Skip to main content
banner image
venafi logo

Quantum Computing Threatens All Current Cryptography

Quantum Computing Threatens All Current Cryptography

quantum cryptography qubit image
July 17, 2019 | Guest Blogger: Kim Crawley

Cryptography is crucial to making sure that data is only accessible to its intended parties. It’s all about the confidentiality component of the CIA triad of information security. (The other components are integrity and availability.) Modern computer networking absolutely wouldn’t work without strong cryptography, nor would the modern world. Businesses, institutions, and individuals all depend upon it.



Most of our money is digital, stored as numbers on the computers of financial institutions. Did an ATM give you cash out of your bank account today? Did you shop online with confidence? Thank cryptography. Our sensitive medical records are mainly digital. Proprietary and patented information from militaries, governments, academia, and large corporations are digital and encrypted.

 

Cryptography is also implemented to prevent man-in-the-middle attacks on data that goes back and forth between your endpoints and internet servers, and Internet of Things (IoT) devices and the internet. That’s the integrity part of the CIA triad. More and more medical devices and motor vehicles are IoT, so cryptography could prevent you from dying from a failed pacemaker or a car crash.

 

How would you feel if I told you all of that the cryptography that helps to make the modern world work will be obsolete very soon? Cryptographic implementations that are currently the equivalent of a locked door on a bank vault will soon be like covering something with a glue stick and tissue paper. I’d be a bit concerned if I were you. All current cryptography will soon become weaker than a seeding dandelion on a windy day.

 

Can you respond to machine identity security incidents at enterprise scale? See analyst findings.

That day is coming very soon, and quantum computing is responsible. IBM’s Arvind Krishna says, “quantum computers will crack today’s encryption within a decade.” Krishna has been following the implications of quantum computing on cryptography very closely. He’s the senior vice president of IBM’s Cloud and Cognitive Software division, and he leads their research and development of quantum computing technology.

 

So, what is quantum computing? It’s a concept that many people outside of computer science find confusing, but it’s actually quite simple. All computer data so far, from the earliest electronic computers in the 1940s to today, is binary. The computer data you’re using right now is in the form of many sophisticated programming languages, but when CPUs process the data at the most fundamental level, it’s all 0s and 1s. A bit can be on or off, either or.
 


Quantum computing shatters that paradigm to pieces... quantum pieces! The smallest unit of quantum data is a qubit. A qubit could be 0 or 1 or a coherent superposition of both according to quantum mechanics. So, a qubit can be 0,1, or both 0 and 1. Quantum computing has been researched for many years now, and will probably be deployed in production environments within a few years. This isn’t speculation of the Star Trek era, this could be real while Donald Trump is President of the United States.
 

As far as cyber attacks are concerned, a lot of data that's breached is still inaccessible to cyber attackers because it's encrypted, it's ciphertext. So, it's not good enough for attackers to just acquire the data, they also have to crack it. Some of the strongest and most complex ciphers can take the computers we have right now decades or longer to crack, making the data pragmatically uncrackable. But cyberwarfare units in countries like China and Russia are well aware that quantum computers will soon be able to easily crack current cryptography, so it's reasonably speculated that they're stockpiling ciphertext acquired through cyber attacks for that very soon reality.
 

But there’s hope for the future. Christopher Mims from the Wall Street Journal writes:

 

“The good news is that many of the smartest mathematicians and cybersecurity experts in the world, employed by Google, Microsoft, IBM and the federal government, as well as many other tech giants, are well aware of the problem and have been cooking up solutions for years.


They’re working on a completely different scheme of encryption, called quantum-safe encryption. This kind of encoding can be achieved by today’s computers, in about the same amount of time that current encryption requires, but it can’t be cracked by conventional or quantum computers, hence the moniker ‘quantum safe.’

 

There are dozens of proposed algorithms for quantum-safe encryption, but the most popular approach, called lattice encryption, works by encoding information in a multidimensional ‘lattice’ of data. Picture a three-dimensional grid of dots, add another hundred or so dimensions, and you get the idea.
 



Above: IBM shows a model of quantum computer at CeBIT 2018. CeBIT is the largest trade fair for information technology in the world.


But before quantum-safe encryption can get everywhere that it needs to be, it must first become an agreed-upon standard, and then developers, companies and government bodies must translate it into code and insert it into countless services and systems.”

 

The National Institute of Standards and Technology (NIST) has been working on a project to create quantum-safe encryption standards since 2016, and their work is expected to be completed by 2022. IBM has been developing lattice-encryption algorithms, and they’ve been submitting their work to the NIST for their consideration of 26 possible quantum-safe algorithms.


Whew! Problem solved, right? Not exactly.

 

NIST’s Dr. Dustin Moody says, “The transition to quantum-safe algorithms won’t happen instantaneously. Even when there are urgent threats, it doesn’t happen as easily and quickly as people would like.”

 

The advent of quantum-safe encryption will highlight the need for organizations to maintain crypto agility. If organizations don’t have a complete inventory of their machine identities, they’ll have a hard time locating them to be replaced for quantum updates. In the event that they need to do so quickly, they will also benefit from an automated solution that can rapidly replace machine identities, virtually on the fly.

 

The world of computing will be revolutionized by quantum technology very soon, and we aren’t completely ready. How well prepared is your organization to support the crypto agility that quantum-safe encryption will require?


Learn more about machine identity protection. Explore now.
 

Related posts

Like this blog? We think you will love this.
graphic of a business man standing on a giant question mark, looking out into the distance
Featured Blog

Post Quantum Cryptography: More Hype than Hazard?

This isn’t a new problem.  

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat