Quantum computers have the potential to crack today’s encrypted messages.It’s a problem | #itsecurity | #infosec


By 2029, Google plans to create a million-qubit quantum computer that is far more powerful than the system shown in 2019.

Stephen Shankland / CNET

When quantum computers are mature enough, many of today’s cryptography can be cracked. This reveals private communications, corporate data, and military secrets.

Quantum computers today are too primitive to do that. However, the data currently secretly collected can still be sensitive when more powerful quantum computers come online a few years later.

The computing industry is well aware of this potential vulnerability. Some companies are embarking on creating, testing, and adopting new cryptographic algorithms that are not affected by quantum computers. Some of these companies, including IBM and Thales, have already begun offering products protected by so-called post-quantum cryptography.

Quantum Safe Encryption penetrates your life through upgraded laptops, phones, web browsers and other products. However, most of the burden of quantum-secure encryption rests on the shoulders of enterprises, governments, and cloud computing services that need to design and install technology. This is a very complicated change Y2K bug fix Or upgrade Internet communication from IPv4 to IPv6..

It’s a tremendous effort, but it has to be done. Not only are today’s communications vulnerable, but quantum computers can later crack digital signatures, guaranteeing the integrity of updates to apps, browsers, operating systems, and other software, paving the way for malware. There is.

Quantum computing is a dardardar kid in the industry, raising millions of dollars in investment.This month Google I / O Developer Conference, Search giant announced plans for a new quantum computing center that employs hundreds of people. Build a practical quantum computer by 2029Other major tech companies such as Honeywell, IBM, Intel and Microsoft are competing to build the first powerful quantum computer.So is Ion Q, PsiQuantum, Xanadu, Silicon quantum computing And other startups.

Find Post-Quantum Cryptography Algorithms

The National Institute of Standards and Technology is at the forefront of global efforts. Find Post-Quantum Cryptography Algorithms It will be fast and reliable.that is win 82 initial contributions Group of 7 finalists Two encryption tasks: digital key exchange and digital signature addition.

“We plan to select a small number and start standardization in early 2022,” said Dustin Moody. NIST A mathematician working on this effort spoke at the IBM Cryptography Conference in March. “We want to fully prepare the final version and release it around 2024.”

NIST oversees the work, but business, academia, and government researchers participate through NIST. Post-quantum cryptography mailing list And published PQC conferenceAn open approach is important because trusting cryptographic algorithms to protect passwords, credit card numbers, financial records, and other sensitive information requires a thorough scrutiny of the cryptographic algorithms.

When these machines can break traditional encryption is an open question. But safe money suggests that it won’t take long.

John Graham Cumming, Chief Technology Officer of Internet Infrastructure Company Cloudflare, Said there is a lot of uncertainty: It can take five or twenty years for a quantum computer to be able to break the encryption. But Cloudflare is already Tested post-quantum protection And this year, we plan to adopt them for internal operations.

With researchers from Intel and NTT Research 451 Research Analyst James Sanders Think of it as taking about 10 years.

How urgent is the problem to be resolved?

“I’m not crazy at all,” said Brian Lamacchia, who heads the encryption process at. Microsoft research“But I’m a little impatient.”

Collect data now and decrypt later

The urgency is increasing because today’s encrypted data can be collected quickly and decrypted later. Hackers and nations can record network data. For example: Internet routing issues send traffic across borders To China and other countries.

“If long-term security is needed, it can even be too late,” said Thomas Peperman, a crypto engineer at German semiconductor maker Infineon and one of the co-creators of the PQC algorithm candidate. T.

NIST evaluates the problem openlyOnce cyberattackers have access to the power of quantum computing, modern public-key-based cryptosystems cannot withstand testing. “There is nothing an attacker can do to protect the confidentiality of previously stored encrypted material,” the agency said.

Public key cryptography is the foundation of many of today’s cryptography. Two digital keys, one secret and the other public, can be paired and used together to protect communications. For example, it is used to establish the security of connections between a web browser and a bank, or between a company server and a remote backup system.

Shor’s algorithm and cryptanalysis

In 1994, MIT professor Peter Shor discovered that quantum computers could find prime factors for numbers using a technique named after him. Shor’s algorithm Is a spark that has sparked interest in quantum computing for businesses, scholars and intelligence agencies, said Seth Lloyd, another professor at MIT and a pioneer in the field.

The resulting survey shows large companies and well-funded startups. Accelerating the pace of progress in quantum computingQuantum computer manufacturers are building machines with more qubits (basic data processing elements) while developing error correction technology to maintain stability over long calculations. I am. Algorithms speed up the decoding of quantum computersAlso.

Accelerate advances in quantum computing

Advances in Quantum Computing Drive Cyber ​​Security Companies Deep watch To speed up the cryptanalysis timetable. He said it could happen in 10 to 15 years instead of 20 years Marissa “Reese” Wood, Vice President of Products and Strategy.

With today’s ubiquitous RSA encryption algorithms, traditional computers require about 300 trillion years to decrypt communications protected by a 2,048-bit digital key. However, a quantum computer with 4,099 qubits requires only 10 seconds, Wood said.

For comparison, Google Quantum computer in 2029 with 1,000 “logical” qubits –Stable enough to perform long calculations.

What to do with post-quantum cryptography

Quantum migration is, in many ways, more difficult than past cryptographic upgrades. One problem is that digital keys are likely to be large in size and require more memory to process them. Algorithm changes are not a simple replacement, especially for smart home devices and other products with limited computing power.

Even before NIST chooses a winner, enterprises can adopt “cryptographic agility” in today’s computing infrastructure to ensure that their systems are independent of any particular cryptographic technology. This is the advice of several experts, including CEO Andersen Cheng. Post quantumIs a London-based company that helps customers deal with quantum cracking.

“People thought I was crazy,” Cheng said when he co-founded Post-Quantum in 2009. “I don’t think they are laughing anymore.”

Experts also recommend a hybrid approach that double-protects data with both traditional and post-quantum cryptography encryption. This allows system administrators to accept PQC faster without worrying about potential weaknesses in relatively immature algorithms. Hybrid encryption is currently possible, but most people expect full-scale adoption of PQC after NIST standardization work is complete.

IBM already offers quantum-secure cryptography in some of today’s cloud computing products. “If you have a secret that needs to be kept secret in 10 to 30 years, you should start this transition sooner or later,” said Vadim Lyubashevsky, a cryptographer at IBM Research.

France-based Thales, like IBM, adopted the PQC algorithm in the final round of NIST and began allowing clients to test the technology. This is important given the impact of financial and government agencies on customers.

Not an easy upgrade

Switching to quantum-secure encryption is difficult on slow-moving computing infrastructures.

“Estonian voting cards have a signature algorithm that is physically printed on the chip,” said Joel Arwen, chief crypto engineer at the secure communications company. Wicker“It takes a lot of effort to change that.”

Another difficult fix is ​​the computer system that controls the power grid and military operations. They usually run for decades. But wherever sensitive data exists, post-quantum cryptography upgrades will take place, said Gartner analyst Martin Reynolds.

“Twenty years later,” Reynolds said. “Everyone will be pleased that we have achieved it.”

Quantum computers have the potential to crack today’s encrypted messages.It’s a problem

Source link Quantum computers have the potential to crack today’s encrypted messages.It’s a problem



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + 2 =