How will quantum computing influence Public Key Infrastructure?

Mar 3, 2021, 09:02 AM by Riaan De Villiers
Quantum computing could bring a revolution to computing as we know it. Better data analysis, forecasting and pattern matching is just some of the benefits. However, with the benefits come some drawbacks. Will quantum computing destroy information security as we know it?

How will quantum computing influence Public Key Infrastructure?

Quantum computer.
Image source: Dreamtime.

March is PKI month at LAWtrust. this month we will delve into some of the more complicated PKI concepts and bring a LAWtrust perspective.
Today we will look at quantum computing and the possible influence that quantum computing could have on Public Key Infrastructure (PKI).

What is quantum computing?

Traditional computers use bits to perform operations. A bit can be in one of two states, it is either 1 or 0. Quantum computers will use qubits. A qubit can be in many more different states than a traditional bit. These multiple states a qubit can be in is called superposition and it could allow quantum computers to operate much faster than traditional computers. A practical consideration is also that they will use much less power and generate much less heat, which is a problem with today’s computer processing architectures.

Does quantum computing pose a danger to PKI?

The strength of current PKI systems lies in keeping the keys used for encryption and decryption secret. As long as attackers do not know what your keys are, your data is safe.

In an attack called a brute-force attack, attackers could try to guess your key. By checking every possible value, the attacker would be able to guess your key eventually. However, with current technology to guess all possibilities for an RSA key would take hundreds of years making brute-force attacks impractical.

Since quantum computers will be much faster, they can theoretically, guess an RSA key in a matter of hours. Just like Grover’s quantum algorithm can reduce the search space for a symmetric algorithm attack by half, so can Shor’s quantum algorithm greatly reduce the time it takes to guess an asymmetric (PKI) key.

What are some of the real-world implications of quantum computing?

Quantum computers will bring great advancements in data analysis, forecasting and pattern matching. The ability to run highly complex models really quickly could be very useful for financial institutions.

They could speedily identify optimal risk-adjusted portfolios, more precise estimates of credit exposure when developing bond portfolios and many more.

However, with all the advantages from quantum computing, there is still danger to banks if quantum computers can break their current security systems.

What can an organisation do about quantum computing?

There is still must speculating about what the post-quantum world would be like, but organisations can start preparing for when the inevitable comes.

Quantum computing might be the latest technology but to overcome the challenges posed by quantum computing, a simple back to basics approach could be an organisation’s best defense:

  • Create an inventory of cryptographic algorithms used by your organisation and which systems use them. By developing an understanding of the cryptographic algorithms used by your organisation, you can start assessing which algorithms are vulnerable and will have to be migrated first.
    • A certificate discovery tool can give your organisation a quick win. A robust tool will scan your network and provide you with a list of keys and algorithms in your organisation.
  • Start building your systems with crypto agility in mind. For example, when applying digital signatures, use PAdES compliant standards that will allow you to re-timestamp your documents with quantum resistant algorithms.
  • Ask your third-party platform providers what they are doing to prepare for the post-quantum world and if they have plans in place to become more crypto agile.

How long until quantum computing becomes mainstream?

So, when will quantum computers start to turn our world upside down?

The field of quantum computing is advancing all the time, but at the moment quantum computers have not advanced enough so that they can start breaking PKI encryption. To get to a point where they will be commercially available there are still many engineering obstacles that must be solved. Currently quantum computers are crippled by errors in the form of noise and loss of quantum coherence.

Experts believe that by 2030 we might have reliable and readily available quantum computers.

Quantum computers do not pose a threat to our security…yet. But it is never too late to start planning for the future.