The Quantum Dilemma: Rethinking Encryption Strategies

Definition: 

Quantum Computing, first introduced by Richard Feynman in the early 80s, showcases a major leap in computational power and holds immense promise and potential for various industries. Leveraging the principles of quantum mechanics to perform computations, quantum computing is a computing paradigm that uses quantum bits (qubits). Qubits, unlike classical bits, exist simultaneously in multiple states using the concept of superposition.  This property allows quantum computers to process vast amounts of data and perform complex calculations. Another principle, from quantum mechanics, called entanglement, allows qubits to be interconnected so that the state of one qubit instantly influences the state of another qubit, regardless of the distance between them (What Is Quantum Computing? | IBM, 2023)

Potential Impact:

Encryption and cryptography play a crucial role in today’s world of the Internet of Things (IoT). From emails and financial transactions to household devices or even electronic voting systems, all of them require the confidentiality and integrity of the data to be maintained. Quantum computers threaten the main goal of every secure transaction/ communication because these computers can do computations that a conventional computer cannot. Moreover, quantum computers can break the cryptographic keys of the current algorithms by calculating or searching secret keys exhaustively (Vasileios Mavroeidis et al., 2018).  The National Institute of Standards and Technology (NIST) has announced that there is a very high probability that quantum computers will bring an end to the current public key encryption schemes (Mavroeidis et al., 2018). RSA, ECC, and similar traditional encryption methods rely on the difficulty of factoring large numbers or solving discrete logarithm problems to protect sensitive data. However, quantum computers can perform these computations exponentially faster, making these encryption methods vulnerable to attacks. This means that organizations must take appropriate measures to safeguard against the potential threat of quantum computing on widely-used encryption protocols.

Recommendations: 

In 2015, even the National Security Agency (NSA) announced plans to migrate its cryptographic standards to post-quantum cryptography (The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ, n.d.). One of the ways to safeguard communications from quantum computer attacks is the implementation of quantum-resistant cryptographic methods, also known as post-quantum computing (short-term strategy).  Organizations must also assess and upgrade their current encryption protocols to either lattice-based cryptography, hash-based cryptography, multivariate-based cryptography, or code-based cryptography, some of the mathematical-based algorithms that are quantum resistant (mid-term strategy). Moreover, organizations must develop and implement strategies to ensure a smooth transition to quantum-safe systems without disrupting operations. This might involve gradual updates or parallel deployment of quantum-resistant algorithms alongside existing ones. Strengthening overall cybersecurity measures (long-term strategy) to mitigate risks associated with quantum computing which would include regular security assessments, robust encryption key management, and adopting best practices in data protection could also be another way for organizations to protect themselves from cyber-attacks generated by quantum computers.

References: 

What is Quantum Computing? | IBM. (2023). Ibm.com. https://www.ibm.com/topics/quantum-computing 

Vasileios Mavroeidis, Kamer Vishi, Mateusz Dominik Zych, & Audun Jøsang. (2018). The Impact of Quantum Computing on Present Cryptography. International Journal of Advanced Computer Science and Applications9(3). https://doi.org/10.14569/ijacsa.2018.090354 

Mavroeidis, V., Vishi, K., D., M., & Jøsang, A. (2018). The Impact of Quantum Computing on Present Cryptography. International Journal of Advanced Computer Science and Applications9(3). https://doi.org/10.14569/ijacsa.2018.090354 

The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ. (n.d.). https://media.defense.gov/2022/Sep/07/2003071836/-1/-1/0/CSI_CNSA_2.0_FAQ_.PDF 

**  Please note that this executive summary was submitted as a part of the course requirement for Introduction to Information Security Management at Carnegie Mellon University (Fall 2023). 

Comments

Post a Comment

Popular posts from this blog

Zero Trust Architecture in Healthcare Institutions

About: In this executive summary, we discuss the adoption of Zero‐Trust Architecture by an XYZ healthcare organization that currently has a security program in place.  The intent of this summary is to provide a brief overview of what Zero‐Trust is; the benefits to an organization; and the considerations prior to adoption Definition: The National Institute of Standards and Technology (NIST) [1] defines Zero Trust Architecture (ZTA) as a security model and a cybersecurity and system management strategy that has been well coordinated with a baseline understanding of threats that exist both inside and outside the traditional network boundaries. To eliminate implicit trust in any one element, component, node, or service, and instead enforce continuous verification of the operational picture via real-time information from multiple sources, a zero-trust security model follows the concept of ‘never trust and always verify’. A ZTA model protects users, devices, network infrastructure, appli...
Read more