Quantum computing stands at the very forefront of the future of the computing landscape. It has the potential to revolutionize the way militaries encrypt data and communicate. These supercomputer-busters promise a new era in computing, but bad actors are already looking for ways to use this advance for cyber-attacks.
In this blog post, we will learn the fundamentals of quantum computing, how quantum computing may be used to circumvent cryptographic algorithms and a discussion of the measures you can take to minimize this new threat.
Quantum Computing Basics
To understand quantum computing, first you must understand some principles of subatomic physics.
Quantum physics seems almost like magic when researchers use its power to create computing solutions. However, subatomic particles behave in a way predictable enough to harness their connections to build machines that put enormous supercomputers to shame.
Quantum computing accomplishes this by harnessing the power of the qubit. Traditional computers work, fundamentally, in binary – a series of 0s and 1s. Qubits are subatomic particles like photons and electrons, and when they are connected, they provide almost unimaginable computing powers with certain fundamental properties: superposition and entanglement.
Superposition refers to the ability of qubits to simultaneously exist in multiple states. Imagine many versions of 1s and 0s existing in the same qubit at the same time, vastly magnifying computing power. Instead of processing one “thing” at a time, with superposition a qubit can process multiple strings at once.
Entanglement is the still-mysterious process of binding one qubit to another, creating a pair that increases computing power exponentially, even across long distances.
The Cryptographic Danger of Quantum Computing
After learning a bit about quantum computing, you may be able to foresee the problem it could cause for cybersecurity in general, and cryptography in particular. Cryptography is essentially complex strings of binary information. Commonly used 256-bit cryptography contains 256 1s and 0s, for example.
To put it in context, a quantum computer with a billion qubits (and remember, these are subatomic particles) can crack an RSA 2,048-bit encryption in just eight hours. While many researchers believe quantum attacks are a few years away, progress in the field is unpredictable and tends to move forward in fits and starts.
With the emergence of quantum computers, current secure public-key algorithms such as RSA and DSA become breakable. The problem with the these algorithms is that their security relies on one of three mathematical problems: integer factorization, discrete logarithm or elliptic curve discrete logarithm.
These problems can be easily solved on large quantum computers. Government agencies, for instance, are planning for the risk mitigation of the current vulnerabilities with the existing cryptographic algorithms. Commercial enterprises should do the same if they house sensitive information like financial or health records.
Quantum-safe cryptographic solutions must be devised sooner rather than later to protect sensitive and classified data from potentially catastrophic breaches. And, while truly quantum-safe cryptography is still on the horizon, you can utilize quantum-resistant technology today to ensure the integrity of classified data and secure operations.
Quantum-Resistant Cryptographic Solutions
The U.S. National Security Agency (NSA) formerly published Suite-B guidelines for commercial cryptographic security. In response to the threat of quantum computing, the NSA has augmented these guidelines with the Commercial National Security Algorithm Suite (CNSA). The military has its own separate set of guidelines.
What does this mean for your data? Below is a comprehensive list of the cryptographic algorithms that should be avoided. Based on the vulnerabilities summarized above, the CNSA is a subset of existing Suite-B:
|
Algorithm |
Usage |
|
RSA 3072 bits + |
Key establishment, Digital signature |
|
Diffie-Hellman(DH) 3072+, group 15-18 |
Key establishment |
|
ECDH with NIST P-384 |
Key establishment |
|
ECDSA with NIST P-384 |
Digital signature |
|
SHA-384 |
Integrity |
|
AES-256 |
Confidentiality |
Due to the vulnerabilities, some algorithms are explicitly removed, and they should NOT be used:
- ECDH and ECDSA with P-256
- SHA1, SHA256
- AES-128
- RSA 2048 (RSA 1024 was disallowed after 2013)
- Diffie-Hellman with 2048-bits key
Products must implement CNSA ciphers listed in the table above and support a functional mode that utilize those ciphers only to be compliant with NSA’s Quantum Resistance guidelines.
Ultra’s Quantum-Resistant Solutions
Ultra has several quantum-resistant solutions to ensure that your organization is compliant with CNSA guidelines.
Our CyberFence solutions offer cyber security protection for edge network devices. They protect data-in-transit via VNP/IPsec encryption and VLAN encryption based on the edge network device’s security needs. CyberFence products support the NSA’s CNSA ciphers, thus meeting all quantum resistance requirements.
Ultra WiFiProtect products are secured Wi-Fi routers developed for government customers. They support the same IPsec/VPN for trusted path communication with external IT elements and HTTPS/TLS based management interface. The IPsec/VPN and web GUI management interfaces are CNSA/Quantum computer resistance compliant.
Quantum computing will only continue to advance, both in capability and availability to bad actors. However, rest assured that there are steps you can take now to create a quantum resistant cryptographic infrastructure that will help ensure your organization’s data remains intact and private.