Proactively
Quantum™

“Black Swan” of Data Security

QKD surely has its niche amongst the fundamental building blocks of cryptography and set to cause a cataclysmic upheaval in the world of cryptography. QKD is a ‘Black Swan’ of Data Security.

Link copied successfully.

We produce 2.5 exabytes of data every day. We are at the limits of the data processing power of traditional computers and the data just keeps growing. That’s why there’s a race from the biggest leaders in the industry to be the first to launch a viable quantum computer that would be exponentially more powerful than today’s computers to process all the data we generate every single day and solve increasingly complex problems. these quantum computers will be able to complete calculations within seconds that would take today’s computers thousands of years to calculate.

Today, Google has a quantum computer they claim is 100 million times faster than any of today’s systems. That will be critical if we are going to be able to process the monumental amount of data we generate and solve very complex problems. The key to success is to translate our real-world problems into quantum language.

The promise is that quantum computers will allow for quick analysis and integration of our enormous data sets which will improve and transform our machine learning and artificial intelligence capabilities.

Many people worry that quantum computers will be able to crack certain codes used to send secure messages. The codes in question encrypt data using “trapdoor” mathematical functions that work easily in one direction but not in the other. That makes encrypting data easy but decoding it hugely difficult without the help of a special key.

These encryption systems have never been unbreakable. Instead, their security is based on the huge amount of time it would take for a classical computer to do the job. Modern encryption methods are specifically designed so that decoding them would take so long they are practically unbreakable. But quantum computers change this thinking. These machines are far more powerful than classical computers and should be able to break these codes with ease.  

Thanks to the work of Craig Gidney at Google in Santa Barbara and Martin Ekerå at the KTH Royal Institute of Technology in Stockholm, Sweden. These guys have found a more efficient way for quantum computers to perform the code-breaking calculations, reducing the resources they require by orders of magnitude.

 

Consequently, these machines are significantly closer to reality than anyone suspected. The result will make uncomfortable reading for governments, military and security organizations, banks, and anyone else who needs to secure data for 25 years or longer.

A new study shows that quantum technology will catch up with today’s encryption standards much sooner than expected. That should worry anybody who needs to store data securely for 25 years or so – MIT Technology Review

 

Cryptosystems are designed to cope with the worst case scenarios: a adversary with infinite computing resources, can get access to plaintext/ciphertext pairs (and thus could study the relationship between each pair) and knows the encryption and decryption algorithms, so can choose plaintext or ciphertext values at will. The only element not accessible to this adversary is the secret key, and thus the security of a cryptosystem depends solely on the security of the key. This is a long-standing design philosophy first enunciated by Auguste Kerckhoff in 1883 which states:

“The security of a cryptosystem must not depend on keeping secret the crypto- algorithm. The security depends only on keeping secret the key”. 

Today’s encryption (secret) keys are highly vulnerable due to many reasons such as weak randomness, advances to CPU power, new attack strategies, emergence of new algorithms such as Shor’s which when run on Quantum simulators or Quantum computers will ultimately render much of today's encryption unsafe.  A particular concern is that data encrypted today can be intercepted and stored for decryption by quantum computers in the future.  

In 1977, a seminal article on public key cryptography in Scientific American estimated that it would take 40 quadrillion years to crack a message asymmetrically encrypted with the RSA-129 cipher. In actuality, it was cracked less than 20 years later, within six short months, by using a distributed network of computers.

Quantum safe technology needs to be adopted to safeguard the hacking of encryption keys.  A technology that can address the practical difficulties such as generating long, truly random keys, distributing the keys to recipients, sender and receiver to be totally synchronized to make sure that the same keys are used for the same message, and ensuring keys are never reused. 

 

Quantum key distribution (QKD) is one such technology that addresses all of the above mentioned challenges. QKD is a key establishment and distribution protocol which creates a shared symmetric key material by using quantum properties of light to transfer information from Alice to Bob in a manner that will highlight any eavesdropping by an adversary.   This can be used to derive a key, and the resultant key material can then be used to encrypt plaintext using a one time pad encryption or using AES to provide unconditional security.  QKD is especially good at creating long random keys from a short input – key extension functionality which could be invaluable for OTPs.  

QKD is simply another weapon in the cryptographer’s tool box, albeit a potentially powerful one with the potential to address very specific application requirements.

Interesting applications of QKD - Following are some of the potential application of using Quantum nature of secret keys to address some of the important problems of the industry:

  1. Quantum safe authentication - Quantum token is   used to authenticate a person and to provide access control across the organisation
  2. Secure ‘Data in Transit’ between Enterprise Server and   Data Centres  - Uncompromised encryption keys generated and distributed between the two entities ensuring absence of eavesdropping
  3. Securing ‘Data at Rest’ at the Private Cloud or Public Clouds – Enterprises can generate and use their own unconditionally secure keys to encrypt their data in the cloud ensuring full control on their data
  4. Secure ATMs – All the confidential information such as PIN etc. from the ATMs is transmitted to the bank encrypted using QKD 
  5. Security against anti-skimming – Quantum secret is used to encrypt the PIN 
  6. Securing online banking – Replacing TAN with Quantum TAN
  7. Securing against Cardholder Not Present (CNP) fraud - Keys are not available to an attacker via phishing or key logging, and the transaction details encrypted via a one time pad cannot be retrieved by unauthorized actors.

If QKD is used in carefully selected applications, alongside existing classical cryptography, then great benefits can be derived by deployment of this technology. 

 QKD surely has  its niche amongst the fundamental building blocks of cryptography  and set to cause a cataclysmic upheaval in the world of cryptography.  QKD is a ‘Black Swan’ of Data Security. 

Powered by Froala Editor