Data security plays an important role in all aspects of a prospering economy. Encryption is consistently used to provide a reliable mechanism for preventing unauthorized persons from accessing confidential data.
Particularly, encrypted data helps to secure government systems, banking systems, private sector firms, energy systems and many other communication and financial systems across every jurisdiction. However, what impact will the continued rise of quantum computing have on present data security methods and systems?
Classic Data Protection
To date, encryption has been practiced primarily with use of symmetric and asymmetric cryptography (typically in tandem), known as public-key encryption methods (PKI). In short, symmetric encryption uses the same key for encryption and decryption while asymmetric encryption uses a publicly available key for encryption and a privately held key for decryption. When transmitting bulk data, symmetric encryption is preferred because it executes faster. However, in order to offer an extra layer of protection, asymmetric cryptography is typically used to exchange the symmetric key.
Companies endeavouring to provide the highest form of data protection generally favor asymmetric encryption, or asymmetric encryption of the symmetric key, since the two different keys provide an added layer of security. Asymmetric encryption techniques include RSA, DSA and PKCS, while symmetric encryption techniques include AES, Blowfish, DES, and IDEA, among others.
Brute force attacks, which attempt every possible encryption key, provide the most direct way to break encrypted code. However, brute force attacks are ineffective against higher bit encryption keys. For example, AES-128 (symmetric) and RSA 3072-bit (asymmetric) keys provide a 128-bit security level (i.e. a brute force attack would need to try up to 2128 possible keys). A 128-bit security level has thus far been impractical to break using a brute force attack through conventional computing means. However, how will classic data protection techniques fair against quantum computing aided attacks?
Quantum Data Protection
Quantum algorithms have been proposed that may severely diminish the security level of classical data encryption. Grover’s algorithm, for example, is stated to be able to cut the security level in half, reducing a 128-bit security level by classical methods to a 64-bit security level using quantum computers. One solution to the implications of Grover’s algorithm is to simply double the data protection security level, for example by increasing a 128-bit security level to 256-bits.
Shor’s algorithm on the other hand is slated to be the demise of RSA. RSA relies on what is known as the “factoring problem”, that is, the difficulty in factoring two large prime numbers. Shor’s algorithm, using quantum computing, effectively solves the factoring problem by side-stepping the need to test every single value at a time. Using qubits in superposition, quantum computers can perform factoring with much less computational effort, effectively destroying the foundation of the RSA encryption method. Firms currently using RSA may soon need to start re-thinking their data security strategy.
Classical data protection questions aside, the emergence of quantum computing also introduces a more robust encryption method: quantum key distribution (QKD). In a nutshell, QKD works by assessing the quantum state of photons between a sender and receiver. In particular, a sender transmits a quantum key (as photons) through a polarizer (or filter) providing the photons with one of four possible random quantum states. The receiver reads the polarization of each photon using two beam splitters at random. The receiver and sender compare which beam splitter was used for each photon in sequence at the receiving end with the polarization at the sender end, and anything that was read with the wrong beam splitter is discarded. The remaining sequence of bits makes up the key.
QKD provides an extra layer of protection to stop unauthorized reading or copying of the data because any tampering of the photons before being received at the receiver end changes the photons’ state. The changes in photon state introduces errors into the quantum key and alerts the users of the unauthorized access.
Security Boost or Breach?
Quantum computing has the capacity to provide a boost to data security by offering more robust, secure and longer lasting data encryption compared to classical methods. The emergence of this quantum cryptography for wide scale use however is still in the distant future.
Presently, companies should consider increasing their encryption security level as soon as possible in order to avoid unwanted security breaches. For example, data presently encrypted by classic techniques are vulnerable to parties who can gather and store such data for future decryption with quantum computing aided methods. Thus, the mere access to presently encrypted data presents a potentially significant security concern. As an example, encrypted data containing a protected company trade-secret could be collected today and decoded on the future availability of quantum computing methods, effectively destroying the trade secret if the currently used encryption is not secure against future quantum decryption.
Quantum computers will revolutionize data security and will offer unparalleled protection, but breaches of data transitioning from current classical methods to quantum methods is surely to be expected.