• Richard Blech

The Real Quantum (Dimensional) Leap With Post-Quantum Security



The creation of a quantum computer with the right number of qubits would immediately make all digital data (or rather the data that is not already protected by quantum resistant cryptography solutions) insecure by rendering nearly all existing encryption methods obsolete. In the context of cryptographic security, organizations should operate as if a viable quantum computer is imminent and treat it with the same veracity as they would other types of cyber threats that can jeopardize digital security.

THE CURRENT QUANTUM COMPUTING LANDSCAPE

The evolution of quantum computing has accelerated in recent years, so much so that it is expected to have an almost $65 billion global market value by 2030. In addition to academic institutions like MIT and Oxford University, large enterprises have been allocating significant resources to be the first to create a practical quantum computer.

In 2019, Google was the first to create a quantum machine that could solve a problem faster than any existing classical computer; the company has since announced plans to create a practical quantum computer by 2029. Honeywell has stated that its System Model H1, a 10-qubit quantum machine, has achieved a quantum volume of 512, the highest measured on a commercial quantum computer so far.


IBM has also been one of the front runners in quantum computing. Since 2016, when the company first posted a quantum computer on the cloud, it has deployed 30 quantum computing systems. In September of 2020, the company deployed a 65-qubit cloud-based quantum computing system. It has also released a hardware roadmap that details the plans for a 127-qubit processor by the end of this year, a 433-qubit processor in 2022 and a 1,121-qubit processor in 2023.


While there are quantum machines and software with some sophistication, the quantum computer that can break an encryption key created with modern cryptographic solutions has not yet been developed. However, despite prevailing issues, such as the stability and quality of qubits which can be easily disturbed by exterior forces that can disrupt computations, the creation of such a computer is inevitable.

Foreign state entities are also in the quantum computing race. Researchers in China have reported that they have reached quantum supremacy by getting a quantum system to execute in just minutes a calculation that a conventional supercomputer would have needed around 10,000 years to crack. This development from China is concerning for many in cybersecurity sector, as the country, which engaged in years of harvesting Americans’ personal data and is dedicating significant resources to quantum-computing research, represents the single greatest immediate threat to cybersecurity in the United States.

MOST MODERN CRYPTOGRAPHIC SOLUTIONS WILL BE AT RISK

The ease with which a quantum computer will be able to (theoretically) crack modern cryptographic algorithms lies with quantum computer algorithms.

With Shor’s algorithm, a quantum computer could determine the prime factor of a very large number extremely quickly. This means cybercriminals could factor numbers large enough to penetrate all asymmetric cryptosystems, like RSA or SSL/TLS.


Using Grover’s algorithm for a quadratic speed up, a quantum computer could execute a brute force against a cipher in the square root of X amount of time (whereas it would take a classical computer X amount of time to execute the brute force search), severely weakening or breaking symmetric encryption, like AES, as well as some hash algorithms. 128-bit symmetric keys could be broken in almost 264 iterations, while 256-bit symmetric keys would take about 2128 iterations. The only way to protect against this and keep the encryption and hashing intact is to double the sizes of the symmetric key and the hash.

While there are experts who contend that AES-256 will be quantum safe, there is no question that AES-128 will not. The advent of the practical quantum computer will increase cyber vulnerabilities in the many areas of the world that have to rely on AES-128 instead of using AES-256 because of latency and efficiency issues, particularly with IoT and streaming media applications. Having only to contend with legacy cryptographic solutions, it is certain that malicious actors would use quantum computers to wreak literal cyber havoc.

WHAT TO DO WITH QUANTUM COMPUTERS ON THE HORIZON

The National Institute of Standards and Technology has started to update its standards for cryptography so that quantum-vulnerable algorithms, like RSA, are replaced with post-quantum algorithms that can provide protection against attacks from a quantum computer. The testing and selection of the post-quantum algorithms is expected to be completed in a few more years. But organizations should start preparing right now for when they will have to contend with quantum computers:

  • Create an Inventory of Cryptography Solutions. The inventory should be comprehensive, detailing the algorithms used for each application and for what data the public-key cryptography is being utilized. In its report Getting Ready For Post Quantum Cryptography, the NIST provides a list of factors that should be considered to help determine the use characteristics.

  • Devise a migration roadmap. The comprehensive inventory is necessary to help develop a plan for transitioning from legacy cryptographic algorithms to post-quantum algorithms in the IT environment where required.

  • Prioritize Crypto Agility Now to Mitigate Risk. Crypto agility can help an organization facilitate modifications to the cryptography even after it has been deployed. It should be incorporated into cybersecurity system design practices to help ensure long term privacy and security.

XSOC’S POST-QUANTUM CRYPTOGRAPHY SOLUTIONS ARE ALREADY HERE

XSOC Corp offers cryptographic solutions that do not need to rely on QKD or the PKI alternative the NIST will provide. In fact, the XSOC Cryptosystem was specifically designed with anticipation of the technology of the future, and with a variable encryption strength that can range from 512 bits to 51,2000 bits, which will safeguard data from attacks from both classical and large-scale quantum computers.


Symmetric encryption keys aren't new. In fact, there really hasn't been much innovation or

focus on symmetric key "content" in a very long time. XSOC Corp is taking symmetric encryption to the next level by concentrating research & development of an entirely new generation of crypto-key formats.


Expanding the horizon for any current manner of symmetric cryptography or algorithm, XSOC CORP has developed the novel concept of "3D Encryption Keys". 3D crypto-keys include Euclidean geometry, sinusoidal wave-forms with variable strength levels, as well as built-in multi-factor authentication as part of the cryptographic key material.


Expanding crypto-keys into higher dimensions also extends the lifespan of virtually every type of

symmetric cryptography, significantly reducing the risks of obsolescence to quantum computing.

3D encryption keys usher in a "geometric" increase in possibilities, enabling a vastly greater potential for encryption-related use-cases and a hyper-portability for secure remote (and long distance) symmetric key exchanges.


XSOC CORP's 3D Encryption Keys and targeted, polynomial, key-sharded symmetric key distribution brings dramatic improvements to the symmetric encryption key to what has always been the weakest link in the chain - the private keys.


At XSOC CORP, we advocate for encrypting the data directly, not just the connection or pipelines through which the data moves (which is protected by asymmetric SSL/TLS). XSOC’s post quantum, minimum 512-bit encryption will continue to protect data when PKI is rendered completely obsolete by quantum computers.


ARE YOUR CRYPTOGRAPHY SOLUTIONS QUANTUM-SAFE?

Even though it may take a little more time before the creation of quantum computers that can pose an actual threat to modern cryptography systems, organizations should be not be complacent. Quantum computing should be viewed as another threat vector that can weaken digital security. Contact one of our representatives to learn how XSOC Corp’s Cryptosystem can help prepare your organization’s cybersecurity defenses for the quantum age.