We’ve all seen the scary stories about how quantum computing will break the secure communications that we take for granted today – but no one can say for sure when, or even if, this will happen. So, should you be worried?
The main threat from quantum computing to data security is that it will break the Diffie-Hellman protocol and thus Transport Layer Security (TLS), which is almost universally used to protect the confidentiality and integrity of data in motion over untrusted networks. (We’ll leave aside blockchains and Web 3.0, as that’s another topic in its own right.)
Quantifying the Risk
Given the significant technical barriers still to be overcome at the very forefront of quantum physics, it looks unlikely that quantum computing will advance to the point where it is a threat to classical cryptography within the next few years; and we will probably get plenty of warning as the necessary scientific breakthroughs gradually bring the possibility within reach.
Nonetheless, organizations should certainly be aware of the quantum computing threat and attempt to quantify the potential risk, bearing in mind that TLS sessions could be captured by an adversary today and then decrypted in the future once they have access to viable quantum computing resources. The following factors should be considered:
- How much of my data is at risk? (which data has the potential to be captured by an adversary)
- How sensitive is that data? (what is the value of the data and the impact if it fell into the wrong hands)
- What is the “lifetime” of my data? (will it still be sensitive when quantum computers are available? This could be in as little as 5-10 years in the worst case, though it could be much longer – no one really knows)
- Where is the threat coming from? (given my company’s business and the nature of the data, who would potentially want to capture it, and what might they do with it?)
- What opportunity do they have to capture the data? (could they gain access to the networks carrying the data?)
- When will they have quantum computing capabilities? (state actors are likely to have access to viable quantum computing resources before organized criminals, who in turn will have access before lone hackers)
For the vast majority of organizations, the risk is likely to be very small today and will only impact particularly sensitive data with a long lifetime. But this risk will change over time, so it should be re-evaluated periodically.
Mitigating the Risk
If you have sensitive data with a very long lifetime today, then you should note the risk of using TLS if there is a possibility of interception. Depending on the capabilities of your adversary, this could mean using more secure networks and/or using different protocols (e.g. IPSec with pre-shared key). Note that the current candidate post-quantum algorithms are still largely unproven and should not be relied upon today.
For everything else, you should start looking at your infrastructure and make sure all relevant communication endpoints are capable of being upgraded to use post-quantum algorithms within a reasonable timeframe (e.g., 3 to 5 years). Avoid buying new solutions that are not upgradeable. Also, be aware of the likely performance hit of using these algorithms.
However, it will likely be another few years before post-quantum algorithms have been standardized and are suitable for production use. Even then, these new algorithms will remain somewhat unproven, and as such it will probably be necessary to use hybrid protocols combining both classical and post-quantum algorithms for a time.
You should also implement a centralized key management system, ensuring all your cryptographic keys are managed in accordance with best practices and giving you the ability to efficiently migrate to post-quantum algorithms when the time comes.
Finally, follow NIST’s activities to keep abreast of developments in the fast-changing world of post-quantum cryptography.
You’re in Safe Hands with Fortanix
Fortanix Data Security Manager (DSM) is an enterprise key management solution with an integrated, software-defined HSM,certified up to FIPS 140-2 Level 3. Fortanix DSM has a modern, flexible architecture and is developed using an agile development methodology, making it the ideal vehicle for supporting the roll-out of quantum-resistant algorithms in the future.