IT Security in the Age of Quantum Computing
Quantum computers are no longer science fiction. While Europe, the U.S. and China are in a neck-and-neck race to develop the first supercomputer of the 21st century, intelligence agencies are reportedly already working on prototypes to crack secure algorithms today.
Although quantum computers will not replace conventional computers, their use lends itself to scientific and other complex tasks. For example, quantum computers contribute to a significant increase in performance and efficiency in weather forecasts or the calculation of traffic flows. But the new possibilities also create new threats to IT security.
In a few years, quantum computers will be powerful enough to crack encryption methods that are used billions of times a day. First and foremost, the RSA algorithm, which is used in the private sector for bank transfers, card payments, online sales and e-mail encryption.
In the corporate environment, widespread cloud applications such as Office 365, Salesforce and own cloud-based systems are affected. In future, quantum computers could make it easy for hackers to access business-critical data or manipulate software updates via the network - even taking over the entire IT system.
"Already today we have to look for alternatives"
appeals Michele Mosca, a mathematician at the University of Waterloo in Canada, to IT security managers.
Since a quantum computer today can make encrypted data readable even retroactively, companies and organizations should start protecting their data with new encryption methods early on.
Post-quantum cryptography (PQC) offers one possibility for this. Scientific institutes, universities and companies worldwide are already working feverishly on the development of suitable solutions, and in Germany the TU Darmstadt is playing a pioneering role.
The so-called lattice-based, multivariate, code-based, and hash-based encryption methods, which emerged several years ago and cannot be leveraged even by quantum computers, are considered promising candidates.
Among the lattice-based methods, Ring-Tesla, Lara-CPA, and Lara-CCA2 can be mentioned, which offer significantly higher security compared to the RSA algorithm.
Since these methods also enable shorter runtimes for encryption and decryption or for signing and decryption of signatures, they also help to improve the performance of the application.
While the new PQC methods are already increasingly being used in open source applications, the situation is still different in the commercial environment. But what can companies do to protect their data from misuse in the coming quantum computing era and at the same time comply with the increasingly strict data protection laws - keyword EU-DSGVO?
One solution is offered by encryption gateways with customer-side key management, into which the future-oriented PQC algorithms can be integrated as required.
User companies benefit from being able to select precisely the PQC method that is best suited to their requirements. This is because, unlike the RSA algorithm, which works comparatively simply, the new PQC methods have a number of parameters that must be taken into account in each individual case.
Another advantage is that key and access management remains completely in the hands of the user company when using encryption gateways.
All data that leaves the company to be processed or stored in the cloud is encrypted and cannot be read even by unauthorized access - neither by the providers of the applications to be protected nor by the cloud service providers themselves.