Challenging the Status Quo: Quantum-Resistant vs. Quantum-Proof Cryptography
Quantum computing will upend encryption as we know it, making it critical to find post-quantum cryptography solutions. This emerging technology can compute a million calculations simultaneously, whereas a desktop computer works on one. Indeed, a 20-million-qubit computer could break Rivest-Shamir-Adleman (RSA) encryption (based on 2,048-bit numbers) in only eight hours — a feat that is impossible today.
Yet stolen encrypted data can be saved by threat actors, who are just waiting for the capability to decrypt it later. Unfortunately, the National Security Agency (NSA) says quantum cryptography (QC) and quantum key distribution (QKD) are "highly implementation-dependent rather than assured by laws of physics." Moreover, quantum-resistant tools aren't infallible or easy to implement. Explore the differences between quantum-resistant and quantum-proof cryptography and learn how to secure your systems now.
What Does Quantum Resistance Mean?
Quantum resistance refers to algorithms that withstand code-breaking efforts from quantum computers. These cryptographic algorithms are known as quantum-secure, post-quantum or quantum-safe formulas. Unlike current algorithms, quantum-resistant ones have much larger key sizes.
Some cybersecurity tools offer quantum-resistant products. But the Harvard Kennedy School Belfer Center for Science and International Affairs said, "it takes decades to develop quantum-resistant encryption and transition to a new security protocol." Indeed, the National Institute of Standards and Technology (NIST) recently announced four quantum-resistant cryptographic algorithms as part of its post-quantum cryptography standardization project.
However, nearly every device and platform relies on traditional standards. And the more modern public key infrastructure (PKI) took almost two decades to deploy. But quantum resistance doesn't mean quantum proof. Although experts are working on devising and vetting encryption methods resistant to quantum attacks, several barriers remain.
Top Challenges of Quantum-Resistant Encryption
Replacing current cryptographic algorithms with post-quantum algorithms is necessary. But the process is neither simple nor foolproof. Quantum cryptography can reduce threats from sophisticated threat actors, but it still relies on mathematical formulas and credentials.
The barriers to quantum-resistant technology usage include:
- Inability to test resiliency: There isn't a large enough quantum computer to test an algorithm's resiliency to a quantum attack. The lack of a sufficient machine means developers can't prove the formula works.
- Processing inefficiencies: Many factors make quantum cryptography resource intensive, including signature size, public key size and encryption and decryption speed. Slower services may reduce business productivity, at least in the short term.
- Infrastructure cost increases: Quantum-resistant cryptography inefficiencies could lead to higher prices. Existing infrastructure may need upgrading, while monthly internet and cloud services fees may rise.
- Difficulty with integration: According to NIST, quantum-resistant tools like QKD can't "be easily integrated into existing network equipment" and won't work in software or SaaS solutions.
What Is Quantum-Proof Cryptography?
Quantum-proof cryptography goes beyond resistance to attacks. It stops credential theft and unauthorized devices using quantum-proof chaotic information and ephemeral rotating symmetric keys. Unlike algorithm encryption, quantum-proof cryptography eliminates the need for mathematical formulas, stored PKIs and human intervention.
Many people use the terms quantum resistant and quantum proof interchangeably. However, resistant technologies haven't been validated or standardized. Until algorithm encryption testing can be verified, formulas pose security risks. NIST expects a standards draft by 2024, but integrated network, app and software solutions could be several years away. The only quantum-safe options are those that don't require math co-processors and algorithms.
Key Advantages of Quantum-Proof Technology
Algorithms can be reverse engineered, and the human element always increases security vulnerabilities. However, a quantum computer can't exploit authentication tools that don't use algorithms. QWERX uses the chaos theory to generate keys that aren't stored or exchanged, making it an effective solution.
Post-quantum cryptography offers several benefits over quantum-resistant applications, such as:
- Protects data now: Hackers can steal encrypted information today and hold onto it until a later time. Health care, finance and transactional data may retain relevance over years or decades. A post-quantum cryptography solution prevents theft now.
- Works with existing infrastructure: Quantum-resistant crypto tools have limited interoperability, making technology integration difficult. A quantum-proof solution like QWERX is network, cloud and device agnostic.
- Simplifies authentication processes: By removing the human element and automating authentication, devices can connect securely and quickly. End users appreciate the streamlined experience, whereas your IT team can provision devices from a centralized hub: QWERX Enterprise Secure Perimeter (QESP).
Post-Quantum Cryptography: Discover a Future-Proof Solution
With IBM promising a 1,000-qubit quantum computer by 2023, there is little time to waste. It will be too late if businesses wait until threat actors can access quantum computing technology. Crypto-agility can help you defend high-value data today and in a post-quantum computing environment. Contact us to learn more about the quantum-proof cryptography QWERX solution.
Jessica Elliott is a business technology writer specializing in cloud-hosted solutions and cybersecurity. Her work appears in U.S. News, Business.com and Investopedia.
Sources
MIT Technology Review - How a Quantum Computer Could Break 2048-Bit RSA Encryption in 8 Hours
National Security Agency/Central Security Service (NSA) - Quantum Key Distribution (QKD) and Quantum Cryptography (QC)
American Scientist - Is Quantum Computing a Cybersecurity Threat?
Harvard Kennedy School Belfer Center for Science and International Affairs - Quantum Computing and Cybersecurity
National Institute of Standards and Technology (NIST) - NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
News from Science - IBM Promises 1000-Qubit Quantum Computer — a Milestone — by 2023