Quantum technologies are expected to unlock transformative opportunities in computing, sensing and communications. At the same time, they introduce unique challenges for current operating practices across government and industry. Perhaps most alarmingly, quantum computers capable of breaking encryption could exist as early as the end of the next decade. Thankfully, we already have a roadmap for protecting sensitive systems and data against this threat. Recognizing the complexity of translating this roadmap into practice, the White...
READ MORE
Quantum technologies are expected to unlock transformative opportunities in computing, sensing and communications. At the same time, they introduce unique challenges for current operating practices across government and industry. Perhaps most alarmingly, quantum computers capable of breaking encryption could exist as early as the end of the next decade. Thankfully, we already have a roadmap for protecting sensitive systems and data against this threat. Recognizing the complexity of translating this roadmap into practice, the White House has initiated several recent executive actions to accelerate whole-of-government preparation for quantum technology capable of disrupting U.S. infrastructure and interests.
In this article, we untangle how quantum technology threatens cybersecurity and outline what organizations can do today to begin protecting sensitive assets against quantum attacks.
The internet relies on multiple cryptographic techniques to meet different information storage and communications needs. Public key (or asymmetric) cryptography has become an especially popular mechanism for encrypting information in the digital age because it sidesteps symmetric cryptographys logistical challenge of sharing a single key. Public key cryptography rests on the assumption that we can effectively secure information behind certain difficult math problems, and it has successfully delivered on that promise since the 1970s. Certain calculations are so computationally onerous that they are practically impossible to solve, even with todays best supercomputers. But quantum technology is changing the rules of the game.
Quantum computers will solve certain types of problems exponentially faster than todays computers, which we call classical computers. But faster is a bit misleading; against certain problem sets, quantum computers enable entirely new capabilities. Some of these are incredibly exciting and offer opportunities to revolutionize public service missions. Others threaten the foundation of modern data protection as they decompose the difficult math problems we rely on for cybersecurity. Quantum changes what constitutes a hard math problem by requiring it to be difficult for both classical and quantum computers. To meet this new standard, the field must identify new cryptographic algorithms. Ultimately, this transition will require organizations to identify and update vulnerable cryptography with quantum-resistant alternatives, referred to as post-quantum cryptography (PQC). The urgency around PQC has grown tremendously in the last year, but weve been headed for this inflection point for a long time.
When we talk about the quantum cyber threat, we often talk about factoring. Factoring is one of the computationally intractable problems enabling public key encryption today. For example, RSA encryption uses factoring to establish a mathematical relationship between a public and private key. Without knowing one of the factors in the published public key, decomposing the large number into its primes is so computationally onerous that we have been able to effectively conceal information behind this calculation for half a century. However, in 1994, Peter Shor demonstrated that this approach would not remain secure forever. Quantum computers can solve these problems efficiently, leaving RSA-encrypted information vulnerable when the quantum hardware necessary to implement Shors algorithm reaches scale.
If weve known about this possibility since the 1990s, what changed to drive the urgency were seeing today? The simplest answer is quantum computing capacity. When Shor developed the algorithm capable of breaking RSA encryption, it was not clear if we would ever have a quantum computer capable of executing it. Today, we know that it is a question of when, not if. The National Institute of Standards and Technology and the Department of Homeland Security warn we could see a quantum computer capable of breaking current encryption methods as early as the end of the next decade. That may sound far away, but those familiar with the complexity of this and other cryptographic transitions know that were up against a challenging timeline to transition to PQC.
PQC refers to the suite of classical algorithms designed to be difficult for both classical and quantum computers. NIST is in the final stages of standardizing these algorithms and NSA has already recommended PQC as our front-line solution for quantum-safe cybersecurity. In parallel, DHS recently published guidance to help federal agencies begin planning for PQC. In January 2022, the White House issued National Security Memorandum VIII (NSM-8) updating Executive Order 14028 to include new PQC transition requirements for national security systems. Additional requirements followed in May 2022, continuing to build momentum for the whole-of-government transition required for post-quantum cybersecurity. The Executive Order on Enhancing the National Quantum Initiative Advisory Committee reinforced the strategic importance of this technology area by establishing that the committee shall now report directly to the President in addition to its previous duties. NSM-10 emphasizes the urgency of PQC transitions by establishing an annual assessment and review cadence to ensure progress in a national quantum-safe cyber posture. NSM-10 also reflects the importance of parallel efforts in the private sector and tasks NIST with creating public-private partnerships to encourage private entities adoption of shared PQC migration standards.
Organizations must start planning their transition today to ensure the appropriate protections are in place for their most sensitive assets before quantum computers capable of breaking public key encryption emerge. NIST suggests that it may be decades before the community replaces most of the vulnerable public-key systems currently in use given the complexity of transitioning to PQC. If we really do see cryptographically relevant quantum computers by the end of the decade, thats time we dont have. NIST also called special attention to the fact that the community cannot expect PQC algorithms to function as drop-in replacements. Every agencys migration will be unique, intensifying the importance of early prototypes to identify PQCs effects on application and network performance. By auditing their cybersecurity infrastructure, organizations can identify vulnerable cryptography and develop comprehensive strategies for prototyping, implementing and maintaining security against both quantum and classical threats.
Jordan Kenyon, PhD is a senior lead scientist at Booz Allen Hamilton. JD Dulny, PhD is a director and serves as Booz Allens firm-wide quantum lead. The Booz Allen quantum team focuses on the science and impact of quantum technologies to client missions.
Read more:
In the quantum era, cybersecurity is a race against the clock - Federal News Network
- Elon Musk weighs in on the encryption wars between Telegram and Signal - Business Insider - May 15th, 2024
- Microsoft to Make BitLocker Encryption the Default in Next Windows 11 Build - ExtremeTech - May 15th, 2024
- Encryption toolkit for media makers: An introduction - Freedom of the Press Foundation - May 15th, 2024
- Which is it, RPD? Shooting, Disorderly, Or Encryption and Lies? - Rockford Scanner - May 15th, 2024
- Windows 11 Will Enable Encryption by Default During Installation - 80.lv - May 15th, 2024
- Apple and encryption services Wire and Proton have provided information on activists at the request of police - GIGAZINE - May 15th, 2024
- End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box - The Register - May 6th, 2024
- Microsoft breaks VPN encryption in Windows 11 and Windows 10 - GB News - May 6th, 2024
- Marriott admits it falsely claimed for five years it was using encryption during 2018 breach - CSO Online - May 6th, 2024
- Marriott admits it wasn't using encryption before major 2018 hack - TechRadar - May 6th, 2024
- WhatsApp could leave India over encryption battle - Rest of World - May 6th, 2024
- Encryption: The Cornerstone Of Cryptocurrencies | MENAFN.COM - MENAFN.COM - May 6th, 2024
- Quantum-proofing passwords and artwork with DNA encryption - Advanced Science News - May 6th, 2024
- News: Encryption and encrypted passwords in the world of blockchain and crypto - Bitfinex - May 6th, 2024
- Banking Encryption Software Market to Reach USD 11.50 Bn by 2029, at a CAGR of 9.2 percent As Revealed In N... - WhaTech - May 6th, 2024
- ETtech Explainer: WhatsApp's standoff with Centre over end-to-end encryption - The Economic Times - May 6th, 2024
- Explained: Why WhatsApp is willing to leave India over encryption - MSN - May 6th, 2024
- The Future of End-to-End Encryption May Get Decided This Week in Nevada | TechPolicy.Press - Tech Policy Press - March 13th, 2024
- What is fully homomorphic encryption and how will it change blockchain? - Blockworks - March 13th, 2024
- Zamas homomorphic encryption tech lands it $73M on a valuation of nearly $400M - TechCrunch - March 13th, 2024
- WhatsApp encryption status might appear at the top of chats - BGR - March 13th, 2024
- TELCLOUD Teams With CyberProtonics to Add Quantum Encryption Security Technology on All POTS Line Phone ... - Business Wire - March 13th, 2024
- WhatsApp Clears Up Confusion Over Encryption With A Handy New Chat Label - Hot Hardware - March 13th, 2024
- WhatsApp Now Offers Encryption Label At The Top Of Your Chat Window: What It Means - News18 - March 13th, 2024
- WhatsApp update: An encryption indicator for chats is in the works, says report - HT Tech - March 13th, 2024
- Navigating an evolving landscape of threats and the rise of the encryption-less data breach - iTWire - March 13th, 2024
- Quantum Cryptography and Encryption Market Size, Growing Demand and Trends 2023 to 2030 - WhaTech - March 13th, 2024
- WhatsApp wants to 'show off' its end-to-end encryption feature to users - The Times of India - March 13th, 2024
- Disk Encryption Software Market Report Probes the Size, Share, Competitive Landscape and Trend Analysis - WhaTech - March 13th, 2024
- Signal President Meredith Whittaker Warns Against Encryption Threats and Tech Accountability Misuse - BNN Breaking - March 5th, 2024
- Shiba Inu Implements State-of-the-Art Encryption to Enhance Privacy & Security for Users and Developers - The Defiant - DeFi News - March 5th, 2024
- NYPD shows no sign of reversing Staten Island police radio encryption, but state legislation could change that - SILive.com - March 5th, 2024
- BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico key can be sniffed when using an ... - Tom's Hardware - February 9th, 2024
- BitLocker's Encryption Is Broken, But It's Still Not Time to Switch - MUO - MakeUseOf - February 9th, 2024
- Breaking Bitlocker: Watch Microsoft's Windows disk encryption being bypassed in just 43 seconds - BetaNews - February 9th, 2024
- Microsoft BitLocker encryption hacked by a cheap off-the-shelf Raspberry Pi Pico - ReadWrite - February 9th, 2024
- Web3 Foundation Announces Grant Funding for Creation of On-Chain Randomness and Timelock Encryption ... - StartupHub.ai - February 9th, 2024
- BitLocker Gets Pi All Over It's Face As A Pico Cracks The Encryption Key - PC Perspective - February 9th, 2024
- The Dawn Of Quantum Computing In Finance: Revolutionizing Data Analysis And Encryption, According To Investor ... - Global Banking And Finance Review - February 9th, 2024
- Cryptographic storage is a secure way to store data using encryption and other security measures. - Medium - February 1st, 2024
- Senator proposes new encryption provision in bill against online child exploitation - The Record from Recorded Future News - February 1st, 2024
- Email Encryption Market is Expected to Reach US$ 20.7 Billion by 2032: IMARC Group - EIN News - February 1st, 2024
- EU: Open letter on security-cloaked threats to encryption - ARTICLE 19 - Article 19 - January 15th, 2024
- Mind Network: Revolutionizing Web3 Security and Privacy with Fully Homomorphic Encryption - BSC NEWS - January 15th, 2024
- What Is Encryption? Definition, How it Works, & Examples - eSecurityPlanet - January 7th, 2024
- What Is Encryption? - Definition, Types & More | Proofpoint US - January 7th, 2024
- Encryption, Its Algorithms And Its Future - GeeksforGeeks - January 7th, 2024
- End-to-end encryption: What it is, how it works, and why you need it - The Indian Express - January 7th, 2024
- What Is Encryption and Why It's Important for Cybersecurity - devmio - January 7th, 2024
- Quantum Quandary: Navigating the Path to Unbreakable Encryption - Security Boulevard - January 7th, 2024
- What is Encryption and how does it work? | OpenText - December 20th, 2023
- The police scanner is fading away due to the move to encryption communication - Kankakee Daily Journal - December 20th, 2023
- EAGLYS, Mitsui, and Quantinuum Partner on Hardened Encryption Keys Using Quantum Computing - Quantum Computing Report - December 20th, 2023
- Meta rolls out default end-to-end encryption for its 1 billion users. Here's what to know - The European Sting - December 20th, 2023
- Messenger finally gets end-to-end encryption by default - The Verge - December 11th, 2023
- Meta Announces End-to-End Encryption by Default in Messenger - EFF - December 11th, 2023
- Why It Took Meta 7 Years to Turn on End-to-End Encryption for All Chats - WIRED - December 11th, 2023
- Meta to expand encryption on Messenger making it similar to WhatsApp - CNBC - December 11th, 2023
- Default end-to-end encryption introduced in Messenger - SC Media - December 11th, 2023
- Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger - The Hacker News - December 11th, 2023
- Encryption: It's Not About Good and Bad Guys, It's About All of Us - Center for European Policy Analysis - December 11th, 2023
- Default end-to-end encryption is finally coming to Messenger and Facebook - Popular Science - December 11th, 2023
- Lack of Encryption the Primary Reason for Sensitive Data Loss - Business Wire - December 11th, 2023
- Facebook Messenger end-to-end encryption is finally here - BGR - December 11th, 2023
- Facebook Messenger Now Uses End-to-End Encryption by Default - How-To Geek - December 11th, 2023
- What does end-to-end encryption on Facebook and Messenger mean for users? - The National - December 11th, 2023
- Meta starts adding controversial encryption to Facebook and Messenger chats - The Independent - December 11th, 2023
- The Quantum Computing Threat to Encryption and Cybersecurity - Medium - December 11th, 2023
- Meta adds end-to-end encryption to Messenger and Facebook. Details here | Mint - Mint - December 11th, 2023
- AI and Quantum Computing Threaten Encryption and Data Security - Security Boulevard - December 11th, 2023
- End-to-end encryption in Facebook Messenger will now work by default - Mezha.Media - December 11th, 2023
- Equiniti Announces Partnership with Beyond Encryption to Strengthen its Secure Digital Communications - Global Banking And Finance Review - November 17th, 2023
- Bluefin, The Payments Fintech Focused On PCI-Validated Encryption And Tokenization Technologies, Partners - Crowdfund Insider - October 27th, 2023
- Cryptography | NIST - National Institute of Standards and Technology - October 16th, 2023
- What Is Encryption? - Internet Society - October 16th, 2023
- How to Encrypt Files, Folders and Drives on Windows | TechSpot - May 3rd, 2023
- What Is Encryption, and How Does It Work? - How-To Geek - May 3rd, 2023
- What Is Encryption? | Definition + How It Works | Norton - January 30th, 2023
- What is PGP Encryption and How Does It Work? - Varonis - January 30th, 2023
- What is Encryption and How Does it Work? - TechTarget - January 22nd, 2023