TechGuard Blog

The Quantum Problem

Quantum cryptography or quantum encryption takes advantage of quantum mechanics to encrypt and secure message delivery. It acts similarly to modern-day encryption ciphers like AES or RSA However, when using a quantum computer for cryptography, it can take advantage of quantum’s multiple states and link itself with its “No Change Theory,” which means that it can’t be unknowingly interrupted. The important thing to know is that it can only occur between quantum computers. These machines have immense computing power that they use to encrypt and decrypt data.

 

Why should I care about this new tech?

Currently, most public-key infrastructure (PKI) cryptography is protected with asymmetric encryption. These come in the form of some common acronyms you might know about like RSA, SSL, TLS, and even HTTPS. Most secure websites use these algorithms to encrypt messages securely as they are sent across a public internet backbone mixed with everyone else’s web traffic. These secure communications depend on current traditional computers and the lack of ability to easily factor multi-factor equations. These equations involve extremely large prime numbers that create a lock on the messages because they require so much processing power to decrypt. Once quantum computers become more mainstream those digital keys we use to keep our secrets will be free to be read by anyone who has access to your internet or message traffic. This also includes anyone who has stored your past message traffic as well. 

As you can understand, the countdown to this happening is only a matter of time. It has been speculated that some nation-states are collecting this traffic and storing it to sift through a mountain of readable massages once computers become powerful enough to break modern day ciphers. 

 

Where are we at now?

Right now, the strongest of these ciphers would take supercomputers years to break. Even as computing resources double in processing power every year, breaking the chain of security is not feasible until the far distant future. Two types of encryption are used when sending information across the internet. The first method used to initiate a connection to the other end of the world is asymmetric key encryption. This is usually the first phone call to initiate the call to an unknown source. A good example is RSA encryption, which is used to secure the TLS key exchanges required when connecting to a secure HTTPS website. RSA-4096 is debatably the strongest asymmetric encryption right now. Breaking RSA 2048, a less secure version, would take a traditional computer around 300 trillion years. 

After that connection is made, symmetric algorithms are used to send both the information and the keys that are used to maintain secure communication from end to end. AES, or Advanced Encryption Standard, is currently considered the “Gold Standard” and is used by the US government and NIST-certified systems for symmetric encryption. These algorithms are typically used to send the actual information and maintain a secure connection. Breaking AES would take over a billion years right now.

 

The problem and the future

Symmetric encryption, or more specifically AES-256, is believed to be quantum-resistant. That means that quantum computers are not expected to be able to reduce the attack time enough to be effective if the key sizes are large enough. The problem is that A quantum computer could crack a cipher that uses the RSA algorithms almost immediately. This leaves the common two-part PKI system that secures the internet vulnerable. Quantum computing is going to create big problems for the security of our future traffic. However, that same computer that can almost instantaneously crack the most secure asymmetric algorithm, can also be used to create the most secure encryption methods that the world has ever seen by relying on quantum mechanics.

Written by Grant Codak

Grant has over a decade of IT experience spanning a variety of domains with a focus on defensive security. Grant is currently a Cybersecurity Expert at TechGuard Security where he performs a wide variety of proactive security services, including penetration testing. He also holds the following certifications: CISSP, CEH, Security+, Network+, A+, and Metasploit Pro Certified Specialist. Recent responsibilities include, a Senior Web Security Engineer at a Fortune 50 organization along with a variety of application administration roles in security operations. His past project work includes, web tool development as well as firewall and web proxy migrations. Currently at TechGuard Security, Grant conducts audit control assessments, penetration tests, vulnerability assessments and social engineering exercises. Grant ties his knowledge together with his deep understanding of network operations and security architecture to deliver approachable report analysis to clients. Grant is also a nature enthusiast and enjoys mountain biking, hiking and kayaking.