The UK Government recently announced that it plans to invest £100 million in boosting quantum development, with the aim of delivering breakthroughs in pivotal areas including cybersecurity.
The push for quantum technology development is something of an arms race: cybersecurity experts are anticipating ‘Q-Day’, the day on which quantum computing advances to the point that it can break the encryption methods safeguarding most of the internet. In other words, the encryption algorithms fundamental to the security of digital communications, banking applications and all sensitive data could be at risk by anyone in possession of a quantum computer.
To mitigate the threat of Q-Day, preparation is essential. Fortunately, the transition to quantum-secure technologies is ramping up, with efforts to standardise the tools that will safeguard against quantum attacks in the future. Working groups at ETSI, for example, are actively exploring how quantum-safe cryptography standards will logically fit into existing protocols, applications and public-key infrastructures. In fact, standardisation represents the means through which it is possible to consolidate fragmented global research efforts, in pursuit of robust quantum-safe algorithms and associated business practices that will protect the internet and all who rely on it. In short, the development of standards today is critical to ensuring that the cybersecurity industry stays one step ahead of quantum threats of tomorrow.
New quantum era, new threats?
The encryption mechanisms used to protect the network data of today were devised to safeguard against an adversary using a conventional computer. Traditionally, these mechanisms were considered strong enough to guard sensitive data, as these computers are unable to break encryption within a practically useful timeframe. In fact, it would take thousands of years to attempt every possible key combination.
A quantum computer, however, can attempt a ‘brute force’ attack to crack most encryption ciphers, all within a matter of minutes or would use specific algorithms, such as Shor’s algorithm, to efficiently break certain encryption methods like asymmetric encryption (e.g., RSA). Some experts predict Q-Day could be as early as the 2030s, so such a proposition may become a reality. When standard encryption protections become ineffective, all networks could be at risk from attacks. Bad actors could take down mission-critical networks, including power grids and water utility systems, with catastrophic consequences. Financial markets could be targeted for disruption, leading to serious economic instability. Medical infrastructures and research could be hit, resulting in irrecoverable damage to medications, vaccines and other life-saving treatments, seriously inhibiting scientific advancements.
But the risk does not begin with Q-Day. These actors can harvest encrypted data now, bide their time, and then decrypt it at the very moment they have access to a quantum computer. This is why it’s essential that the industry starts protecting mission-critical data against quantum hacking immediately.
Standards: the first step in ensuring the long-term security of digital infrastructures
Preparation is the only way to overcome the risks and subsequent fall-out of quantum hacking. And the starting point for this preparation is standards. Standards provide a blueprint on the architectural parameters for quantum-safe cryptography. This will guarantee compatibility and interoperability, security, and reliability between different systems and technologies, thereby enabling the successful development and safe adoption of quantum technologies for all key industries in the future.
Additionally, the expansion of quantum security through the development of Quantum Key Distribution (QKD) is also proving to be an essential element in terms of staving off the perilous threats associated with Q-Day. QKD enables keys to be established securely over optical links, via the transfer of quantum states. The security of QKD protocols is based on quantum entanglement–or the impossibility of cloning or measuring the unknown quantum states transferred–rather than algorithmic complexity. Recently, there has been remarkable progress in the deployment of quantum technologies in communication infrastructures, with several QKD networks under construction around the world. The high level of current activity in quantum communications means that there is also a clear and pressing need to develop industrial standards for the technology.
ETSI’s Industry Specification Group (ISG) on QKD is leading activities to help deliver on this ambition, by developing common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems, and applications. In turn, it is hoped that the work will drive the adoption of quantum-secure communication technologies in a way that counteracts, or even eliminates, quantum threats.
By employing standards to help keep encrypted data secure, it is possible to preserve the integrity and confidentiality of sensitive corporate assets including intellectual property (IP), government and military secrets, and more. Furthermore, through the use of encrypted data, organisations reduce the risk of exposing highly sensitive information, thereby avoiding costly penalties, protracted lawsuits, a hit to revenues and damaged reputations.
The need for standards in a post-quantum world
In the near future, quantum technology will become so advanced that it can break existing encryption methods and threaten the information systems that make up essential digital services and critical infrastructures. In light of this, post-quantum cryptography standards will be the first port of call to guarantee the resilience of cyber systems and the integrity and confidentiality of information assets. ETSI’s work on standardisation and research on quantum computing is at the forefront of efforts, to help organisations prepare their cybersecurity infrastructures for an unpredictable future and enable them to meet the challenges of a post-quantum world head-on.
About the Author
Issam Toufik is CTO at ETSI. ETSI provides platforms where interested parties come together & collaborate on the development & promotion of standards for Information & Communication Technology (ICT) systems and services, used globally for the benefit of all. ETSI provides members with an open and inclusive environment to support the timely development, ratification and testing of globally applicable standards for ICT-enabled systems, applications and services across all sectors of industry and society.
Featured image: Adobe Stock
