THE ROLE OF ENCRYPTION IN ENSURING DATA SECURITY, AND THE IMPACT OF QUANTUM COMPUTING
Digital encryption used in the modern world follows the same broad principles of codes and ciphers used over many centuries, which substituted symbols or numbers for written letters. In effect, today’s encryption takes data that is readable by humans and scrambles it using an algorithm so that it can no longer be understood - until it is decrypted.
Encryption can be defined as a mathematical function using a secret value, known as a key, which encodes data so that only users with access to that key can read the information. It means government organisations can protect sensitive data from the prying eyes of unauthorised parties.
There are two main types of encryption in use today: symmetric and asymmetric. The terms are derived from whether or not the same key is used for encryption and decryption (symmetrical) or not (asymmetrical).
Since the same key is used for symmetric encryption and decryption, highly secure methods are used to transfer the key between sender and recipient. With asymmetric encryption, a public key is used to encrypt data, but a private key is used to decrypt it.
The rise of quantum computing
Understanding the difference between symmetric and asymmetric encryption has become even more important because of the potential threats posed by the rapidly developing field of quantum computing.
While both types of encryption have served to protect data efficiently and effectively against hackers and cyber- criminals, breaches can still occur even in an era of traditional computing. But if quantum computing becomes a reality in the future, that concept may have the power and capabilities to crack encryption much more easily.
However, while symmetric key-based cryptography will stay strong against advanced quantum computing, some asymmetric (or public key) encryption systems will become vulnerable. So what is the difference between symmetric and asymmetric encryption systems, and what does it mean for organisations’ strategies?
In general, symmetric encryption is simpler to implement and faster than asymmetric encryption, and is ideal for protecting stored data (data at rest) from compromise. Additionally, symmetric keys are faster to run than they are in asymmetric cryptography.
In the future quantum computers may have the power to open an asymmetric encryption key with brute force. While it would take a traditional computer millions of years to find the prime factors of a 2,048-bit number, quantum computers could perform the calculation in just minutes.
By contrast, symmetric key cryptographic systems like Advanced Encryption Standard (AES) and IQA20 are known to be resistant to a quantum computing attack if they use a large-enough key size.
McKinsey Digital writes that: “Symmetric encryption protocols, in which the sender and receiver exchange encryption and decryption keys before trading information, are currently assumed to be safe from quantum threats.”
IMPLICATIONS FOR ENCRYPTION STRATEGIES
While predictions for the day on which asymmetric encryption can be deciphered by quantum computers varies, there is already a well-documented risk that organisations could be stealing data for decryption in the future, whether that’s in 10 or 50 years’ time.
This is prompting bodies as varied as the US government and the World Economic Forum (WEF) to advise organisations to take action sooner rather than later to take stock of their position and look into whether they need to upgrade or replace security arrangements for their IT systems.
In fact WEF estimates that more than 20 billion digital devices will need to be upgraded or replaced globally in the next 10-20 years to use quantum-safe cryptography.
It says: “Organizations need to plan and act now for this transition to occur as soon as possible. The longer we postpone the migration to quantum-safe standards, the more data will be at risk. We use cryptography to protect infrastructures, provide trust in electronic transactions and secure digital evidence.
“New cars, airplanes, and critical infrastructures are designed today to be highly connected within digital ecosystems and have expected lifetimes of decades. As our world becomes increasingly more connected and automated, we are becoming more fragile from a cybersecurity perspective.”
Fortunately, there are significant efforts being devoted across the world to develop quantum-safe cryptography. The recommendation is to consider adopting symmetric cryptographic technologies that are quantum-safe, or quantum-ready, and which are designed to withstand future quantum computer threats - such as Asperiq’s encryption platform.
There is, understandably, a global concern about the future threat of quantum computers against cryptographic technology. And it’s clear that some current cryptographic techniques would not remain secure with the development of powerful quantum computers. However, Asperiq cryptographic technologies are quantum-safe, meaning they will withstand future quantum computer threats.
Deciding when and how to act on the risks associated with quantum computing will be a matter for each organisation, the sensitivity of the data that they hold, and the shelf-life that the data is likely to have. Where data breaches have the potential to be life- threatening or otherwise catastrophic, a move to quantum-safe encryption could already be high on organisations’ to-do lists.
