Why you need to become Quantum Resilient?
The threat and arrival of quantum computers has demonstrated not only the fatal flaws of our encrypted systems but known vulnerabilities that have long been thought not possible given the limitations of classical computing models. “Today, anyone with access to a quantum computer has a master key to unlock the world’s encrypted data” a quote from Craig Costello, a Microsoft quantum researcher.
What is Quantum Computing?
Answer: Quantum computing uses quantum bits, or qubits, based on quantum physics to break barriers currently limiting the speed of today’s classical computers. Quantum computers leverage a physics phenomena called superposition that allows a quantum computer to process data as a 1, 0 or both at the same time. Whereas, a classical computer can only process binary as a 0 or a 1. By processing data using qubits a quantum computer can greatly accelerate the factorization of large numbers that is what is needed to break today’s encryption.
How will Quantum Affect Today’s Cryptography?
Answer: Today’s public key cryptography is based on factorization for RSA algorithms, or discrete log problems with DSA, Diffie-Hellman, and Elliptic-Curve Cryptography (ECC). Although these hard problems for the longest time offered a form of protection that ‘classical’ computers couldn’t break things have quickly changed. Today encryption is broken using a new breed of factorization algorithms combined with advancements in computational performance through exascale computing or quantum computing. A quantum computer being able to operate at more factoring bandwidth than a traditional computer because of processing data as a 1, 0 or both at the same time. Providing factorization of encryption in seconds.
China has operational quantum computers and American quantum efforts have advanced significantly over the past year. In fact, Google has run calculations on it’s quantum computer that demonstrate it’s ability to perform calculations and tasks a classical computer cannot (the quantum supremacy). Today most public key-based protocols including TLS / SSL, IPSEC, SSH, Internet of Things (IoT), digital signing and code signing are vulnerable to eavesdropping and public disclosure as they are not strong enough to resist a quantum attack. Given recent breaches and the disclosure of unencrypted data from the breaches it’s very clear the bad actors or nation states posses an ability to unlock encrypted data. Further illustrating the post-quantum challenge most of NIST’s post-quantum algorithms have been breached like SIKE and rumors have it other algorithms have met a similar fate.
What can you do right now?
In minutes you can instantly try the world’s first quantum safe email security application in Office365. Try the Secured2 quantum safe security here: Send a quantum safe email using Secured2 Particle Mail.
Secured2 also provides a diverse number of products that are quantum safe and protect your data beyond encryption.
I’m starting to hear a lot about quantum encryption, what really works and what’s the difference?
To understand quantum security there are six approaches, five that rely on math-based security and one that relies on ‘physical’ data protection:
- QKD: Using quantum key distribution (QKD) that is a way to transmit keys using photons. The system is incredibly expensive and one of the leading security researchers Bruce Schnneier remarked that quantum key distribution is, “as useless as it is expensive.”
- Multivariate Cryptography: Using complex ‘rainbow’ calculations that are asymmetric cryptographic primitives based on multivariate polynomials. This complex math at the end of the day relies on large keys and complex problems that have exploitation points and can be breached.
- Hash-based Cryptography: Hash based digital signatures have been around since the 70’s, and was considered to be a replacement to RSA and DSA. T here is a weakness with Hash-based systems because there are limits to the number of signatures that can be signed using the corresponding set of private keys. Also, like similar key based systems, if you get the key, you can unlock the data. So this form of security is not immune to brute-force attacks.
- Code-based Cryptography: Code-based cryptography includes all symetric or asymetric encryption, whose security relies, partially or totally, on the hardness of decoding in a linear error correcting code, possibly chosen with some particular structure or in a specific family. The quantum resistent Code-based Cryptography relies on keys so long that most quantum computers cannot factor the codes. The downfall for this type of encryption is ultimately hack the random number generator creating the code and you are able to break the key. This is a known vulnerability for most encrypted systems. Also, when operating very complex mathematical problems like this and large quantum keys you will need a very expensive computer to create the keys and to process the keys. Something that makes this type of solution cost prohibitive since it can’t operate on an X86 computer.
- Supersingular elliptic curve isogeny cryptography: This cryptographic system uses the well studied mathematics of supersingular elliptic curves to create a Diffie-Hellman like key exchange that can serve as a straightforward quantum computing resistant replacement for the Diffie-Hellman and elliptic curve Diffie–Hellman key exchange methods that are in widespread use today. Because it works much like existing Diffie–Hellman implementations, it offers forward secrecy which is viewed as important both to prevent mass surveillance by governments but also to protect against the compromise of long term keys through failures. In order to reach ‘quantum resistant’ algorithms for this type of key exchange once again it will require expensive computing and will ultimately succumb to the same issues it’s current counterparts have.
- Multi-Step, QuantaMorphic™ cryptography: This new breed of security doesn’t rely on ‘math problems’ to secure data but rather relies on a complex multi-step, multi-layer security solution that alters the state of binary data. This multi-step algorithm shrinks, shreds, secures data and instantly restores data once a user physically authenticates. This unique process prevents the factorization of data, eliminates the quantum threat and also fits inside today’s existing data security investments. Making it seamless, fast to deploy and very cost efficient. The Secured2 Quantum Safe security is the most secure form of data protection in the market today and also the easiest to manage, deploy and integrate since it’s all API driven.
Secure your Enterprise with Secured2 Quantum Safe Security
Start protecting your mission-critical connected devices today using Secured2’s advanced quantum-safe, QuantaMorphic™ physical-based data protection. The only security solution in the market today that indemnifies you against a data breach with a Lloyd’s of London cyber policy because it can prove and physically demonstrate security.
Today’s enterprise needs crypto agility TODAY and Secured2 helps you avoid expensive security retrofitting and can be deployed company wide in minutes. Also, Secured2 is affordable, fits into your existing security investments and doesn’t require special hardware or new points of risk for your organization.