“When you come to the fork in the road, take it.”– Yogi Berra For cryptologists, Yogi Berra’s words have perhaps never rang more true. As a future with quantum computing approaches, our internet and stored secrets are at risk. The tried-and-true encryption mechanisms that we use every day, like Transport Layer Security (TLS) and Virtual Private Networks (VPN), could be cracked and exposed by a hacker equipped with a large enough quantum computer using Shor’s algorithm, a powerful algorithm with exponential speed over classical algorithms. The result?The security algorithms we use today that would take roughly 10 billion years to decrypt could take as little as 10 seconds. To prevent this, it’s imperative that we augment our security protocols, and we have two options to choose from: one using physics as its foundation, or one using math – our figurative fork in the road. To understand how to solve the impending security threats in a quantum era, we need to first understand the fundamentals of our current encryption mechanism. The most commonly used in nearly all internet activities – TLS – is implemented anytime someone performs an online activity involving sensitive information, like logging into a banking app, completing a sale on an online retailer website, or simply checking email. It works by combining the data with a 32-byte key of random 1’s and 0’s in a complicated and specific way so that the data is completely unrecognizable to anyone except for the two end-to-end parties sending and receiving the data. This process is called public key encryption, and currently it leverages a few popular algorithms for key exchange, e.g., Elliptic curve Diffie-Hellman (ECDH) or RSA (each named after cryptologists,) each of which are vulnerable to quantum computers. The data exchange has two steps: the key exchange and the encryption itself. The encryption of the data with a secure key will still be safe, but the delivery of the key to unlock that information (key distribution) will not be secure in the future quantum era.The current state of encryption
To be ready for quantum computers, we need to devise a new method of key distribution, a way to safely deliver the key from one end of the connection to the other.
Option 1: Pre-shared key secrets using physics
Imagine a scenario wherein you and a childhood friend want to share secrets, but can only do so once you each have the same secret passcode in front of you (and there are no phones.) One friend has to come up with a unique passcode, write it down on a piece of paper (while maintaining a copy for themselves,) and then walk it down the block so the other has the same passcode. Once you and your friend have the shared key, you can exchange secrets (encrypted data) that even a quantum computer cannot read.
While walking down the block though, your friend could be vulnerable to the school bully accosting him or her and stealing the passcode, and we can’t let this happen. What if your friend lives across town, and not just down the block? Or even more difficult – in a different country? (And where is that secret decoder ring we got from a box of sugar-coated-sugar cereal we ate as kids?)
In a world where global information transactions are happening nonstop, we need a safe way of delivering keys no matter the distance. Quantum physics can provide a way to securely deliver shared keys quicker and in larger volume, and, most importantly, immune to being intercepted. Using fiber optic cables (like the ones used by telecommunications companies,) special Quantum Key Distribution (QKD) equipment can send tiny particles (or light waves) called photons to each party in the exchange of data. The sequence of the photons encapsulates the identity of the key, a random sequence of 1’s and 0’s that only the intended recipients can receive to construct the key.
Quantum Key Distribution also has a sort of built-in anti-hacker bonus. Because of the no-cloning theorem (which essentially states that by their very nature, photons cannot be cloned,) QKD also renders the identity of the key untouchable by any hacker. If an attacker tried to grab the photons and alter them, it would automatically be detected, and the affected key material would be discarded.
Option 2: Math secrets – the other fork in the road
The other way we could choose to solve the security threats posed by quantum computers is to harness the power of algorithms. Although it’s true the RSA and ECDH algorithms are vulnerable to Shor’s algorithm on a suitable quantum computer, the National Institute of Standards and Technology (NIST) is working to develop replacement algorithms that will be safe from quantum computers as part of its post-quantum cryptography (PQC) efforts. Some are already in the process of being vetted, like ones called McEliece, Saber, Crystals-Kyber, and NTRU.
Each of these algorithms has its own strong and weak points that the NIST is working through. For instance, McEliece is one of the most trusted by virtue of its longstanding resistance to attack, but it is also handicapped by its excessively long public keys that may make it impractical for small devices or web browsing. The other algorithms, especially Saber, run very well on practically any device, but, because they are relatively new, the confidence level in them from cryptographers is still relatively low.
With such a dynamic landscape of ongoing efforts, there is promise that a viable solution will emerge in time to keep our data safe.
Which side of the fork should we take?
The jury is still out. We at Verizon and most of the world rely heavily on e-commerce to sell our products and encryption to communicate via email, messaging, and cellular voice calls.All of these need secure encryption technologies in the coming quantum era. But whether we choose pre-shared keys (implemented by the awesome photon) or algorithms, further leveraging mathematics, our communications software will need updating. And while the post quantum cryptography effort is relatively new, it is not clear which algorithms will withstand scrutiny from the cryptographic community. In the meantime, we continue to peer down each fork in the road to seek the best option to take.
About the author(s)
:
William F. Copeland, Distinguished Engineer, Applied Research Lab, has been building networks for over 20 years and is part of the quantum technologies team at Verizon. He spoke at the 2019 ETSI Quantum Safe Cryptography Workshop, and his group has trialed quantum key generation, quantum key distribution (QKD) over fiber, and is looking at ways to use them to enhance Verizon’s data security.
As an AI language model, I can provide information on the concepts mentioned in the article you provided. However, I don't have access to the specific article itself. I can provide general information on the topics mentioned in the article, such as quantum computing, encryption mechanisms, and key distribution methods. If you have any specific questions or need further clarification on any of these topics, please let me know and I'll be happy to assist you.
Quantum Computing:
Quantum computing is a field of study that focuses on developing computer systems that use quantum bits, or qubits, to perform computations. Unlike classical computers that use bits that can represent either a 0 or a 1, qubits can exist in a superposition of both 0 and 1 states simultaneously. This property allows quantum computers to perform certain calculations much faster than classical computers.
Encryption Mechanisms:
Encryption is the process of converting information into a form that is unreadable to unauthorized individuals. The article mentions two commonly used encryption mechanisms: Transport Layer Security (TLS) and Virtual Private Networks (VPN).
-
Transport Layer Security (TLS): TLS is a cryptographic protocol that provides secure communication over a network. It is widely used to secure internet communications, such as web browsing, email, and online transactions. TLS uses a combination of symmetric and asymmetric encryption algorithms to ensure the confidentiality, integrity, and authenticity of data transmitted between two parties.
-
Virtual Private Networks (VPN): A VPN is a technology that allows users to create a secure and private network connection over a public network, such as the internet. It encrypts the data transmitted between the user's device and the VPN server, ensuring that the data remains confidential and protected from eavesdropping.
Quantum Threat to Encryption:
The article highlights the potential threat that quantum computing poses to current encryption mechanisms. It mentions Shor's algorithm, a powerful algorithm that can efficiently factor large numbers, which is the basis for many encryption algorithms used today, such as RSA and Elliptic Curve Cryptography (ECC). A large enough quantum computer running Shor's algorithm could potentially break these encryption algorithms, compromising the security of encrypted data.
Key Distribution Methods:
To address the threat posed by quantum computers, the article suggests two options for key distribution in a quantum era:
-
Option 1: Pre-shared key secrets using physics: This option involves using Quantum Key Distribution (QKD) to securely deliver shared keys between two parties. QKD utilizes the principles of quantum physics to send photons (tiny particles or light waves) through fiber optic cables to exchange a random sequence of 1's and 0's, which forms the shared key. The no-cloning theorem in quantum physics ensures that any attempt to intercept or alter the photons would be detected, making the key exchange secure.
-
Option 2: Math secrets: The second option involves developing new encryption algorithms that are resistant to attacks from quantum computers. The National Institute of Standards and Technology (NIST) is working on post-quantum cryptography (PQC) efforts to develop replacement algorithms that can withstand attacks from quantum computers. These new algorithms, such as McEliece, Saber, Crystals-Kyber, and NTRU, are being evaluated for their security and practicality.
The article suggests that both options require further research and development to ensure the security of data in the quantum era. The choice between these options is still being explored, and ongoing efforts are being made to find viable solutions to keep data secure.
Please note that the information provided here is based on general knowledge and may not cover all the details mentioned in the specific article you provided. If you have any specific questions or need further information, feel free to ask.
