Is the World Ready for Quantum Computing?
March 23, 2021
According to an article by renowned security author Michael Cobb, the RSA algorithm and elliptic curve cryptography are the most commonly used forms of encryption today. When a message is sent via smartphone or you access a website, it’s more than likely that these algorithms are being executed in the background.
But as cyber threats become more sophisticated and computing technology advances, we must continually assess the efficacy of these solutions. For instance, the advent of quantum computers represents a paradigm shift in processing horsepower that will not only turn the popular encryption algorithms mentioned previously on their heads, but break traditional notions of cybersecurity altogether.
Shor’s Algorithm is an algorithm that runs on quantum computers, and leverages the hardware’s ability to embody many different computational states simultaneously (known as superposition). This allows it to process integers extremely efficiently – integers like those used to generate asymmetric RSA- and ECC-based encryption keys.
“A Shor's attack cannot really be countered by using longer secret keys,” said Thomas Poeppelmann, senior staff engineer of security architecture and cryptography research at Infineon Technologies. “So, at the moment we are mostly concerned with attack by Shor's Algorithm on asymmetric crypto because it's so devastating and because we don't have standardized alternatives available.”
“Fortunately, quantum computers are not here yet.”
The state of quantum computing and the challenges we face
At the moment, the state of quantum computing can be compared with the state of regular computing in the 1940s or 1950s. The computers are massive and extremely costly. They also need to be maintained at a temperature of close to absolute zero, which requires a mechanism called a dilution refrigerator that is only available to Fortune 50 companies like IBM, who unveiled its IBM Q System One at the 2019 Consumer Electronics Show (Figure 1).
Figure 1. The IBM Q System One is a prototype quantum computer unveiled at CES 2019.
To date, quantum computers aren’t exceptionally stable and only produce 50 to 60 qubits (the quantum equivalent of binary bits), where an attack on modern encryption would require several thousand logical, stable Qbits. Poeppelmann says these systems won’t be robust enough for another 10 to 20 years, but when they are, cryptoanalysis will be a concern.
This is largely because the cost of a quantum computer capable of a successful attack against modern encryption will be so high that the systems will likely only be used in very sophisticated cyber actions at first.
“The ramifications can be quite, quite bad,” Poeppelmann said. “So, for example, a hacker could cause a power supply to collapse. If this is controlled by smart devices, tampering of data from the sensors might lead to false measurements, false actions, or false interpretation of data. Manipulation of infrastructure components might really lead to large-scale attacks.”
Can we protect against quantum computing?
But why should we be concerned with the security implications of a technology that is potentially decades out on the time horizon? Firstly, many of the systems they could be used to target – such as those that control the energy grid, manage water supplies, or monitor transportation infrastructure – are being designed today for deployment tomorrow (Figure 2).
Figure 2. Quantum resistance is starting to be required in infrastructure and other systems that will be deployed for a decade or longer.
Second, we really don’t know how advanced certain entities, like national agencies and governments, are in their quantum computing development.
In response, some security experts have started thinking about a quantum-resistant future. The National Institute of Standards and Technology (NIST) recently began the process of “soliciting, evaluating, and standardizing one or more quantum-resistant public-key cryptographic algorithms” through a program called Post-Quantum Cryptography (PQC) Standardization that was essentially an RFP. The final three quantum-resistant algorithm candidates are currently being reviewed by the organization.
Elsewhere, bodies like the European Telecommunications Standards Institute (ETSI) have recommended heretofore obscure encryption schemes like the McEliece cryptosystem, which uses randomization in the encryption process to provide protection against Shor’s algorithm, as candidates for long-term quantum protection (Figure 3).
But candidacy is about as far as anyone has gotten.
Figure 3. The McEliece cryptosystem uses randomization in the encryption process, making it immune to Shor’s algorithm. ETSI has recommended it as a candidate for PQC.
PQC- The new “hope”?
“There are some approaches I think in the EU for standardization and to also define certain certification schemes for something like routers or for IoT devices,” he said. “But at the moment it’s not clear how security standards for smart cities will look. Probably each domain will find their own way of standardizing or requiring security. It seems still a bit unclear how this will be handled.”
Today, most organizations continue to follow NIST recommendations for using basic crypto schemes, though there is currently no guidance on how to use these algorithms interoperably against quantum threats.
In an effort to offer quantum security solutions today, Infineon has ported the 256-bit PQC algorithm “New Hope” onto contactless smart card controllers and implemented a key exchange scheme around it. Poeppelmann said the company wanted to prove it is possible to implement post-quantum crypto on a constrained device that operates off a low power budget.
The company is also working with partners on a next-generation trusted platform module (TPM), FutureTPM, that will contain all of the components necessary to resist quantum attacks (Figure 4).
Figure 4. The FutureTPM project’s goal is to implement PQC resistant algorithms and other components on a commercially deployable and scalable TPM.
In the future, the hope is that these PQC technologies will be to the world of encryption what ECC and RSA are today. How quickly this occurs depends on the arms race between the agitators attempting to use quantum computers with malicious intent, and the security professionals looking to implement resistance to those technologies.