November 03, 2022

Article at Sydney Quantum Academy

View original

Data security in a post-quantum world

quantum microscope

By Wilson da Silva

Is there a threat to modern data security algorithms that could make superannuation transactions crackable by cybercriminals?

Yes, the threat is real – quantum computing will eventually render most public key cryptography futile. And while this may be years away, that doesn’t mean there’s nothing to worry about today.

These were the key points to arise from an expert webinar jointly held on 20 September 2022 by the Sydney Quantum Academy (SQA) and Gateway Network Governance Body Ltd (GNGB), an industry non-profit organisation concerned with the integrity of the Superannuation Transaction Network, itself the data infrastructure that manages contributions between employers and super funds.

The key factors

Unlike today’s computers, which rely on the laws of classical physics to make calculations, quantum computers exploit the weirdness of quantum mechanics to process data in ways that no conventional supercomputer will ever be able to do. This opens the door to new kinds of algorithms and, eventually, applications.

One example is Shor’s algorithm, a method for discovering the prime factors of an integer that makes use of the phenomenon of quantum interference. Multiplying integers is relatively easy for today’s computers to do, but the reverse— factorisation — is hard enough so as to have become the standard for encryption techniques we use to keep information secure. This motivates both the development of quantum computers, as well as techniques to defend against them.

This ‘factorisation’ lies at the heart of modern digital cryptography – the algorithms that safeguard everything from our super contributions and bank accounts to our TV streaming accounts. While today’s best computers would take several hundred years or more to crack such an algorithm, quantum computers will, maybe as soon as 2030, be able to crack them in just minutes.

When the numbers involved in factorisation are sufficiently large, figuring out how any integer was factored is practically impossible with today’s so-called ‘classical computers’. It’s been estimated that cracking a 240-digit factorisation encryption (known as RSA-240) would take 900 years of calculations even with today’s best computers, and 500 times that to factorise 309 digits. This is why factorisation is so widespread.

“A quantum computer is not a magical device,” said Dr Peter Rohde, ARC Future Fellow and Senior Lecturer in the Centre for Quantum Software & Information at the University of Technology Sydney. “It exploits the laws of quantum mechanics to solve a very specific and well-defined class of problems. So, if I give it the product of two numbers, it can very quickly, in principle, spit out what the two factors were. This is specific type of cryptographic algorithm a quantum computer is able to attack.”

That’s bad news for RSA public-key cryptosystems, a set of large numbers with exactly two prime factors, that are the centrepiece of the most widely used method to ensure secure data transmission. In July 2022, the U.S. National Institute of Standards and Technology (NIST) predicted that, by around 2030, quantum computers will be able to break asymmetric key cryptography.

Worry now or pay later

While this may be years away, that doesn’t mean they are not a threat now. A cyber-attacker could surreptitiously collect a trove of data today, and wait until quantum computers are able to decode that data. This is known as the ‘harvest now, decrypt later’ threat.

“Some people are hitting the panic button, but it really depends on what you’re doing online,” said Dr Rohde. “If I’m doing a bank transfer and then logging back out, the keys will expire at the end of that session. The worst any attacker could do is probably see what the transaction was, but they can’t actually go in and manipulate it.

“However, if you’re exchanging communication involving high intellectual property value, it could be enormously detrimental if that was cracked 10 years later. They are the people who need to start thinking today about how they protect themselves against ‘retrospective attacks.’ So, the extent to which we need to worry is highly application dependent,” Dr Rohde added.

This changes things, said Mark Hudson, chair of GNGB’s Security Committee “It had been considered that encrypted data leaks might not be much of a problem because the data can’t be read by anybody. This certainly adds a new perspective.”

And it’s not just a theoretical threat, added Dr Rohde: warehousing of encrypted data is a strategy already pursued by intelligence agencies. “There’s a huge amount of this data mining going on, where people are just harvesting up things that might be a value down the line.”

The resistance

In July 2022, the Australian Cyber Security Centre (ACSC) released a security alert encouraging organisations to consider the vulnerability of their data systems to quantum decryption. This followed a May 2022 directive to U.S. government agencies to begin a multi-year process of migrating vulnerable data systems to quantum-resistant cryptography. This was followed two months later by NIST releasing the first suite of quantum resistant public-key cryptographic algorithms for further analysis and consideration. NIST expects to finalise a post-quantum cryptographic standard in the next two years.

But it’s not just public key cryptography; quantum computing also threatens the emerging blockchain sector, said Professor Gavin Brennen, Director of the Macquarie Centre for Quantum Engineering and Chief Investigator ARC Centre for Excellence in Engineered Quantum Systems.

“Take the example of a transaction in the Bitcoin network,” he said. “You have an average time of 10 minutes per validation. If you had a quantum computer which could crack that validation within that time, then someone could just steal the bitcoins. We’ve run simulations, and we prognosticate that by the early 2030s at the earliest, and in the 2040s on the more pessimistic end, quantum computers will be able to crack digital signatures within a 10-minute period.

“It will be the same for digital signatures in public key cryptography,” Professor Brennen added. Even an RSA-2048 encryption key, which would take a classical computer around 300 trillion years to break, would be within reach. “There are some estimates that RSA-2048 could be cracked in eight hours, if you had a quantum computer running 20 million qubits.”

A qubit, or quantum bit, is the basic unit of information in a quantum computer – the quantum counterpart to the binary digits (or bits) used in classical computing. While today’s best quantum computers have only just reached 127 qubits, progress is accelerating.

IBM says it’ll have hundreds of thousands of qubits within this decade,” said Professor Brennen. “PsiQuantum in Silicon Valley is working on a photonic-based quantum computer – they are targeting a million qubits by the end of the decade. And Diraq, a spin-off from UNSW’s silicon quantum computing research, have an ambitious goal of a billion qubits. Now, that will take time, but they argue their architecture has the ingredients necessary to scale to that.”

Where to from here?

There is hope for retaining robust digital security in a post-quantum world. It involves moving away from the dominant ‘computational security’ approach of cryptography – where a mathematical problem is so hard it requires far too much time to crack – to an approach relying on ‘information theoretic security’. This relies on a mathematical proof of a problem that cannot be solved by either a classical or a quantum computer.

One example is ‘quantum key distribution’, a secure communication method which implements a cryptographic protocol relying on the vagaries of quantum mechanics itself. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages.

“Quantum key distribution offers, in principle, information theoretic security,” said Dr Rohde. “So long as this cryptographic system is correctly implemented, there’s just literally nothing that someone can do to crack it, because that would violate the laws of physics. Then, in principle, you’re fine against even quantum computers.”

But we are not there yet, warned Professor Brennen. He noted that one of NIST’s post-quantum candidate encryption algorithms, SIKE, was broken by computer security researchers at a Belgian university “in one hour, using a single-core PC and some hardcore mathematics.”

So, what should organisations do? “There is good reason to have angst about it and want to hit the panic button and say, ‘We need to go post quantum now,’” said Dr Rohde. “But you need to wait for the cryptographic protocols to be standardised, the way we did with ones we rely on today. That’s going to take time. The worst possible thing to do is to start using custom cryptographic protocols or inventing your own security schemes. It’s best to keep a close eye on where the research is going.”

Ensuring organisations have the right people in place to stay abreast of developments, and who can play a role in coordinating quantum preparedness, is also a must, added Professor Brennen.

“There are many great resources already online – with notes and software demos, or short courses – that teach the fundamentals. For companies looking to move into this space, it’s especially important that not just technical staff learn about opportunities in quantum, but also members of the executive team,” he said. “Engaging with organisations like the Sydney Quantum Academy – through events, internships, or to reach out to their experts – will help you prepare for the quantum revolution.”