Quantum of encryption
As a theoretical discipline, quantum physics has been around for nearly a century. The first practical application emerged at Bell Labs in 1947 with the invention of the transistor, a technology that relies on quantum principles. The first quantum computer went operational in the mid-1990s, and the technology has improved rapidly since then.
Sometime in the near future, quantum computing could influence the encryption we use on a daily basis. And that may spell changes in how we manage the security of our data. To understand why, we need to review the fundamental differences between traditional and quantum computing.
In traditional computing, information is expressed in terms of the bit, a binary number equal to 0 or 1. Quantum computers work very differently. To begin with, quantum computers use qubits instead of bits. Qubits are represented by two states, |0> and |1>, but those two states can be combined in ways that result in infinite possibilities.
That's an important difference: Each qubit can simultaneously represent all of those potential states. When a mathematical operation is performed on the qubit, the operation is carried out on all of those states at the same time.
As a result, quantum computers can handle algorithms that traditional binary computers simply cannot, no matter how powerful they are. One of the types of algorithms for which a quantum computer is well suited is cracking encryption.
Encryption is the practice of converting information into a code, or cipher, that cannot be read by anyone other than the sender and (hopefully) the recipient. The information is converted into meaningless data through the use of an encryption key, which is a number that the encryption software uses to convert the data. For the recipient to read the information, a decryption key must be used.
This key may be the same as the key used for encryption, in which case it’s symmetrical encryption, or it may be different, which is asymmetrical encryption.
Public-key encryption uses one key that’s known by anyone to encrypt the data and another private key to decrypt it. Public key encryption is considered less secure than symmetrical encryption and isn’t quantum-proof.
Modern computers are good at solving math problems. Encryption and decryption are math problems, but cracking strong encryption is computationally challenging, so much so that the time required to solve the problem can exceed the age of the universe.
Worry at Fort Meade
This emerging encryption challenge has the folks at the U.S. National Security Agency worried. Best known for its electronic surveillance work, the NSA also recommends encryption technologies for the rest of the federal government. The NSA passes along its recommendations to the National Institute for Standards and Technology (NIST), which publishes the Federal Information Processing Standards (FIPS). FIPS are mandatory for the federal government, but in many cases, they serve as best practices for other IT organizations as well.
As the technical director for NSA Capabilities, Neal Ziring is responsible for devising encryption methods that can withstand the abilities of powerful quantum computers that don't yet exist. That's because its encryption solutions need to last. “Getting new hardware into the field takes a long time,” Ziring says. “The hardware has a long lifetime, and so does a lot of the classified data.”
Commercial organizations also need to reckon with emerging encryption challenges. "They should be thinking about where the market is going," Ziring says. "When the markets and the standards bodies get to quantum-resistant encryption, will they be ready?”
Quantum-resistant encryption solutions need to meet current standards and must be implemented in a secure manner. That starts with choosing the right encryption keys. Recall that symmetrical encryption is when the sender and the receiver are using the same key. With symmetrical encryption, the ability to decrypt the information depends on proper key distribution.
The standards approach
According to Ziring, properly keyed symmetric encryption can resist quantum decryption methods. Here are three leading symmetric encryption standards:
- AES (Advanced Encryption Standard) is a widely used form of encryption. AES that uses a 256-bit key is considered quantum-proof. AES 256 encryption is widely used in industry, and is one of the most common methods for encrypting commercial Wi-Fi signals.
- DES (Data Encryption Standard) is a precursor to AES. It is considered less secure than AES in its basic form. With the right techniques, such as encrypting the data multiple times with different keys, it can be secure and quantum-proof.
- The Simon cipher was developed by the NSA for use in hardware environments such as the Internet of Things. There’s a software equivalent called Speck, which is also aimed at IoT devices. These ciphers use variable-length keys and are considered very secure.
The NSA publishes the Commercial National Security Algorithm Suite, which includes a list of encryption algorithms that meet standards for quantum resistance. One popular method is AES 256, which is widely used in commercial applications. However, each type of encryption is best used for specific purposes. The NSA’s FAQ includes recommendations for the proper match-ups.
NIST provides guidance on the selection and implementation of quantum-resistant encryptions in FIPS PUB 140-2, a useful document that covers security requirements for cryptographic modules, key establishment techniques, and recommendations for transitioning to quantum-resistant algorithms and key lengths. If you’re tasked with deploying such encryption methodologies, the NIST guidance is a good place to start. If it’s all over your head, this is a good time to bring in security experts who understand the common techniques and where they may fall short.
Quantum key distribution
Secure key distribution—the digital process by which two systems agree to trust one another—is another hot research area. Currently, the NSA and NIST have recommendations for key distribution using one of three standards outlined in the FAQ mentioned earlier. However, the method that’s probably most secure is quantum key distribution.
Ray Beausoleil is a Hewlett Packard Labs researcher who has done research in quantum mechanics. While increasing the size of encryption keys is an effective security technique, its success depends on being able to increase key sizes faster than the adversary can build a bigger quantum computer. By contrast, quantum key distribution is inherently quantum-resistant because the keys are generated by intrinsically quantum processes.
For example, you can generate a key by randomly setting the spin of quantum particles. (In quantum physics, “spin” doesn’t refer to the motion of the particle, but rather to one of its quantum characteristics.) Because the spin is a random property of each particle, the unique key can be sent over a fiber network where it can be used for decryption.
Unfortunately, quantum key distribution is limited by network size. Currently, networks used for quantum key distribution can have a physical length of no more than 10 kilometers because longer fiber-optic connections result in photon loss due to scattering and absorption, and photon loss can have a significant impact on the time it takes to build the key. It isn’t possible to use the usual fiber-optic repeaters to extend the distance; instead, quantum repeaters—which are not yet available—are need to preserve the quantum information being transmitted across the network.
Making it work
The NSA and NIST have published detailed information on how to use and implement quantum-resistant encryption, and they’ve worked to make it practical for commercial users. The catch is that unless you’re running a system that’s specifically related to national security, the NSA can’t help you set up your quantum-proof encryption.
If your infrastructure is considered important to national security, then the Department of Homeland Security can help, and if it needs to, it can ask the NSA. Likewise, financial institutions can ask for help from the U.S. Treasury Department, which can also request NSA assistance.
In addition, the NSA has the Information Assurance Mission, a website that includes a vast amount of information, available to anyone, on topics ranging from quantum computing to protection of industrial control systems and best practices in fighting destructive malware. (A secure connection is not enabled for non-government users.)
Why you should care
The NSA’s encryption standards are intended for government users who handle classified information, and for commercial entities that may have reasons to use such information, such as government contractors. However, the need for encryption extends far beyond the government’s spheres of influence. Personal and financial data require encryption to protect against data loss during a breach.
While you don’t need to start using quantum-resistant encryption tomorrow, it’s critical to prepare for the day when you will. It's impossible to know exactly when that day will come, but we'll probably see the first requirements for quantum-proof encryption in medical and financial applications. When that happens, we'll know that quantum-proof encryption has become a best practice for most business activities.