January 11, 2021

‘Harvest now, decrypt later’ and the Quantum Revolution

QNu Labs

Today, a huge amount of stolen information is lying in foreign databases. They are ready to be exposed in the next few years with the imminent arrival of quantum computers. It’s time for governments and enterprises to step up. They need to be quantum-ready and develop a cryptoagility strategy.

With the acceleration in digital transformation, there is an increase in likelihood of data breaches. Today, nations are developing smart cities, autonomous cars and other edge devices where the vulnerabilities can open up at many points. We live in a world where codes run power plants, industries and more. But this kind of digital transitioning demands upgradation of data security too.

Data is a critical part of digitization; nation-state hackers pose a threat to the best of cybersecurity systems since they can steal vital information, including drug blueprints, government confidential information, banks’ sensitive data, enterprise R&D information and nuclear blueprints.

Cybercriminals are continuously finding ways to incorporate sensitive information in their networks across the globe. Hackers working for China, Iran, Russia, North Korea and other nations are spying and stealing data and harvesting them for the future.

Some of the attacks which we can relate in the past are where the data is really sensitive are:

USA escalating online attacks on Russia’s power grid,

Stuxnext worm on Iranian nuclear facilities.

In the battles of cybersecurity and cybercriminals, the game changer is coming in the form of quantum computers which can break the conventional cryptography in no time. Any encryption which is built on mathematical complexities (which include RSA, DSA, ECDH and other variants of ciphers) are highly vulnerable to quantum attacks. Encryption protects everything from sensitive information to operation of power plants, dams, stock markets, defence secrets, governments sensitive data and more. Data tapping is not new. Hackers are motivated to tap the encrypted data and collect substantial amounts of it, while waiting for quantum computers to crack the keys. If hackers are able to crack the encrypted keys, it will be the next “data pandemic”.

Quantum Race of Super Powers

China and US are in the race to develop a quantum computer, which can democratize many industries, particularly in the fields of medicine, AI and scientific modelling. Chinese satellites are using quantum cryptography to secure video conferences between continents. Swiss government is also using quantum key distribution (QKD) to protect its national elections and many such applications.

As tons of data is already sitting on cloud, databases can be exposed any time in the near future using a quantum computer. The estimated time is 2-3 years. Are you ready for the next data pandemic?

What organisations can do to be Quantum Ready

Conduct post-quantum risk assessment

Diagnose infrastructure of your organization

Have Crypto Agility to counter quantum attacks

Ensure your PKI can be migrated to quantum cryptography in no time

Take hybrid approach using quantum and classic crypto solutions

Design quantum-safe infrastructure

Why is quantum cryptography unbreakable?

Quantum Key Distribution (QKD) use photons to send encrypted keys. Hence, theoretically, they are absolutely unbreakable.

Any attempt to eavesdrop will be detected easily and instantly, thereby, triggering preventive steps. In today's time, PKI attacks are virtually undetectable. Hence, by using QKD, attempts of eavesdropping and man-in-the-middle attacks can be detected.

As today’s PKIs are based on mathematical computations, the keys can be easily broken using Shor’s or Grover’s algorithms on quantum computers,. Theoretically, by using QKD, the keys can be made 100% hack-proof and 100% random as well.

Today, protecting data in transit is crucial while PKI lacks in detecting eavesdropping. By using quantum key distribution (QKD), businesses can detect incidents of eavesdropping and, hence, secure data in transit.