Quantum computers and security of today’s cryptographic algorithms

How are confidentiality and security ensured through cryptography? How will the arrival of quantum technology affect us?

Cryptography is fundamental to ensure the confidentiality and security of the data managed by any company, especially in the banking sector. Which is why CaixaBank uses cryptographic protocols to protect communications between customers and the company, guaranteeing that online transactions are secure and protected against potential attacks.

In addition to encrypting data, cryptography is used in other fields, such as authentication, digital signature, and validation of integrity. In short, cryptography in banking acts like a virtual shield that protects the integrity and confidentiality of the financial assets of customers and of the banking infrastructure as a whole. It is for this reason that a paradigm shift like quantum computing requires a reassessment of today’s cryptography.

The quantum threat, how does it affect us?

Advances in quantum computing pose a significant threat to conventional cryptographic systems; in fact, CaixaBank recently joined the Quantum Safe Financial Forum (QSFF), an initiative of Europol’s European Cybercrime Centre to tackle the transition to post-quantum cryptography, or the new data encryption in the entire financial sector, with a special focus on Europe.

Unlike classical systems, quantum computers can do calculations exponentially faster thanks to principles of quantum mechanics, which jeopardises the security of current cryptographic algorithms. One of the biggest fears involves Shor’s algorithm, which would be able to factor large prime numbers and destabilise public key systems like RSA and ECC, used widely in digital security. This quantum threat compels us to rethink the way in which security systems are designed and used, driving the research and development of new cryptographic techniques that are resistant to the computational power of the quantum age.

Shor's algorithm,the cause of our headaches

Shor’s algorithm poses a disruptive threat to conventional cryptography by offering an unprecedented capacity to factor large whole numbers in polynomial time using quantum computing. This algorithm, developed by Peter Shor in 1994, exploits the capacity of quantum bits, or qubits, to represent multiple values simultaneously via superposition, allowing a quantum computer to efficiently explore a broad solution space.

Specifically, Shor’s algorithm is able to factor whole numbers into its component primes, a problem that is inherently difficult for classical computers. The difficulty in solving this problem lies at the heart of RSA and ECC cryptography security, and reducing this difficulty will result in these algorithms no longer being as secure as we thought.

New, more secure cryptographic methods

It’s not all bad news; quantum computing can also provide new and more secure cryptographic methods. Public Quantum Key Distribution (PQKD) is a revolutionary advance in the field of information security that leverages the unique properties of quantum physics to ensure the confidentiality of communications.

Unlike traditional key distribution methods that rely on mathematical algorithms, PQKD uses quantum states to generate cryptographic keys that are invulnerable to quantum computing attacks.

When these keys are transmitted via quantum channels as entangled photons, any interception attempt would disturb the quantum state of the particles, which would be easily detectable. This innovative approach offers inherent security, since its security is based on the fundamental laws of physics, and it opens up new opportunities for protecting sensitive data in an increasingly digital world. Nonetheless, the infrastructure required to transmit and detect quantum photons is costly and complex, which hinders its large-scale implementation for now, though it continues to pose interesting use cases.

What efforts are being made to keep data secure?

It’s clear that we need new cryptographic algorithms  in order to keep our data secure in the face of the approaching quantum computers. These algorithms need to be standardised so everyone is speaking the same language and communication between environments is possible and secure.

To that end, the National Institute of Standards and Technology (NIST) has taken on a leading role in the development of post-quantum cryptographic standards that are resistant to quantum computing attacks. Aware of the increasing threat that quantum computing poses to traditional cryptographic systems, the NIST launched an initiative in 2016 to identify and standardise cryptographic algorithms that are secure in a quantum environment. Since then, the NIST has been rigorously assessing a wide range of proposed post-quantum algorithms, including digital signature schemes, encryption schemes and key exchange protocols.

These assessments consider security, computational efficiency and ease of implementation criteria in an effort to select algorithms that can provide a smooth transition towards post-quantum cryptography in the future.   The advances of the NIST in this field are crucial to ensuring information security in a world that is increasingly influenced by quantum computing, and its work remains a cornerstone in the development of a modern and secure cryptographic system.

What preventive measures can we take?

Given the growing threat that quantum computing poses to information security, companies have to adopt proactive measures to protect themselves and to prepare for a post-quantum cryptographic future. Below, we present some key steps that organisations can take:

 

1. Risk assessment: Companies must undertake risk assessments to understand how quantum computing could impact their digital security infrastructure. This implies identifying critical assets, evaluating existing vulnerabilities and understanding the potential consequences of a quantum attack.
2. Awareness and Training: It is essential to raise staff awareness of the threat posed by quantum computing and of the need to adapt to the new realities of digital security. Providing training in quantum cryptography and raising awareness of best security practices can help to reinforce the organisation’s defences.
3. Implementation of Post-Quantum Cryptography: As the standards of post-quantum cryptography are developed and standardised by organisations such as NIST, companies must be ready to adopt these new algorithms in their digital security systems. This could entail updating infrastructures and migrating towards cryptographic systems that are resistant to quantum computing.
4. Diversification of Cryptographic Keys: To mitigate the risks associated with a potential security compromise from a quantum attack, companies can consider diversifying their cryptographic keys. This requires generating and using multiple cryptographic keys for different applications and systems, thus reducing their exposure to possible attacks.
5. Collaboration and Monitoring Advances: Organisations must stay on top of any advances in the field of quantum cryptography and collaborate with research institutions and government organisations to share knowledge and best practices with regard to digital security. This can help to anticipate and mitigate any emerging threats in an evolving quantum environment.

In short, protection in a quantum environment requires a combination of awareness, preparation and proactive actions by companies. Adopting measures to understand and mitigate the risks associated with quantum computing is essential to guarantee the security and integrity of information in a digital world increasingly influenced by quantum technology.

Crypto-agility, how to get ready for the paradigm shift

Crypto-agility has become a fundamental concept in the context of the arrival of quantum computing, and the need to migrate towards post-quantum cryptography (PQC). The preparation for the transition towards these new protocols involves a series of considerations and actions that organisations must take to guarantee the security of their digital infrastructure. In particular, the need to have an infrastructure that is prepared for the change of algorithms is crucial in this crypto-agility process.

1.  Cryptographic service abstraction: Besides evaluating the current infrastructure, it is essential to consider integrating cryptographic abstractions into the organisation’s applications and systems. This abstraction allows separating the logic from the underlying cryptographic algorithms, thus facilitating the future migration towards new post-quantum cryptographic protocols without affecting the functionality of the applications.
2. Development of a Transition Strategy: Based on an evaluation of the current infrastructure and the integration of cryptographic abstractions, the organisation must develop a transition strategy that defines the proper steps to migrate towards the new security protocols. This can include the implementation of hybrid algorithms that combine classical and post-quantum cryptographic techniques during a period of transition.
3. Updated Policies and Procedures: Crypto-agility not only seeks to update the technological infrastructure, but also to adapt the organisation’s security policies and procedures to reflect changes in cryptographic protocols. This can include a review of policies for managing keys, training staff on new security procedures, and implementing additional security controls.
4. Constant Monitoring and Maintenance: Once the transition to post-quantum protocols is complete, it is fundamental to establish a process of constant monitoring and maintenance to guarantee the effectiveness and security of the new cryptographic infrastructure. This involves constantly watching out for potential vulnerabilities and periodically updating cryptographic algorithms as the technology evolves.

In short, crypto-agility plays a crucial role in how organisations prepare for the arrival of post-quantum protocols and the mitigation of risks associated with quantum computing.

By having an infrastructure that is ready for the change in algorithms, integrating cryptographic abstractions and adopting a mind-set of constant adaptation, organisations can ensure the security and integrity of their information in a constantly evolving digital environment.

New and significant challenges with the arrival of quantum computing

The onset of quantum computing poses significant challenges to digital security, especially in terms of the threat it poses to traditional cryptographic algorithms. The vulnerability of these algorithms to quantum attacks, like Shor’s algorithm, requires a proactive response from organisations.

Crypto-agility provides a key approach for confronting these challenges by allowing for a smooth transition towards safer post-quantum algorithms and by protecting the digital infrastructure against possible vulnerabilities. By assessing and updating our security practices, integrating cryptographic abstractions and staying on top of advances in post-quantum cryptographic standards, we can be ready for the future of digital security. Although the arrival of quantum computing represents a disruptive change, the adoption of crypto-agility allows us to not only confront the current dangers, but also leverage the emerging opportunities in a world of ever-advancing technological progress.