By Edward Chiu, Emerging Cybersecurity Technologist, Chevron
While the development of quantum computers is still at a nascent stage, its potential in solving problems not feasible with classical computers draws interest from many industries.
On one hand, Volkswagen is researching using quantum computers to help optimize traffic, and researchers at Roche are investigating the use of quantum computing in biomedical applications.
On the other, a quantum computer powerful enough to run Shor’s algorithm poses a severe threat to asymmetric encryption (also known as public key encryption), which in turn plays a vital role in data security. The use of asymmetric encryption is pervasive and transcends industries and companies, thus quantum computing’s impact is far reaching.
“Preparing Enterprises for the Quantum Computing Cybersecurity Threats” is a new paper published by the CSA Quantum-Safe Security Working Group that provides an overview of the cybersecurity risks posed by quantum computing and encourages cybersecurity professionals and decisionmakers to begin planning now as the consequences of inaction are dire.
The paper illustrates the dark side of quantum computing and its impact to cryptography, how asymmetric encryption can be broken, and what practical steps enterprise decision-makers can take now to prepare for the emerging threat. Topics covered in the paper include:
- What is quantum computing?
- Impact of quantum computing on cryptography
- The time to prepare is now
- Preparation steps for a post-quantum era
Impact on asymmetric encryption
Asymmetric encryption is the cornerstone of data security on the Internet. Whenever someone uses a browser to log in to their bank account, asymmetric encryption known as RSA is being used. In 1994, MIT mathematicians formulated an algorithm that provides exponential speedup in the factorization of large prime numbers. A quantum computer powerful enough to run Shor’s algorithm and crack mainstream RSA cryptosystems poses catastrophic consequence to data security.
In recent years, cryptographers have been experimenting with the use of hybrid cryptography to mitigate quantum threats. Hybrid cryptography refers to the use of two or more cryptographic schemes, an example of which is a X.509 digital certificate that has two signatures—one classical and the other quantum-resistant. The goal is to provide resistance to both classical and quantum cryptanalytic attacks.
What should IT decision-makers do now?
What can we do now while waiting for the arrival of a quantum computer capable of breaking encryption, an event sometimes referred to as the year to quantum (Y2Q)? IT decision-makers should begin to lay out an actionable plan to prepare for the Y2Q now, using this paper as an actionable guideline.