Encryption in the age of quantum computers
Benjamin Lutz
Cloud Architecture & Digital Transformation Specialist | Championing Security & Compliance | Strategic Problem Solver | Development of High-Performance-Teams
The term "quantum computer" has been popping up on the internet for a few years now. Companies such as IBM and Google have recently been reporting more and more breakthroughs in this area. There are already a few quantum computers in laboratories. However, these high-performance computers are still very expensive; for example, the monthly rent for IBM's "Quantum System One" costs €11,621. Work is currently underway to make the whole thing cheaper and suitable for mass production.
It is therefore now time to take a closer look at this topic, as quantum computers are a game changer for all encryption techniques available today. The two widely used encryption algorithms AES and RSA are no longer secure when using a quantum computer. Here are some examples in which the two encryption algorithms are used:
The last point is particularly problematic due to the retention period. Let's imagine that quantum computers become available in the large public clouds within the next 5 years. Let's also assume that quantum-safe encryption technologies will also be available from this time. However, backups sometimes have retention periods of 10 years or more.
In this scenario, the backups from the last 10 years would have to be decrypted and re-encrypted quantum securely. Daily backups for 10 years means restoring and re-encrypting 3650 backups. I doubt that this will be done across the board. It is much more likely that companies will have the "courage to leave a gap" for economic reasons.
Now that we have jointly established that the topic is already relevant today and that the military has a fundamental interest in this technology, it is important to evaluate which protection mechanisms are available today.
The American standardization authority NIST has currently defined 4 quantum-safe encryption mechanisms. These are:
These 4 algorithms are implemented by several software libraries. The choice may depend on the technology stack. The following 3 libraries are promising:
领英推荐
The latter is particularly interesting, as well-known companies such as Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, Microsoft Research, SandboxAQ and softwareQ are collaborating on this library.
However, all the libraries mentioned have something in common and this is the following disclaimer:
? WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. ?
Instead, it is recommended to use quantum-safe encryption in addition to conventional encryption methods. This procedure protects against previously undiscovered vulnerabilities being found in the new procedures. In this case, the data is at least no less protected than before. The NIST standardization team is currently in the 4th round and it will probably not be long before the final algorithms are adopted.
As soon as this has happened and the libraries presented have been put through their paces, they will certainly find their way into the services of the major cloud providers. SaaS providers who also encrypt data must monitor this development very closely and integrate it into their products as soon as the new mechanisms are available in order to continue to protect customer data in the best possible way.
Sources:
Cloud Architecture & Digital Transformation Specialist | Championing Security & Compliance | Strategic Problem Solver | Development of High-Performance-Teams
8 个月I highly recommend this Artikel, since it outlines the timeline: https://www.dhirubhai.net/pulse/cnsa-20-protecting-secret-services-secrets-klaus-haller-dpflf?utm_source=share&utm_medium=member_android&utm_campaign=share_via