The race to create new cryptographic standards before super-fast quantum computers are built that can rip apart data protected by existing encryption methods isn’t going fast enough, two senior Canadian officials have warned a security conference.
“I think we are already behind,” Scott Jones, deputy chief of IT security at the Communications Security Establishment (CSE), responsible for securing federal information systems, told the fourth annual international workshop on quantum-safe cryptography in Toronto on Monday.
Quantum computing – or more accurately, computers that use quantum mechanics – is not a dream, Jones and others told the conference of business executives, crypto academics, IT companies and government officials. One prediction is there’s a one in seven chance that by 2026 a quantum computer will exist that can break RSA-2048 encryption. It may take longer — or, if there’s an advance, shorter.
“Quantum represents a fundamental change and challenge to encryption for all of us,” Jones said, noting that encrypted transactions are the backbone of security and trust on the Internet.
His comments were backed by David Sabourin, CSE’s manager of cryptographic security, who said that if the 2026 prediction is right “we’re in trouble.” Speaking on a panel of government experts, Sabourin noted the U.S.-based National Institute of Standards and Technology (NIST) will close its call for proposed new and more quantum-secure public key encryption algorithms next year. Then it will take a couple of years of review, which means products that can use new crypto standards might be released in 2025 – and then start to be implemented around the world. So 2026 will be “messy,” he concludes, with organizations rushing to install new solutions.
(For a more detailed look at post-quantum cryptography, see this NIST report)
However, Sabourin, Jones and others said chief information and risk officers can take steps today to start to mitigate the risk. That includes evaluating all organizational data to decide what could be at the greatest risk if encryption is broken and be ready to deploy what will hopefully be quantum-resistant solutions when they are approved. One possible interim solution is using symmetric key encryption rather than public key encryption solutions, Jones said. But it’s expensive and likely could only be used for the most sensitive data.
There’s no need to panic, Sabourin stressed, pointing out that the challenge of quantum computing has been known for some time and that governments, the computing industry and standards organizations (like NIST) have been working on it for some time. And, he noted, the first target of people who have quantum computers will probably be sensitive government information, not corporate or banking data.
CSE is the lead federal agency working on quantum-safe computing solutions for the government.
Briefly, quantum computers take the theory of quantum mechanics to change the world of traditional computation of bits represented by zeros and ones. Instead, a bit can be a zero OR a one. Again, briefly, quantum computing means information could be stored and manipulated at the sub-atomic level.
Quantum offers the potential of huge speed gains in computing that could bring both benefits to science and medicine as well as threaten IT security. The problem quantum computing raises is to data secured with today’s encryption that has to last years if not decades – for example, personal medical information, data required to be held for years by regulations or a any database held by a country’s intelligence services. Merely using a solution with a longer encryption key won’t defeat a quantum computer, at least for public key algorithms. The problem expands as organizations store more data in the cloud, where they may have to rely on the security of a provider. But quantum computers don’t exist yet, so no one is sure products based on new crypto standards could withstand attack.
A number of countries and IT companies around the world are sponsoring research into building a quantum computer, including Canada. The European Union has set aside $1 billion.
Monday’s session was aimed mainly at leaders of companies and government. Sessions today and Wednesday will see more technical proposals discussed on creating standards to meet the problem.
In an interview Jones said CSOs today have ask what information they have that is at risk. “If I take the worst case scenario [a quantum system that can break encryption in 10 years], is there information I am holding that I’m responsible for protecting? Then, what steps do I need to take to protect that. It’s the same quesiton around general cyber security,” he added.
Some governments are already taking action. For example, the conference heard, Germany requires satellites regulated by the country to be able to be reconfigured for quantum-secure solutions.
The conference is organized by the European Telecommunications Standards Institute (ETSI) and the University of Waterloo’s Institute for Quantum Computing.
“This is not a just a nuisance for technical people or mathematicians,” Michele Mosca, the IQC’s co-founder and deputy director told the conference “This is going to seriously compromise the security and integrity of our information assets and core business functions. The business functions you and your customers rely on won’t work – and its not a matter of patching it up in a couple of days.”
There are two ways of mitigating the threat, he said: Deploying conventional quantum-safe cryptography (also called quantum resistant algorithms or post-quantum cryptography), which includes hash-based and lattice-based and symmetric key cryptography solutions; and the yet-to-be built quantum cryptography, which uses the properties of quantum mechanics to establish keys that cannot be broken.
To help risk officers Mosca’s reduced the problem to a mathematical equation, where x is the shelf life of current information, y is the number of years it would take to retool the organization’s existing infrastructure with large scale quantum-safe solution, and z the number of years it will take for a large scale quantum computer to be built.
If x+y is greater than z, the organization has a problem and has to act, he said.
He also added that the threat is serious enough to predict that in the next six to 24 months organizations will be differentiated by whether they have a well-articulated quantum risk management strategy.
Governments and academics aren’t working alone on the problem. So are companies as big as Cisco Systems, Microsoft and Intel, who had representatives on a panel. All said one reason is they need to ensure their companies are able to deliver secure software updates in the future.
It doesn’t matter how far away a quantum computer is, said Brian LaMacchia, director of Microsoft Research’s security and cryptography group – it’s coming. Even if a quantum computer isn’t built, he added, the solutions being worked on will help strengthen IT security.
David McGrew, a fellow in Cisco’s advanced security research group, said one way a CIO can be ready is ensuring it’s organization has an agile infrastructure ready to adopt new encryption solutions.