This article in TechCentral.ie is for techies. It describes development of Quantum computers capable of hacking messages encrypted with public key crypto (such as ECC and RSA, but not symmetric methods like AES, 3DES, etc). The article describes the methods deployed today to protect against Quantum hacking. The primary use is to utilize quantum mechanical properties to replace traditional distribution for key pairs. The upshot is that protection against quantum computing systems used to hack into private communications is both costly and fraught with its own vulnerabilities. That said, quantum key distribution systems are available today and financial institutions are likely to be some of its earliest adopters. The entire article is here, while my favorite bits from it are below:
“Here is how encryption works on “traditional” computers: binary digits (0’s and 1’s) are systematically sent from one place to another, and then deciphered with a symmetric (private) or asymmetric (public) key. Symmetric key ciphers like Advanced Encryption Standard (AES) use the same key for encrypting a message or file, while asymmetric ciphers like RSA use two linked keys — private and public. The public key is shared, but the private key is kept secret to decrypt the information.
Yet public-key cryptography protocols like Diffie-Hellman, RSA and elliptic-curve cryptography (ECC), which survive on the basis that they rely on large prime numbers that are hard to factor, are increasingly under threat. Many in industry believe they can be circumvented by endpoint or side channel attacks like man-in-the-middle, cipher attacks, and backdoors. As examples of this fragility, RSA-1024 is no longer regarded as safe by NIS, while side-channel attacks have been proven effective up to RSA-40963.
Furthermore, the worry is that this situation will only get worse with quantum computers. Believed to be anywhere from five to 20 years away, quantum computers will potentially be able to quick-factor prime numbers. When this happens, every enciphered communication dependent on public key encryption (using asymmetric keys) will be broken.
“Quantum computers are unlikely to crack symmetric methods (AES, 3DES, etc), but are likely to crack public methods, such as ECC and RSA,” says Bill Buchanan, professor in the School of Computing at Edinburgh Napier University in Scotland. “The Internet has often overcome problems in cracking within an increase in key sizes, so I do expect a ramp up in key sizes to extend the shelf life for RSA and ECC.”
Could quantum encryption be the long-term solution?”
It next dives into the theory of quantum cryptography before diving into the specifics of quantum key distribution and the implications:
“Alan Woodward, a visiting professor at the University of Surrey’s department of computing, says that quantum encryption is misunderstood, and people actually mean quantum key distribution (QKD), an “information-theoretically-secure solution to the key exchange problem.” With QKD, photons distributed at the microscopic quantum scale can be horizontal or vertically polarised, but “observing it or measuring it disturbs the quantum state.” This, says Woodward, is based on the ‘no cloning theorem’ in quantum physics.
“By looking at the degree errors you will see that it has been disturbed, so you won’t trust the message,” says Woodward, adding that once you have got the key, you can revert to symmetric key encryption. QKD is then ultimately about replacing public key infrastructure (PKI).
Buchanan sees a huge potential for QKD: “We currently do not properly secure communications at a physical level from end-to-end delivery. With Wi-Fi, the security is only provided through the wireless channel. To keep communications secure, we then overlay other tunnelling methods onto the communications, such as with a VPN or with SSL. With quantum encryption we could secure the complete end-to-end connection, without the need for SSL or a VPN.”
As Woodward notes, QKD is already available commercially, from vendors like Toshiba, Qubitekk and ID Quantique. Yet QKD continues to be expensive and requires independent infrastructure, unlike post quantum encryption that can run over pre-existing networks.
This is where China has “stolen a march” in bringing QKD to the market. Earlier this year, Austrian and Chinese scientists managed to conduct the first quantum encrypted video call, making it “at least a million times safer” than conventional encryption. In the experiment, the Chinese leveraged its Chinese satellite Mikaeus—specifically launched for conducting quantum physics experiments – and used entangled pairs from Vienna to Beijing at key rates of up to 1Mbps.
Woodward says that anything that uses public key encryption could use QKD, and one of the reasons the Chinese might be interested in it is if they believe it is physically secure, safeguarding them from NSA and nation states. “There can be no backdoors, no clever mathematical trick,” he says, citing the elliptical curve attack. “This relies on laws of physics, which are much simpler than the laws of mathematics.”
Ultimately, he expects it will be used in government, banking, and other high-end applications. “Several companies sell equipment today and it works, but it is expensive, but costs could come down. People will probably see it for high security things like banking and government to start with.””
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the full story here