By leveraging existing networking infrastructure and adding suitable post-quantum key distribution techniques, it is possible to take a “quantum leap” in securing your data.
By: Anand Patil
On October 23, 2019, researchers from Google made an official announcement of a major breakthrough – one that scientists compared to the Wright Brothers’ first flight, or even man’s first moon landing. They said to have achieved Quantum Supremacy, meaning that they had created a Quantum Computer that could perform a calculation that is considered impossible by the classical computers of today. The announcement was a landmark, highlighting the possibilities of Quantum Computing.
The concept of Quantum Computing itself isn’t new. It is a field that has been a point of interest of physicists and computer researchers since the 1980s. Google’s announcement, however, has brought it to the mainstream, and shone a spotlight on the promise that this niche field of innovation holds. Of course, like someone once said, with great power comes with great responsibility, so this field isn’t without complexities.
The Possibilities of Quantum Computing
Quantum Computing is a branch of computer science that is focused on leveraging the principles of quantum physics to develop computer technology. Quantum Computers hold the promise to power major advances in various fields that require complex calculations – from materials science and pharmaceuticals to aerospace and artificial intelligence (AI).
So far, Quantum Computers have been nothing more than fancy laboratory experiments – large and expensive – but they have successfully demonstrated that the underlying principles are sound and have the potential to transform industries and accelerate innovation like never before. This has spurred scientific and industrial interest in this nascent field, giving rise to multiple projects across the world in pursuit of creating a viable, general-use Quantum Computer. That said, it may still be many years before Quantum Computers are commercially and generally available.
So Why Does It Matter Today?
The possibility of Quantum Computers poses a serious challenge to cryptographic algorithms deployed widely today. Today’s key-exchange algorithms, like RSA, Diffie-Hellman, and others, rely on very difficult mathematical problems such as prime factorization for their security, which a Quantum computer would be able to solve much faster than a classical computer.
For example, it would take a classical computer centuries or even longer, to break modern algorithms like DH, RSA-2048 etc. by using brute-force methods. However, given the power and efficiency of quantum machines in calculations such as finding prime factors of large numbers – it may be possible for a quantum computer to break current asymmetric algorithms in a matter of days
So, while the encrypted internet is not at risk at the moment, all that a bad actor has to do is capture the encrypted data today including the initial key exchange, and then wait until a powerful enough quantum computer is available – to decrypt it. This is particularly a problem for organizations that have large amounts of sensitive data that they need to protect over the long term – such as Banks, Governments and Defense agencies.
What Can I Do Now?
For organizations that could be at risk in the future, this is the best time to start evaluating “post-quantum” cryptography. Simply put, this means moving to algorithms and/or keys that are a lot more robust and can withstand a brute-force attack by a quantum computer –i.e. quantum resistant.
The National Institute of Standards and Technology (NIST) in the US is leading the effort towards the standardization of post-quantum secure algorithms. However, given the lengthy process involved, this may take many years to fructify.
An alternative is to use “Quantum Key Distribution” (QKD) techniques with existing algorithms that are considered quantum-safe. This involves using a dedicated optical channel to exchange keys using the quantum properties of photons. Any attempt to “tap” this secure channel will lead to a change in the quantum state of the photon and can be immediately detected – and therefore the key is unhackable. One of the limitations of QKD in this method is the need for a dedicated optical channel that cannot span more than 50km between the two terminals. Of course, this also means that the existing encryption devices or routers should be capable of ingesting such “Quantum-Generated” keys.
Post-Quantum Cryptography and Cisco
Cisco is an active contributor to the efforts to standardize post-quantum algorithms. However, recognizing that an implementable standard may be some years away, there is work ongoing to ensure that organizations are able to implement quantum-resistant encryption techniques in the interim, that leverage existing network devices like routers – which are most commonly used as encryptors.
To start with, a team of veteran technical leaders and cryptography experts from Cisco US – David McGrew, Scott Fluhrer, Lionel Florit and the engineering team in Cisco India lead by Amjad Inamdar and Ramas Rangaswamy developed an API interface called the “Secure Key Import Protocol” – or SKIP – through which Cisco routers can securely ingest keys from an external post-quantum key source. This allows existing Cisco routers to be quantum-ready, with just the addition of an external QKD system. Going forward, this team is working on a way to deliver quantum-safe encryption keys without the need for short-range point-to-point connections.
The advantage of this method is that organizations can integrate post-quantum key sources with existing networking gear in a modular fashion – without the need to replace anything already installed. In this manner, you could create a quantum-ready network for all traffic with minimal effort.
Getting Ready for the Post-Quantum World
Quantum Supremacy is an event which demonstrates that a quantum machine is able to solve a problem that no classical computer can solve in a feasible amount of time. This race has gathered momentum in the recent past with several companies joining the bandwagon, and some even claiming to have achieved it.
There is an unprecedented amount of attention focused on making a commercially viable quantum computer. Many believe it is inevitable, and only a question of time. When it does happen, the currently used cryptography techniques will become vulnerable, and therefore be limited in their security. The good news is, there are methods available to adopt strong encryption techniques that will remain secure even after quantum computers are generally available.
If you are an organization that wants to protect its sensitive data over the long term, you should start to evaluate post-quantum secure encryption techniques today. By leveraging existing networking infrastructure and adding suitable post-quantum key distribution techniques, it is possible to take a “quantum leap” in securing your data.
(The author is Director, Systems Engineering, Cisco India and SAARC and the views expressed in this article are his own)