Are you storing up trouble today for a future when hackers have access to quantum computing and new decryption capabilities? Bad actors could be harvesting securely encrypted data today, as an investment for when quantum computing enables them to decrypt it and use it in the future. That’s why organisations should be identifying the risks now and another reason why keeping the doors firmly locked against today’s cyber attacks is vital.
Widely used public-key encryption systems, which rely on mathematics that even today’s fastest computers find impossible to solve, ensure websites, messages and data stay secure from unwelcome third parties. However, with quantum computing on the horizon, there is the very real possibility that some types of encryption could be cracked wide open in a matter of hours in the not too distant future.
The very different technology used by quantum computers, could solve the maths problems used for some of today’s encryption systems so much more quickly than current computers, that it would allow hackers to easily defeat current security capabilities. While you may think you have lots more pressing issues to think about now and worries about future cyber hacking can surely be placed on the pile marked ‘Fix tomorrow… or the next day’. Unfortunately that’s not the case.
Are you creating problems for the future?
The problem is that bad actors taking a long term view could harvest encrypted data today and keep it untouched until they have the decryption capabilities provided by quantum computing sometime in the future. In 5 or 10 years time a lot of current data will be out of date, and its exposure could be mildly embarrassing, however, there will be plenty of data that is still pertinent. Plans of infrastructure and system designs, financial, personnel and medical records all have long term value with the possibility for enabling criminals to cause mayhem, damage and fraud well into the future. And while data flows grow exponentially each year, and data storage is not infinite, intelligent adversaries will pick and choose what encrypted data is worth keeping.
Leaving the door open to cyber attacks today could be storing up catastrophic problems and even existential threats for decades to come. What’s worse is that you might not even know that your data has been breached as the perpetrators could take no immediately visible actions, lulling you into a false sense of security.
Creating new protections for the quantum age
In July, 2022 the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced that it had chosen the first group of encryption tools designed to protect against assaults utilising the power of future quantum computers. These emerged from a call out in 2016 to the world’s academic and commercial cryptographers to devise encryption methods that could resist future attacks. 82 entries from 25 countries were submitted. Four winning methods and a further four backup approaches were selected.
The CRYSTALS-Kyber algorithm was selected for general encryption, such as that used when accessing secure websites. NIST has selected three further algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+ for digital signatures, which are needed to verify identities during digital transactions or to sign documents remotely. More details on the algorithms and the selection processes are detailed on the NIST website.
Combatting the ‘harvest today, decrypt tomorrow’ attacks
It’s comforting to know that the likes of NIST are working to secure our futures, but cyber criminals, with plans to harvest data now then decrypt it in the future using the enhanced power of quantum computers, are effectively attacking your communications and systems today. With these sort of evolving threats to the cyber landscape, it is vital to apply the most stringent cyber security standards and methods currently available. With this in mind, it’s good practice to work with companies (such as Armour) who have a long term, vested interest, in protecting their customers, and who have a holistic view of security, from “secure by design” to “secure by default”.
When quantum computing is with us, it’s likely that a hybrid approach to encryption will be best. Instead of replacing existing encryption, retaining the currently used algorithms and topping these up with quantum age methods will deliver the highest levels of protection. Investments in today’s security and encryption will pay double dividends – protection from data harvesting today and as part of a belt and braces approach in the future.
For more information on how best to encrypt your data today, watch our short podcast on the differences between AES128 v AES256 bit encryption: https://www.armourcomms.com/2021/02/15/aes128-and-aes-256-encryption-v-quantum-computing/
NIST algorithm selections: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions