By Martin Lee.
Quantum technology in development by the world’s superpowers will render many current encryption algorithms obsolete overnight. When it becomes available, whoever controls this technology will be able to read almost any encrypted data or message they wish.
Organizations need to take note that this technology is likely to be developed within the coming years. Senior managers responsible for information security should take stock of the encryption algorithms in use within their systems and plan their move to quantum-secure algorithms.
The AES-256 encryption algorithm is predicted to be quantum secure, as are the SHA-384 and SHA-512 hashing algorithms. As an interim solution, organizations should increase the key lengths of public-key algorithms to a minimum of 3,072 bits, to protect against attacks.
Systems under development should be designed to implement AES-256, and to have the capability to swap out encryption algorithms if weaknesses are discovered, or more secure algorithms become available.
Quantum computers already exist as proof-of-concept systems. For the moment, none are powerful enough to crack current encryption, but the private and public sectors are investing billions of dollars globally to create these powerful systems that will revolutionize computing.
Although nobody knows when a powerful quantum computer will be available, we can predict the effects on security and prepare our defenses in advance.
What is a quantum computer?
Classical computers operate using bits of information. These bits exist in memory or in a processing chip register in one of two states, either ‘1’ or ‘0’. Quantum computers operate in a different, but analogous, way. Instead of working with bits of information, quantum computers operate with “qubits.” A qubit exists in a mixed state which is both partly ‘1’ and partly ‘0’ at the same time, only adopting a ‘1' or ‘0’ state at the point when it is measured.
This feature allows quantum computers to perform certain calculations much, much faster than current computers. The constraints of physics are making it harder to increase the processing power of current computing architectures, hence fuelling the interest in quantum physics as a path to develop a new generation of computers.
Applications to security
Quantum computers cannot solve problems for which current computers are unable find solutions. However, some calculations take too long for practical application with current computing power and speed. With quantum computing’s lightning speed, these could become not only practical but standard.
One such calculation is finding the prime factors of large numbers. Any number can be expressed as multiples of prime numbers, but finding these prime numbers takes an incredibly long time with current computers. Public-key encryption algorithms rely on this fact to ensure the security of the data they encrypt.
It is the impractical amount of time involved, not the impossibility of the calculation which secures public-key encryption. A calculation named “Shor’s algorithm” can rapidly find prime factors, but can only be executed on a sizeable quantum computer.
We know how to go about breaking current public-key encryption by applying Shor’s algorithm, but we are waiting for a suitably powerful quantum computer to become available to implement this approach. Once someone develops a quantum computer with the necessary processing power, the owner will be able to break any system reliant on current public-key encryption.
An additional quantum computing calculation, known as “Grover’s algorithm,” can find the keys of symmetrical encryption algorithms, reverse one-way hash algorithms (including those commonly used to hash passwords), or identify the extra bytes necessary to give a data file a specific hash value.
Since Grover’s algorithm is less efficient than Shor’s algorithm, it won’t be as advantageous to attackers. But the implementation of Grover’s algorithm will allow attackers to crack hashed passwords and calculate hash signature collisions for weaker hash algorithms.
Creating a working, sizeable quantum computer is not a trivial matter. It’s difficult enough to isolate single atoms, electrons or photons of light to use as a qubit. Once isolated, the physical particles are prone to losing information to the outside world and no longer work as expected. Current attempts at building quantum computers require cooling to close to absolute zero (-273℃) to prevent extraneous energy from affecting the system.
A handful of proof-of-concept quantum computing systems have been developed in the private sector. Although quantum research has been identified as a strategic priority for many countries, the path forward is less clear. Nevertheless, China has made quantum technology part of their current five-year plan and is known to have developed functional quantum systems to detect stealth aircraft and submarines, and have deployed quantum communication with satellites.
Are we already post-quantum?
We know how a quantum computer can be used to break encryption. We know the difficulties in creating a sizeable quantum system. What we don’t know is if one of the global superpowers has overcome these difficulties to create a functional quantum computer that can implement Shor’s algorithm to crack current encryption.
We can expect that whoever is first to create such a system will be keen to keep it secret for as long as possible. The first electronic computers used to break the German Enigma encryption code during World War II were kept secret for decades so as not to disclose the country’s ability capability to crack codes.
Nevertheless, we can anticipate clues that will indicate a threat actor has developed a functional system.
Anyone possessing the world’s most powerful decryption computer will find the temptation to put it to use difficult to resist. We would expect to see a threat actor seeking to collect large quantities of data in transit and data at rest.
The attacker would most likely capture data in transit by diverting encrypted data streams to systems under malicious control i.e. man-in-the-middle attacks. These may be similar to the Sea Turtle attack of 2019 where a threat actor subverted the DNS system to return a malicious IP address. There may also be attacks similar to VPNFilter, where routers and switches are compromised to redirect connections to malicious systems.
To access encrypted data at rest, attackers would compromise backup systems, databases or data stores and exfiltrate as much data as possible. Attacks would likely be disguised as criminal attacks, or carried out by criminal associates under state direction rather than by a nation-state threat actor themselves, to disguise attribution.
Currently, we do not observe the volume of redirection attacks that would be expected for the large-scale collection of data, nor do we see the large-scale exfiltration of stored encrypted data. This suggests that threat actors are not actively collecting data to decrypt at scale. Nevertheless, criminal ransomware threat actors have adapted to exfiltrate unencrypted data as part of their business model, threatening to publicly disclose stolen data unless the ransom is paid.
Preparing for the post-quantum world
Nobody knows when current encryption techniques will become obsolete. We can prepare for this eventuality by upgrading encryption algorithms to those believed to be resistant to attacks by quantum systems.
NIST is in the process of preparing standards for encryption in the post-quantum world. In the meantime, the NSA has produced guidelines that offer an interim strategy before post-quantum standards are published.
Organizations should take stock of the encryption algorithms in use in their systems and the associated key length. Where possible, they should also increase the length of keys and adopting AES-256 encryption, which is believed to be resistant to attack by quantum computers.
The keys necessary to decrypt encrypted data are at risk of being discovered with the aid of a quantum computer. Organizations may wish to consider if archived encrypted data is still required, or if the data should be wiped. Data that no longer exists cannot be stolen.
If data must be kept, the data should be double encrypted with AES-256, or decrypted using the original algorithm and re-encrypted with AES-256. Organisations should review the key management of legacy encrypted data. Keys that are lost or erased (perhaps because they are erroneously assumed to no longer be required following double encryption) will require quantum computer decryption to access the otherwise inaccessible data.
Until a sizeable quantum computer is built and made publicly available for research, we cannot be certain about the capabilities of such a system. It is possible that physical constraints will mean that such a system is not practical to build. Certainly, programming quantum computers will require new software engineering practices. It is also possible that programming shortcuts will be found that allow the practical breaking of encryption with a smaller quantum computer than currently expected.
Post-quantum standards and advice from governmental entities are welcome to guide organizations in transitioning to a quantum-secure environment. However, advice should not necessarily be taken at face value.
A previous cryptological standard, known as Dual_EC_DRBG, was found to include a fundamental flaw that helped anyone who was aware of the flaw to decrypt relevant encrypted data. The weakness in the algorithm may have been due to “bad cryptography” that was missed as part of peer review, or it may have been a malicious flaw that was intentionally included to weaken cryptographic systems implementing the algorithm.
In any case, what was purported to be a secure method contained a vulnerability. Anyone who was aware of the existence of this vulnerability had a significant advantage in breaking encryption that used the function.
Current advice on which algorithms are resistant to quantum attack may be incorrect, possibly deliberately so. Cross-check recommendations against standards from more than one standards body or against guidelines from multiple nations.
At some point, many current encryption algorithms will become instantly vulnerable to whoever has developed a suitable quantum computer. In anticipation of this moment, organizations should look to extend the size of key public key encryption implementations beyond 3072 bits as interim protection. Where possible, systems should migrate to use AES-256 encryption and use SHA-384 or SHA-512 for hashing.
Anyone implementing encryption software should consider the algorithm life span and provide users with the ability to change encryption strength and algorithm as necessary.
Quantum computing is a major focus of research and investment. Physical constraints mean that current chip architectures are difficult to advance further. Practical quantum computer systems will bring large gains in computing power and allow new computational techniques to be applied to solve problems that are currently impractical to calculate.