With the advent of quantum computing, one primary concern that has not only troubled researchers but also is of prime importance to the governments all over the world is — will this technology break our ciphers. Does it have the potential to break our current encryption systems and compromise all the private data?
How insecure is my data?
Although we have been advancing in terms of technology, our data is compromised. This compromise happens with every innovation because the innovation feeds on our data. The website Have I Been Pwned, tells you how many times has your personally identifiable information(PII) has been a part of security breaches. There have been some significant security breaches in the year 2019. Let’s have a look:
- In January 2019, ZDnet released that an online casino had leaked data of 108 million bets exposing their customers’ personal information like card details and deposits. It happened because of an Elastic Search that was left unattended without a password. You can read more about it here.
- In May 2019, Security Magazine reported that Canva suffered an online leak of around 139 million user data records.
- In September 2019, 218 million user accounts were hacked from Zynga, the gaming giant who created Farmville.
- On March 11, 2020, The Dutch Government claimed to lose two external hard drives containing personal data of organ donors more than 6.9 Million in number. The hard drives held records from 1998 to 2010.
These threats have been happening from time immemorial. Can Quantum Cryptography be used to curb them? Read on to know more.
Is Quantum Computing a threat too?
The present-day computers and other electronic devices depend on asymmetric or public-key cryptography algorithms to send messages online or encrypt files and documents to submit online. These algorithms use a private key and a public key. Take, for instance, a lockbox and the fact that anybody can post a letter into the box. The lockbox here acts as the public key; anybody can have the public key and encrypt the message using that. On the other hand, only the person who has the key to the lockbox can unlock that. The key here acts as the private key. Only a single person has that key, and only he can open it.
A symmetric key algorithm is like an open lockbox. Anybody can put a message in it, and anybody can read the message from it too, given they have the key to the lockbox.
The keys which are used in these algorithms are generally encrypted and decrypted with the help of “trapdoor” mathematical functions, which are easy to be done in one way but not the other way round. For example, if we have to multiply two numbers 234 and 567, then we can easily calculate the result as 132678, but if we are given 132678, and we are then asked to estimate the two integers which make that up, it will be difficult. The calculations might seem easy for smaller integers. Still, when we consider prime numbers with thousands of digits and then consider their products, then it becomes challenging for a classical computer to compute such integers. It can take time in the order of decades and centuries, to get such a task done.
Some of the popular asymmetric key algorithms include RSA, ECDSA[Elliptic Curve Digital Signature Algorithm]. All of these use mathematical problems which are easy to calculate one way but very hard to reverse engineer.
How is Quantum Computing a threat?
There are currently four algorithms that can solve problems faster than their classical counterparts. Shor’s algorithm is the one that began revolutionizing quantum computing. It can factorize large prime numbers exponentially faster than conventional computers can.
This potential exhibited by quantum computers can very well break popular cryptographic algorithms like RSA, which is very widely used.
What’s the solution?
The basic principle behind the cryptographic algorithms which have stood the test of time is the fact that they make use of the mathematical problems which are hard to reverse engineer. If we can discover such problems in quantum computing such that these problems are hard to reverse engineer even by a quantum computer, then we can somehow say that the future of security is in safe hands. So, how do we know that such a problem even exists? The answer is we don’t.
That is where Quantum Cryptography comes into the picture. Quantum Cryptography is the only proven method to send secret keys over long distances in the post-quantum era when the current cryptographic algorithms will be rendered useless. Quantum cryptography is not the same as Quantum Computing. It is the science which exploits the quantum mechanical properties to perform the cryptographic tasks. One key example which makes use of quantum cryptography is the Quantum Key Distribution.
Quantum Key Distribution(QKD) was first proposed in the 1970s, and in the 1990s, a connection of QKD was first found out with entanglement. Since then, this field has grown at a high rate and is the most developed domain of quantum technology. It is available for 15 years now. QKD makes use of photons to exchange keys over a distance. We might question that an attacker can very well intercept the photons, but they can never be cloned entirely. The significant advantage of QKD is that if someone tries to observe the key generation process, then it will introduce errors revealing any compromise of the network. Thus the algorithm is provably secure because we can measure the properties of a fraction of photons and conclude whether they were being eavesdropped.
Trials of this technology are already being conducted using the optical fibers laid down by the telecommunications companies but lying unused. The scientists used these to send QKD signals over a distance of three hundred kilometers but the practical systems have only been scaled up to a hundred kilometer.
Should I be worried about the security of my data?
For ordinary people, there is not a lot at stake. Most of us use 2048-bit encryptions to conduct our activities online. Even if an intermediary happens to catch hold of such data and decrypt it after 25 years, then not much will be lost.
For governments and health records, if such an attacker can sniff information including the initial key exchange and decrypts it after 25 years, then a lot might be at risk because these entities need to keep their data secure for a more extended period of time. These might also compromise national security as all the messages sent to our embassies or the military in other countries will be compromised too. Thus, governments all over the world are investing in quantum technology.
Who is already ahead in this race?
QKD based products are already being used by banks and governments in Europe though they were not deployed commercially in the United States as of now to any great extent.
Many companies are at the forefront of this research too. Battelle, together with ID Quantique(Geneva), is building a 650-kilometer link between Battelle’s headquarters in Ohio till Washington DC. They also plan to connect major U.S cities, which could exceed 10,000 kilometers. They have already used QKD to protect their network at their headquarters.
China has begun to install the world’s longest quantum-communications network between Beijing and Shanghai which is alone 2000 kilometers in length.
Cambridge Quantum Computing(CQC) has built a four qubit photonics quantum device, Ironbridge, to be used for post-quantum encryption, cached entropy generation for IoT devices, key generation for certificates and quantum watermarking. As of 2019, Ironbridge is the only quantum encryption device that ensures device independence and source certifiability.
In the long run, it will be tough to switch entirely to quantum cryptography based methods because of the enormous amount of data. A more subtle approach could be to adopt a mix of the current cryptographic software along with the post-quantum era technology. There is something called a Tier III solution, which includes the existing software along with QKD based quantum methods (Tier II) with Trusted Nodes that will help to distribute keys and protect data. Tier I, which very secure and very expensive, uses quantum repeaters to transmit keys over longer distances to preserve the highest value data from governments or the military.
Liked the article? Click that 👏 button for 5 seconds and show your ❤️.