The global and independent platform for the SAP community.

IT Security in the Age of Quantum Computing

Alarm among IT security experts: the breakthrough of quantum computers may become a mortal threat to conventional encryption methods. Post-quantum cryptography is the order of the day.
Elmar Eperiesi-Beck, Eperi
December 7, 2017
It Security
avatar
This text has been automatically translated from German to English.

Quantum computers are no longer science fiction. While Europe, the U.S. and China are in a neck-and-neck race to develop the first supercomputer of the 21st century, intelligence agencies are reportedly already working on prototypes to crack secure algorithms today.

Although quantum computers will not replace conventional computers, their use lends itself to scientific and other complex tasks. For example, quantum computers contribute to a significant increase in performance and efficiency in weather forecasts or the calculation of traffic flows. But the new possibilities also create new threats to IT security.

In a few years, quantum computers will be powerful enough to crack encryption methods that are used billions of times a day. First and foremost, the RSA algorithm, which is used in the private sector for bank transfers, card payments, online sales and e-mail encryption.

In the corporate environment, widespread cloud applications such as Office 365, Salesforce and own cloud-based systems are affected. In future, quantum computers could make it easy for hackers to access business-critical data or manipulate software updates via the network - even taking over the entire IT system.

"Already today we have to look for alternatives"

appeals Michele Mosca, a mathematician at the University of Waterloo in Canada, to IT security managers.

Since a quantum computer today can make encrypted data readable even retroactively, companies and organizations should start protecting their data with new encryption methods early on.

Post-quantum cryptography (PQC) offers one possibility for this. Scientific institutes, universities and companies worldwide are already working feverishly on the development of suitable solutions, and in Germany the TU Darmstadt is playing a pioneering role.

The so-called lattice-based, multivariate, code-based, and hash-based encryption methods, which emerged several years ago and cannot be leveraged even by quantum computers, are considered promising candidates.

Among the lattice-based methods, Ring-Tesla, Lara-CPA, and Lara-CCA2 can be mentioned, which offer significantly higher security compared to the RSA algorithm.

Since these methods also enable shorter runtimes for encryption and decryption or for signing and decryption of signatures, they also help to improve the performance of the application.

While the new PQC methods are already increasingly being used in open source applications, the situation is still different in the commercial environment. But what can companies do to protect their data from misuse in the coming quantum computing era and at the same time comply with the increasingly strict data protection laws - keyword EU-DSGVO?

One solution is offered by encryption gateways with customer-side key management, into which the future-oriented PQC algorithms can be integrated as required.

User companies benefit from being able to select precisely the PQC method that is best suited to their requirements. This is because, unlike the RSA algorithm, which works comparatively simply, the new PQC methods have a number of parameters that must be taken into account in each individual case.

Another advantage is that key and access management remains completely in the hands of the user company when using encryption gateways.

All data that leaves the company to be processed or stored in the cloud is encrypted and cannot be read even by unauthorized access - neither by the providers of the applications to be protected nor by the cloud service providers themselves.

avatar
Elmar Eperiesi-Beck, Eperi

Elmar Eperiesi-Beck is founder and CEO of Eperi.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.