Security

How quantum computing could unpick encryption to reveal decades of online secrets

The encryption we take for granted as being uncrackable would have a limited shelf-life in the quantum age, says a security expert.

cio-sec.jpg

Firms need to worry about the encryption protecting sensitive corporate information being transmitted over the internet says ISARA's Michael Brown.

Image: chargerv8/Getty Images/iStockphoto

Whether it's our credit card details or our private communications, almost every bit of sensitive digital data in the modern world is protected by encryption.

These cryptographic systems that scramble our data so it's useless to a would-be attacker rely on underlying mathematical problems that are typically too complex to be cracked by computers.

That relatively strong guarantee of security may be coming to an end, according to Michael Brown, CTO at the security specialist ISARA Corporation, curtailed by the arrival of quantum computers.

"The assumptions that we've made in a lot of our internet-based systems, that this is safe because of the fact that classical computers can't solve it, that doesn't hold anymore in the context of quantum computers," he told the CW Tec conference in Cambridge.

SEE: Quantum computing: The smart person's guide

Quantum computing is still a largely theoretical field, which studies how to exploit the bizarre and counter-intuitive way that matter behaves at an atomic level to develop hugely powerful machines. For certain tasks, quantum computers have the potential to be exponentially faster than existing systems, as well as being vastly more energy efficient.

More about IT Security

Governments and nation states are now officially training for cyberwarfare: An inside look

Europe, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and we take you inside.

While universal quantum computers don't exist today, and there are predictions they won't until the 2030s, some progress is being made. Canadian firm D-Wave makes a system that, while not a universal computer, utilises various atomic behaviors, such as entanglement and state superposition, to help solve a range of difficult computational problems. There are also reports that Google could be on track to create a basic 50 qubit quantum computer by the end of 2017 - enough by some estimates to solve certain problems that conventional computers would find almost impossible.

Why these developments matter to the world of cryptography is that a universal quantum computer could be capable of unpicking many of the encryption systems used today, according to Brown.

Vulnerable systems, he said, include the Transport Layer Security (TLS) cryptographic protocols, which are used by websites and web services to secure communications and transactions with users. A quantum computer running Shor's algorithm could potentially break the current public-key algorithms used by TLS, he said.

Harvesting secrets today to crack them tomorrow

Even if it proves to be decades before quantum computers are created, Brown said the threat could still apply to information being transmitted online today.

He pointed out that the world's security services are engaged in harvesting internet traffic as it passes through fiber optic cables, under programs such as the GCHQ/NSA operation Tempora, and that there was a possibility of traffic being stored until such a time that quantum computers are available to decrypt it.

"If I'm a company and I have trade secrets underlying how my business will be successful, my core intellectual property, that has to live for a long period of time," said Brown.

"If that information is out there encrypted on the internet, then you need to worry," he said, adding the same threat might apply to other long-lived, sensitive information, such as medical data.

Decryption of these stored communications could again be achieved by running Shor's algorithm on a quantum computer and using the machine to attack the stored key establishment algorithm and obtain the symmetric encryption keys, he said.

Firms also need to think about how the products they rely upon use encryption and whether the security they offer would hold in a post-quantum world.

"If you think about something like OpenSSL, OpenSSL is used widely across the internet in countless numbers of products," said Brown.

"That means if you use a product that uses OpenSSL, you could be then evaluating your product to say 'How am I using cryptography? Am I using it in a safe way? Do I need to use it in a different way?'. There are an ever larger number of items this affects," he said.

Beyond decrypting sensitive data, quantum computers could also be used to interfere with the digital signing process that guarantees software updates or digital documents as authentic, he said.

With these threats in mind, companies needed to start thinking about what data they own that could be at risk, he said, and those that have control over encryption systems need to start preparing to replace cryptographic algorithms with alternatives that would be secure in a "post-quantum world".

"As a company, if you think about how you update the cryptography that you use, this is not something you do over a weekend. This isn't a new version of [Microsoft] Exchange that you're rolling out.

"You really have a two, three or four year type of transition for most organizations," he said.

One example of a "quantum resistant" cryptographic algorithm is Google's New Hope, a "post-quantum key-exchange algorithm" that Google uses on a small fraction of connections between desktop Chrome and its servers.

Given universal quantum computers don't yet exist, Google says that New Hope is an experiment, and that the algorithm may or may not prove secure against such an an attack in future.

It is possible to overstate the threat posed by the advent of quantum computing, however, according to Ross Anderson, professor of security and engineering at Cambridge University.

"I don't really share the doom and gloom about cryptography," he said, pointing out that a range of cryptography in use today, for example that used to protect bank account information stored on EMV payment cards, is not at imminent risk of being broken.

"First, most of the cryptography we actually use is shared key stuff. The 256-bit AES keys in EMV will continue to work for the foreseeable future."

Even where quantum computers might pose a risk to encryption, such as to the cryptographic protocols that secure internet comms, online infrastructure is set up in a way that makes it feasible to drop in replacement, "quantum-resistant" protocols, he said.

Ross argues that the TLS protocol used to encrypt comms online is now typically applied at centralised front-ends, such as those run by CloudFlare and Akamai. "Most of that we could pull out and replace with Kerberos if we had to," he said.

Crucially, he said he doesn't see the potential existence of quantum computers as a fundamental threat to the encryption used to protect data today.

"I fail to see where there is anywhere in the world out there now that would break catastrophically if somehow the dreams of the quantum computing community came true and we had a serviceable 4,000-bit quantum computer. I don't see that as being the end of civilization."

Read more about quantum computing

About

Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.

2 comments
111 people following
jaareshiahJCitizen
 
jaareshiah

Cryptography is proving harder each year due to skilled individuals capable of cracking some codes. It is said to crack the 256 bit "SSL Certificate is so secure that cracking it is totally out of reach of mankind".(digicert blog by Flavio Martins, August 21, 2014) 


Yet ZD Net (June 8, 2013) says that, by means of an SSL proxy (such as NSA or National Security Agency using it) acting a man-in-the-middle, traffic between a person's computer and the other "secure" sight can be intercepted and read by others. So, the war is waged between hackers who want to take what is not theirs and companies wanting to keep "meddling hands" out of their networks. 


But there is an encryption that is secure from those not having the right to it. Jesus said in prayer to God of his word, the Bible: "I publicly praise you, Father, Lord of heaven and earth, because you have hidden these things (that which God has encrypted in the Bible) from the wise and intellectual ones and have revealed them to young children".(Matt 11:25)


Though many feel that they understand the Bible (such as the churches of Christendom as well as intellectual ones), Jesus established that only "young children" or those who are humble, teachable like young children by God are allowed to grasp what the Bible really teaches. And the apostle Paul wrote that "God chose the foolish things of the world to put the wise men to shame; and God chose the weak things of the world to put the strong things to shame".(1 Cor 1:27) 


So, the Bible is "off limits" to everyone except those whom Jesus designated as "young children", individuals who allow the Bible to speak for itself rather than forcing "a square peg in a round hole". These work in harmony with God's holy spirit.(see 1 Cor 2:14) 


No matter how hard they try, those who are not God's people, will not be able to unlock its words and prophetic statements. Jesus used the Greek word syniemi, that means "to mentally put the pieces together", in giving illustrations of God's Kingdom at Matthew 13.  He tells his disciples: "To you it is granted to understand the sacred secrets of the Kingdom of the heavens, but to them (those not his genuine disciples) it is not granted".(Matt 13:11) 


He then askes his faithful disciples in concluding: "Did you get the sense (or understand) of all these things (or illustrations) ?", which they said "Yes". Jesus now says "that being the case, every public instructor who is taught about the Kingdom of the heavens is like a man, the master of the house, who brings out of his treasure store things both new and old".(Matt 13:51, 52) 


Hence, Jesus "as "the master of (God's) house", is able to reveal the meaning of what the Kingdom is as well as the rest of the Bible to only those who are his genuine disciples, those who are like "young children". Please consider the No 2 2016 Awake ! magazine entitled "Is the Bible Just a Good Book ?" at JW dot org.

White Papers, Webcasts, and Downloads

Editor's Picks

Free Newsletters, In your Inbox

JCitizen
jaareshiah