How Quantum Computing Can Better Protect Your Data
Bringing the power of quantum encryption to the cloud, we take a look at the emerging technology that’s changing how we protect our data.
News of data breaches and hacking attempts seems to happen daily. As hackers and the tools they use become better at breaking passwords and decrypting data, some have anticipated the increased threats that quantum computing solutions can provide and the opportunities of quantum encryption to address them.
With companies embracing hybrid and fully remote working models, resulting in vast amounts of data being shared daily, companies are also interested in quantum’s potential to protect data in the cloud. Here is how we’re thinking about this emerging technology at Megaport.
- What is quantum computing?
- Why today’s encryption won’t work forever
- Quantum cryptography: a game changer for both sides
- Application to securing cloud data
What is quantum computing?
Quantum computing was first imagined in the 1980s; it’s a rapidly emerging technology that harnesses the laws of quantum mechanics to solve problems too complex for classical computers or even supercomputers. Where classical computing power has relied on the binary system of 1s or 0s, quantum computing runs on systems of interconnected Qubits that can have quantum properties such as being both 0s and 1s.
When problems are complex and consist of many variables, today’s supercomputers can falter or take a very long time to process. The potential of quantum computing is its ability to run certain complex calculations and solve complex problems quickly, as the quantum computer can model and explore many possibilities at once.
Why today’s encryption won’t work forever
Encryption has always been a necessary and important part of securing companies’ data. As vulnerabilities are exposed, hackers take advantage of them to attack and gain access to data, and companies in turn work to address the vulnerabilities. When a new technology emerges with the potential to drastically change the system, both sides scramble to adjust. In recent years, cloud computing has changed how companies share and store their data, requiring new approaches to cybersecurity.
Today, many companies use encryption to keep web traffic hidden from prying eyes using Hypertext Transfer Protocol Secure (HTTPS), which has slowly made its way onto nearly every website. Companies also use encryption to keep their data secure so that even if they lose it via a data breach, leak, or accidental exposure, the data itself would still need to be decrypted to be exploited. Examples of public key cryptography algorithms include Rivest, Shamir, Adelman (RSA) and Elliptic Curve Cryptography, which work well against today’s threats, though not necessarily future ones.
Quantum cryptography: a game changer for both sides
While current quantum computers do not have the capability to break cryptography schemes like RSA yet, it’s important to work proactively to protect your company’s data for the future, for a few reasons:
- A hacker could store encrypted data today and decrypt it when they gain access to a quantum computer (also known as a “harvest now, decrypt later” attack).
- Product lifetime might overlap with the availability of quantum computers, and updating systems takes time. This refers to hardware devices with a long lifespan that use secure boot applications and rely on digital signatures.
- Quantum computing capabilities could be obtained by hacker groups and then shared broadly, as we saw with Ransomware as a Service. This is a very real possibility, as several organizations have already connected a quantum computer to the cloud.
To address the threat of current cryptographic methods becoming obsolete, researchers are actively developing solutions. It’s a bit of a “building the plane while flying it” scenario, in that the new encryption standards are being built by today’s computers while seeking to protect against tomorrow’s quantum systems.
Fortunately, there has been progress: National Institute of Standards and Technology (NIST) has announced four new quantum-resistant cryptographic algorithms, which are considered post-quantum safe. They will be part of NIST’s post-quantum cryptographic standard, which is expected to be finalized within two years.
In addition to responding to the threat of quantum computing with better classical algorithms, there is quantum cryptography – an example of which is quantum key distribution (QKD). This secure communication method is being researched as an alternative to RSA and makes it possible to transmit a secret key from one user to another, provided the dedicated network infrastructure exists. A benefit of using quantum is that you know if a key has been intercepted.
Application to securing cloud data
Companies using cloud computing today know that they need to secure their data. There’s more to it than that, however, as today’s IP traffic also includes keys that are shared between the sender and receiver and are embedded in the data. A hacker could use a quantum computer to decrypt the key and then the data, leaving it ready to leak or sell.
One way companies could keep cloud data secure against quantum computing is to securely transmit data using a clean key that has been previously shared. In this scenario, the pre-shared key is combined with API call data to reconstruct it at each endpoint. Taking the keys entirely out of the traffic pattern adds an additional layer of security and ensures that the data is safe from a “harvest now, decrypt later” attack. This kind of key generation provides the practical benefits of QKD without the dedicated infrastructure – it can be enabled as a service over the cloud.
In addition, using quantum random number generation to generate encryption keys provides the ability to create much more random, and hence stronger, keys that would be more difficult, if not impossible, for classical computers to break.
We have demonstrated both of these solutions at PTC 2023 with Qrypt, a quantum-security-as-a-service company we’re collaborating with to bring quantum security to our solutions.
These are just some of the ideas we’re exploring at Megaport. While our current encryption standards are sufficient for today’s threats, we know that we will need to be ready—and to help our customers prepare—for the day when quantum computing is in hackers’ hands.