Post Quantum Computing: Got a secret, can you keep it?
Do you know how the information you store online is secured? Most of it will be protected by a set of complex encryption protocols devised to be extremely difficult to crack. Don’t feel too safe just yet however - while modern computers currently lack the power to easily break through the algorithms used to protect your secrets, there may soon be a time where ‘quantum’ devices are able to break these encryption methods in a very short space of time. Security-focused organisations are going to need all the help they can get if they are to develop new protocols capable of defying this next generation of computers.
I’ve got the key, I’ve got the secret
One of the ways we protect data today takes inspiration from methods used thousands of years ago. Imagine a box which contains all your secrets within it – how do you stop people from accessing it? By having only one key which is capable of locking and unlocking your box! This is symmetric encryption, and in computing, the physical key is replaced by a specific password or a sequence of numbers, letters and characters. This can even be randomised to make it even more secure.
Another way to secure your box, known as asymmetric encryption, is to have two separate keys – one to lock it, the other to unlock it. Anyone can be given the key to lock the box, but by keeping the other one, only you would be able to access the contents. This means that even if an unauthorised person steals the first key, your secrets will remain safe. The same is true in computing, with the keys again switched out for passwords and complex sequences of data.
A threat from the future
Both methods have their own benefits and drawbacks – for example, symmetric encryption is a faster process, but if you ever wanted to share information with someone else, you’d have to give them the only key keeping it safe. If that key is then intercepted, you’ve placed yourself and your secrets at extreme risk. These methods have stood the test of time, but perhaps not for much longer. In the age of quantum computing, we are likely to see devices that operate at almost unfathomable speeds, making the current methods of encryption historical relics!
There are already two algorithms causing great concern to security professionals. Shor’s algorithm has been designed to factor large composite numbers in a manner of seconds. If this can be applied on top of a quantum computer, the large numbers used to generate keys in the symmetric security algorithms we use today can be broken very quickly. For asymmetric encryption, attackers could use Grover’s algorithm on top of quantum computers to discover the keys used, as its able to search through unsorted databases in a fewer number of steps than the computers we used today. As a result, keys with up to 128 bits of security can be discovered through brute force attacks, leaving your secrets vulnerable.
The steps being taken
So where does this leave your business and its security measures? If quantum computers are able to apply these two algorithms and greatly reduce the time required to identify potential keys, then longer key lengths and new security measures will be essential.
Thankfully, governments and institutions across the globe are putting plans in place for the era of ‘post quantum cryptography’. The US National Institute of Standards and Technology (NIST) have already recommended standardization of new quantum-resistant algorithms, including Kyber, Dilithium, FALCON and SPHINCS+. Since then, the Biden Administration has outlined a roadmap for governmental bodies to follow regarding post quantum security, with the ‘Quantum Computing Cybersecurity Preparedness Act’ ensuring agencies and institutions will remain compliant with NIST and their approved cryptographic algorithms going forward. The Act will also lead to a report that sets out the strategies and required funding for a transition to quantum-safe systems. This is expected to be published December 2023.
In Europe, the response to the threat of quantum computing has been somewhat slower. At present, only a few countries in the European Union (EU) have announced public plans to counter the emerging threat of quantum computing, and even fewer have actioned these strategies.
This may soon change - July 2023 saw the publication of a new whitepaper from the European Policy Centre, which outlined recommendations for the EU on how member states can best prepare themselves against quantum-enabled cyber-attacks. The paper calls for an ‘EU Coordinated Action Plan’ that would facilitate quantum-secured technologies before the day quantum computers reach their full potential, alongside greater support and coordination for institutions like ENISA to better deal with this threat.
Like the EU, your business cannot afford to be reactive against threats in computing. This is why Proactive PR work alongside clients such as the Trusted Computing Group to bring attention to the latest standards, technologies and services designed to keep you, your data and your devices safe.
Working with an agency who can take technical terms, understand them, and drive PR and marketing campaigns forward is essential. Without an agency you can trust and that has a deep understanding of your products and market, your messaging and goals cannot be achieved. Proactive PR takes pride in the work we build with our clients to turn complex terms into content that delivers for both the media and your target audience.
Contact us to book a meeting with our Marketing Director Jade Hush at https://www.proactivepr.com/meeting and learn how Proactive PR can best promote your business today.