At XSOC CORP, we have always maintained the necessity of using quantum-safe cryptography and encryption solutions. Quantum computing or more specifically, Cryptographically Relevant Quantum Computers (CRQCs): quantum computers capable of breaking current cryptography, is a disruptor that is poised to have all industries undergo transformation yet again.
However, it is its potential as a tool of those with nefarious purposes that should draw the most attention. The arrival of the quantum computer capable of performing practical applications better and faster than a supercomputer—when quantum supremacy is ultimately achieved—will create a seismic shift in data encryption and will have many organizations’ data in jeopardy.
As alluded to in our previous discussion of quantum computing, organization should approach data security as if post-quantum problem or dilemma is a very real and present threat to data right now. Taking action only when the practical CRQC’s are fully realized, will be too late when there are stark cryptography and cybersecurity implications that can impact the entire nation.
QUANTUM DEVELOPMENTS
Towards the end of 2021, there were a number of publicly disclosed developments that indicated the quantum computing industry made strides closer to the creation of machines that can break the classical cryptography solutions currently in widespread use:
IBM, which released a roadmap for creating a 1,000-qubit machine by 2023, stated that it had created a 127 qubit processor, breaking the 100-qubit barrier.
One newly formed company revealed the creation of a powerful encryption key generator, the world’s first commercial product created solely by a quantum computer.
A quantum computer maker announced that it was begin using barium ions as qubits in order to enhance the accuracy and stability of its quantum computer.
Financial organizations are using cloud-based quantum software for practical business applications, such as to detect anomalies in trading, optimize capital allocation and more.
The development from IBM is of particular note because with its creation of the 127 qubit processor, there is now a quantum computer that is entirely beyond the ability of classical computers to simulate, even if it is still a very far cry from being a machine powerful and sophisticated enough to crack public-key encryption. There are still a number of hurdles to overcome before achieving the ultimate goal, including reaching the requisite number of qubits and using a better method for stabilizing the qubits. However, the mere potential of quantum computing has already been posing a threat and increasing the risk to data security.
QUANTUM COMPUTING, NATION-STATES AND DATA SECURITY
The United States has been bombarded with cyberattacks from various malicious entities, especially in recent years. These threat actors have targeted private and public organizations in the US and the rest of world with seemingly unending and sophisticated ransomware attacks. The perpetrators have included, among others, criminal organizations and foreign-state adversaries.
State-sponsored attacks, particularly those by backed by China, are prevalent. China, which was formally recognized as a major threat to cybersecurity, has also been a major player in quantum computing.
This creates significant concerns about what the country will do in the post-quantum era. In the US, this is such a significant concern that US organizations are forbidden by the federal government from exporting quantum computing technology to certain Chinese companies. For the time being, China appears lag behind only IBM in its efforts to improve quantum computing power.
One of the main reason for the issue is being addressed with such concern is that for China has been harvesting vast amounts of data. And now, according to a report by consultancy firm Booz Allen Hamilton, China is likely to begin stealing encrypted data on a mass scale with the intention of future decryption when the right capabilities are available. It is already believed to be harvesting around 20% of the world’s data. One example of its data-harvesting efforts involves a China-based producer of drones that has been suspected of channeling sensitive data such as PII, critical infrastructure info, facial recognition and more to Chinese intelligence agencies.
China and other nation-states will continue to leverage technologies, including quantum computing, that will help them gain the economic, political and military edge over adversarial nations. For its part, US government is treating the threat of nation-states accessing encrypted data using quantum computing as an active threat and is taking actions to develop resistant cryptography algorithms.
GETTING POST-QUANTUM-READY NOW
As mentioned earlier, quantum computing has many security implications. Organizations should take steps now to prepare now by:
Fundamentally understanding the security risks posed by Cryptographically Relevant Quantum Computers
Reexamining your organization’s cryptographic governance
Determining what is needed to make the organization ready to be crypto-agile
Exercising good cyber hygiene
Staying current with the developments with the quantum security community
The use of Quantum Key Distribution, or QKD, has suggested as a way to combat the threat quantum computing poses to cryptography and data security. However, the NSA has determined that is an impractical and inadequate option for multiple reason:
QKD does not provide means of authentication. When used with symmetric key cryptographic algorithms, QKD does not provide a way to authenticate the origin of the QKD transmission.
The infrastructure is hardware-based and is not agile. Special-use fiber connections or free-space transmitters are needed to implement QKD. It cannot be integrated into software, used as a network service or integrated into existing network equipment, and cannot be easily upgraded or receive security patches.
QKD networks enhances infrastructure costs and insider threat risks. The need for costly secure facilities and the increased insider threat risks is the result of the required use of trusted relays.
Securing and validating QKD is very difficult. The security of QKD relies heavily on specific hardware, which can create security vulnerabilities. Validation is also challenging as it can be difficult to minimize the cryptographic security error to the necessary degree in physical engineering scenarios.
The likelihood of denial of service increases with QKD use. The sensitivity to an eavesdropper as the theoretical basis for QKD security claims also shows that denial of service is a significant risk for QKD.
The NIST has plans to release standardized results for post-quantum cryptography by 2024. Some experts advise that organizations upgrade their current public-key cryptography systems at that time, when the post-quantum cryptography is fully developed and standardized. However, organizations should not have to wait until then to ensure that their digital assets will be safe when there is a viable option already available.
XSOC CORP IS THE POST-QUANTUM SOLUTION TO USE NOW AND IN THE FUTURE
According to the NSA, quantum resistant cryptography makes more financial sense and is easier to maintain than QKD. The family of cryptography and encryption solutions XSOC CORP provides was designed with the future in mind and the knowledge that quantum computing poses a real threat to data security. Organizations do not have to wait for more sophisticated quantum algorithms to arrive to begin integrating quantum-safe cryptography and encryption solutions into their systems.
XSOC provides data security using a symmetric encryption approach in a market that seems to prioritizes less effective solutions, including asymmetric solutions, PKI, SSL/TLS, RSA, etc. XSOC solutions are extensible and can integrated into many of these asymmetric platforms that are vulnerable to post-quantum attacks and can ensure that data continues to remain safe when those platforms fail in a CRQC attack.
As an example of how well using XSOC solutions protects your organization’s data, consider the lengths of the cryptographic keys we use. XSOC Cryptosystem generates keys with 512-bit minimum lengths with entropy sourced from CSPRNG or QRNG. These randomly generated keys are significantly longer than the standard 256-bit minimum key lengths that is widely used today. Moreover, the XSOC encryption key not only contains a variably longer key length, said key is additionally widened as well with random numbers, dynamically within the key with a delimiter and secure key material. Coupled with the ability generate these keys without adversely impacting network performance, our solution is set well apart from the rest of the market. This is especially important as longer key lengths normally correlate to reduced performance and lower efficiency. This is a deficiency that the FIPS-140-2 validated XSOC Cryptosystem has been able to eliminate through optimization and the ability to provide all the necessary modes of operation within a single system.
PROTECT YOUR DATA WITH XSOC CORP
The threats posed by Cryptographically Relevant Quantum Computers in the hands of adversarial nation-states should compel organizations to place a critical lens on not only the recent developments in the quantum computing, but also those that will occur throughout 2022. From a security perspective, the fact that the ability to decrypt using CRQC’s is expected to arrive much sooner than the ability to encrypt with quantum computing, means that data security will require quantum-safe cryptographic solutions well into the future. To learn how to put your organization in the best position to protect its data for current and future threats, get in touch with us to speak with one of our representatives.