKD is that its range over fiber is between 20 kilometers and 100 km. Using it over longer distances would require quantum repeaters (which haven't been invented) or a trusted node where the information would be decrypted, re-encrypted, and sent back out. But that node could be hacked.
"The principal challenge to implementing both QSC and QKD is awareness, and therefore demand, by customers," Pecen says. "This is normal though, as it wasn't very well known until recently of the rapid progress in quantum computing and the major investments into quantum computing research that have been made over the past 10 years or so.
"Governments appear to be extremely aware. This is evidenced by their participation in groups like ETSI Industry Specification Group Quantum Safe Cryptography (ISG QSC), ITU Study Group 17 (SG-17) and others. Most enterprises are not as aware at this point, although some security-savvy ones are extremely aware."
— Tim Kridel, Freelance Contributor. Follow him on Twitter @TimKridel. Special to The New IP