Embarking on the Era of Quantum Safe: The Protection Shield of Information Security
written by Yilin Chen
At the end of 2022, a team of 24 Chinese scientists released a quantum computing paper claiming to have found a way to break the most commonly used encryption method, the RSA algorithm. This caused a sensation in cybersecurity.
Meanwhile, in the same year, U.S. President Biden officially signed the "Quantum Computing Cybersecurity Preparedness Act," which stated that the U.S. government would vigorously develop quantum information science and begin requiring federal agency systems to transition to Post Quantum Cryptography (PQC) systems.
So, what exactly are quantum computing and Post Quantum Cryptography? Let Chelpis Quantum Tech take you through a journey of understanding.
You might have heard “Quantum chip” or “Quantum computer” from many movies nowadays. Quantum computing is a computational approach that utilizes the principles of quantum mechanics, differing from traditional computing methods. Traditional computing operates with bits, where each bit can represent only two states, 0 or 1. In contrast, quantum computing employs quantum bits, or qubits, which can exist in a superposition of multiple states simultaneously and can also exhibit quantum entanglement.
This unique method of computation grants quantum computing a powerful ability to handle complex problems and process vast amounts of information concurrently, facilitating highly efficient calculations. Consequently, quantum computing is considered a pivotal development direction in the fields of computer science and information technology. Its attributes can be harnessed for intriguing applications. For instance, quantum entanglement can be employed to create correlated qubit pairs, utilized in encrypted communication to prevent unauthorized eavesdroppers from accessing message content.
A quantum computer, therefore, is a computer equipped with quantum computing capabilities. It can manipulate qubits and perform tasks such as parallel processing, quantum search, quantum factorization, and other specialized operations.
Due to its significantly enhanced computational power compared to classical computers, quantum computers have the potential to break commonly used encryption algorithms like RSA. Traditional encryption algorithms are based on the difficulty of solving certain mathematical problems within a reasonable timeframe for classical computers. However, quantum algorithms can find the factors of large numbers in polynomial time, which could lead to the decryption of these encryption methods. In other words, the encryption algorithm we are commonly using now will be cracked by quantum computers in a very short time.
As mentioned earlier, due to the computational power of quantum computers to break traditional encryption algorithms, cryptographers began researching cryptography that can withstand quantum attacks. This led to the development of Post-Quantum Cryptography (PQC). Post-Quantum Cryptography (PQC) is a branch of cryptography with the goal of developing encryption algorithms that can resist attacks from quantum computers, ensuring data security. The development and research of PQC schemes involve various mathematical and cryptographic techniques such as Lattice-Based, Multivariate-Based, and Code-Based approaches. These schemes provide solutions to counter quantum computer attacks by leveraging the complexity of different mathematical problems.
Unlike quantum computing, PQC algorithms are based on algorithms and protocols that can run and execute on traditional computer systems, including mobile phones, laptops, and more. However, implementing PQC may require adhering to specific security protocols and practices to ensure the security of keys and the confidentiality of data. Additionally, as PQC research and development progress, the market may witness the emergence of specialized hardware (such as post-quantum chips) or software/hardware products with PQC capabilities, offering more efficient and secure computational capabilities.
Post-Quantum Cryptography: A Quantum-Safe Solution
So why can post-quantum cryptography effectively withstand quantum attacks? Simply put, the foundation of post-quantum cryptography is not based on traditional mathematical problems. Instead, it relies on some difficult-to-solve mathematical problems that are equally challenging for both classical and quantum computers. As a result, quantum computers do not gain a significant advantage when attacking post-quantum cryptography. This makes post-quantum cryptography a feasible solution to counter quantum attacks and safeguard sensitive data for businesses and individuals in the era of quantum computing.
Take the "Harvest-Now, Decrypt-Later Attack" (HNDL, aka. Store-Now Decrypt-Later Attack, SNDL) as an example. This attack involves the attacker collecting relevant information in advance and then using a quantum computer in the future when quantum computing matures to decrypt the data. In other words, while hackers cannot decrypt or decipher the acquired data at present, there is a risk of decryption in the future when quantum computing advances.
PQC effectively addresses this issue. As mentioned earlier, PQC is based on challenging mathematical problems, granting it the ability to withstand attacks from both classical and quantum computers. Thus, even if attackers employ quantum computers for attacks in the future, post-quantum cryptography can still protect the data from being decrypted, providing higher levels of information security.
The research and implementation of PQC requires interdisciplinary collaboration among research institutions, government entities, and private organizations. Businesses and organizations also need to transition their current cryptographic systems to post-quantum cryptography to ensure resilience against future quantum attacks. This upgrade represents a crucial step for businesses to safeguard data and information security and prepare for the threats posed by future quantum computers.
As for how businesses can initiate preparations for quantum-safe upgrades, we recommend starting with the following steps:
1. System inventory and risk assessment
2. System analysis
3. Strategy formulation and implementation plan
4. Testing and verification
We will be releasing more quantum safe migration guides and articles in the future to enable organizations and businesses to carry out quantum safe migration plans more effectively and efficiently.