Cyber Insights 2023: The Approaching Cryptopocalypse and Quantum Computing

Cyber Insights from SecurityWeek 2023: Quantum Computing and the Approaching Cryptopocalypse But they are still likely decades away, general-purpose quantum computers are coming closer. It will take substantially less time—possibly less than a decade—for cryptanalytically relevant quantum computers (CRQCs), which would signal the beginning of the cryptopocalypse.

At that moment, the "harvest now, decode later" procedure will be finished, and everyone will be able to view our current PKI-protected data in plaintext. It's called the cryptopocalypse. It is crucial to remember that any PKI-encrypted information already gathered by attackers has already been lost. We can only make an effort to safeguard the future; we are powerless to change the past.

Here, we'll look at the why, what, and how of ourneed to be ready for that cryptopocalypse, but before we do, let's make sure we all agree on a few definitions.

CRQC: A quantum computer that can execute Shor's algorithm and break the PKI encryption in use today.

The Cryptopocalypse is the moment when the availability of CRQCs makes it possible to decrypt the data that is now encrypted.

Cryptography that is thought to be CRQC-resistant but cannot be demonstrated to be so is said to as quantum safe.

Quantum secure: Cryptography that cannot be cracked and is CRQC-provably secure.

PQC, or post-quantum cryptography a phrase for cryptography that does not distinguish between "safe" and "secure," but was created for the post-CRQC era.

cryptocurrency apocalypse

The cryptopocalypse will occur when quantum computing becomes powerful enough to use Shor's algorithm to defeat PKI encryption. Anyone with a powerful enough quantum computer would be able to access that data because almost all data is encrypted using public keys when it is being moved between different IT infrastructures and even inside individual infrastructures.

"That implies that all secrets are at risk," says Bryan Ware, CEO of LookingGlass, "including corporate property, banks, intelligence agencies, and nuclear weapons are at risk of losing their secrecy and integrity."

But, this threat exists right now; it won't materialise in the future. It is well knowledge that adversaries will take encrypted data and store it with the goal of decrypting it later. accessthe uncooked data This danger is often as as "harvest now, decode later." When the cryptopocalypse occurs, competitors will still value intellectual property, business ideas, and military secrets.

Rebecca Krauthamer, co-founder and CPO at QuSecure, issues the following warning: "Even if a cryptographically important quantum computer is still years away, the time to start preparing is now."


The only thing we can say for sure is that it most likely won't occur in 2023. That is most likely due to the fact that we do not know with certainty what stage of the development of quantum computing other countries or their intelligence services have reached, and they are unlikely to provide this information. Nonetheless, it is considered that nobody currently possesses a quantum computer that is potent enough to execute Shor's algorithm and decrypt PKI in a respectable amount of time.

These computers may be made available as soon as three to five years from now. Most forecasts state 10 years. Keep in mind that a general-purpose quantum computer, which is more likely to be 20 teraflops, does not necessarily need to be as powerful as one created expressly for Shor.to 30 years from now.

Because a quantum computer's strength stems from the amount of qubits that may be employed, it is challenging to make exact forecasts. The instability of qubits, which necessitates a large number of extra qubits utilised just for error correction, further complicates this. As a result, the total number of qubits required is substantially more than the number of qubits that may be "used" (logical qubits) (physical qubits).

Each logical qubit may require up to 1,000 physical qubits, according to certain theories. This will depend on how well the mistake correction is implemented; this is a hotly debated topic. So, as the number of physical qubits rises and the quantity of physical qubits required for each logical qubit drops, quantum researchers will eventually create a quantum computer that can break PKI. This will take between 1,000 and 2,000 logical qubits, according to estimates.We may examine an announcement made by IBM on November 9, 2022—a new 433 qubit Osprey processor—to add some meat to this skeleton. Along with it, there was a route map.

A key component of what IBM refers to as quantum-centric supercomputing will be System Two. The VP of IBM's quantum adoption and business, Scott Crowder, elaborates: "Quantum-centric supercomputing is the model for how quantum computing will be used in the years to come. It describes a modular architecture and quantum communication designed to increase computational capacity, and it employs hybrid cloud middleware to seamlessly integrate quantum and classical workflows."

The author continued, "We envision a path to near-term, practical quantum advantage — the point when quantum processors will be capable of performing a useful computation, faster, more accurately, or cheaper than using exclusively classical computing — alongside the recent, dramatic improvements in techniques to deal with quantum processor errors."While such forecasts do not provide a definite time frame for the cryptopocalypse, they do demonstrate that it is dangerously close. According to Mike Parkin, senior technical engineer at Vulcan Cyber, "Quantum computing is not, yet, at the point of rendering traditional encryption ineffective, at least that we know of," but it is moving in that direction.

The added risk posed by AI

The threat to present encryption, according to Skip Sanzeri, co-founder and chief operating officer of QuSecure, is not just posed by quantum decoding. The same post-quantum cybersecurity concerns as a cryptographically useful quantum computer are being promised by new methods, he claimed, but they will manifest far sooner. "It's also thought that quantum developments don't necessarily need to directly decipher the encryption used today. A successful attack may be made if they weaken it by recommending or probabilistically discovering some better seeds for a classical procedure (like the sieve) and making that more effective. Speaking of predictions, it's not a leap to believe that someone may discover techniques to crack our encryption that we are not even aware of yet.

Co-founder and CTO of Incrypteon Steve Weston provides a potential example.

QKD

Quantum key distribution (QKD) is a secure method of exchanging encryption keys through fibre using the ideas of quantum physics. Any attempt to access the transmission while it is in this quantum state would disrupt the content because of the nature of quantum physics. Although it doesn't prevent attacks, it ensures that they are immediately obvious so that the key may be destroyed if one is made. A successful QKD makes it possible to send data using the most advanced symmetric encryption. It is believed that current symmetrical techniques are immune to quantum decryption.

One might speculate that key sizes will soon treble, but symmetric encryption, like AES-256, is projected to be quantum aafe, according to Silvio Pappalardo, chief revenue officer of Quintessence Labs.

Quantum encryption is a method of encryption that makes use of Ganesh Subramanya, head of data protection CoE cybersecurity, claims that quantum physics concepts serve as the foundation for data transfer and security at TCS. Information encoded in the quantum state cannot be stolen without the sender being alerted thanks to the extremely high level of security it creates. The SSL and TLS protocols used by traditional cryptography to secure data over the internet have been vulnerable to numerous attacks because an attacker can change the communication between two parties—such as the user's browser and the webpage or application—and deceive them into believing they are still speaking to one another. Quantum encryption makes it impossible to tamper with data in this way, increasing the security of online transactions.

These ideas are used to QKD by John Prisco, a Toshiba partner and the president and CEO of Secure Quantum. He claims that the security of quantum key distribution cannot be emphasised, particularly when used in conjunction with the NIST post-quantum encryption standards (PQC). Defense in depth is regarded as the gold standard in cybersecurity since it uses two completely independent technologies with varied failure modes to provide security. There is no delay duration that is secure against quantum assaults since harvest now decrypt later attacks increase in frequency. The only protection that can be applied right now and ensure a successful defence against harvest now, decrypt later is QKD verified using PQC signature techniques.

Terry Cronin, the VP in charge of the QKD at Toshiba Division concurs with this evaluation. The security required to ensure that a harvest and decrypt assault cannot succeed in obtaining the data can be provided by using quantum key distribution as a component of a hybrid solution to quantum resistance.

Widespread implementation of fiber-based QKD is not possible everywhere due to practical issues. Its initial application will probably be restricted to point-to-point communications between high value sites, such as between offices of significant banks and certain government organisations.

NIST

In order to choose and standardise post-quantum encryption algorithms, NIST launched a competition in 2016. NIST mathematician Dustin Moody at the time stated, "We're aiming to change three NIST cryptography standards and guidelines that would be the most vulnerable to quantum computers." They deal with public key cryptography in the context of encryption, key creation, and digital signatures.

NIST revealed its first four candidates in July 2022. A different contender, the Supersingular Isogeny Key Encapsulation (SIKE) method, was discovered to have already been compromised in August 2022, though. SIKE is made to transfer keys securely over an untrusted network from source to destination. Nevertheless, researchers have shown that the method could be broken in little over an hour using a single traditional Computer.

This exemplifies a challenge that all security experts must overcome. Any encryption algorithm is only safe while it hasn't been broken. Foreign governments won't inform you if they can break an algorithm, but whitehat researchers will. This effectively indicates that the "later" component of "harvest now, decipher later" represents a positive outlook. We think that the encrypted IP that is now being taken cannot be deciphered, but we can't be sure.

But, we are aware that in the not too distant future, quantum computers will undoubtedly be able to decrypt PKI encryption. According to NIST, the problem of more powerful computers can be solved by utilising more powerful algorithms in place of the present weak PKI algorithms.

We shall eventually find ourselves in the same situation.present day We will assume that the post-quantum methods developed by NIST will secure our intellectual property, but we cannot be positive. Keep in mind that a Computer has successfully cracked at least one planned post-quantum algorithm. So, we cannot be positive that the harvest now decode later concept has been defeated even if we convert to a post quantum encryption standard tomorrow that has been authorised by NIST.

One-time pads

The PQC algorithms developed by NIST are "quantum safe," not "quantum secure." Although it cannot be proved, the former is assumed to be secure against quantum decoding (since they are mathematical in nature and susceptible to mathematical decryption). The only way to create "quantum secure" cryptography, which can be demonstrated to be secure, is to take mathematics out of the equation.

Due to its reliance on information security rather than mathematical security, the one-time pad is the only quantum safe cryptography that is currently known. Theoretically speaking, QKD is just as secure because any effort to gain the keys for mathematical decryption might result in the keys being immediately destroyed (preventing them from being usefully decrypted). Already, we have seen thatQKD has issues for wider usage, but it's still unclear whether current technology can produce useful one-time pads.

OTP has always been viewed as being unusable in the internet age because it needs keys that are at least as lengthy as the message being encrypted. Yet, a number of businesses have begun looking into the opportunities presented by new technologies.

Qrypt was founded on the theory that the transmission of encryption keys from source to destination is the source of the quantum danger. You can get rid of the threat if you can avoid having to share the keys. As a result, it created a procedure that enables the simultaneous production of the same quantum random numbers at the source and destination. Genuinely random numbers are called quantum random numbers.created using the principles of quantum mechanics. The same keys may then be generated using these numbers without having to send them over the internet.

There is still a chance to chain the process to give authentic OTP for the keys without necessitating their transmission over the internet since the production of the numbers may be carried out and held until usage. This method yields quantum safe solutions.

A British business called Incrypteon has chosen a different path by incorporating Shannon's information theories into the one-time pad. The science is quite dull, but it is based on Shannon's equivocation from his 1949 publication, Communication Theory of Secrecy Systems. According to Incrypteon, "the notion of complete secrecy is based on statistics and probability." "A coded messageif the adversary's knowledge of the message's content remains the same before and after inspecting the ciphertext and assaulting it with infinite resources, it preserves absolute secrecy.

By ensuring that conditional entropy never equals 0 and employing 'Perpetual Equivocation,' Incrypteon "achieves Perfect Secrecy" using its own unique software. The end result is something that is immediately available and is automatically quantum secure (rather than merely quantum safe).

Helder Figueira, a co-founder, had previously served in the South African Army as an electronic warfare signals officer in charge of a cryptanalysis section. The military is familiar with the ideas behind Shannon's equivocation, and he has long been worried that the commercial market is obliged to adopt encryption that is, by definition, "insecure" since if something cannot be shown to be secure, it must not be.Current developments in tokenization, more notably cloud-based vaultless tokenization safeguarded by immutable servers, might lead to the development of a third and perhaps future solution to the one-time pad.

Another startup in this space is called Rixon. Its main objective is to safeguard personally identifiable information (PII) kept by businesses with a digital presence, although the guiding principles might be easily expanded. No plaintext is stored locally; it is instantly tokenized in the cloud. Moreover, the tokenization engine in the cloud does not keep the plaintext; rather, it just stores the tokenization route for each tokenized letter (for the purpose of comparison, this tokenization route is equivalent to the cryptographic key, but is random for each character).

This serves as the main analogy to the OTP because the "key" is the same.the same message's length. Rixon focuses on tokenizing PII at the moment, but the same idea might be expanded to safeguard high value data in rest, such intellectual property and business plans.