(NextGov) Organizations that have already experienced a data breach may become victims of “harvest today, decrypt tomorrow” or capture-now-decrypt-later attacks by tomorrow’s quantum computers writes Vincent Berk, Chief Revenue & Strategy Officer of Quantum Xchange for a recent article explaining how we can learn from the history of encryption. IQT-News summarizes below.
Before getting into more detail on the future threat posed by quantum computing, we should look to a historic example to inform our present decision-making.
In 1919 a Dutchman invented an encoding machine that was universally adopted by the German army, called “the Enigma.” Unbeknownst to Germany, the Allied powers managed to break the coding scheme, and were able to decode some messages as early as 1939, when the first German boots set foot in Poland. For years, however, the German army believed the Enigma codes were unbreakable and was communicating in confidence, never realizing their messages were out in the open.
History may already be repeating itself. I can’t help but think that most organizations today also believe that their encrypted data is safe, but someone else may be close to, or already, reading their “secure” mail without them even knowing.
Today’s modern cryptography is often deemed unbreakable, but a big, shiny black building in Maryland suggests that governments may be better at this than is widely believed. Although a lot of credit goes to the elusive quantum computer, the reality is different: poor implementations of crypto suites are the primary vector for breaking encryption of captured traffic today.
Harvesting attacks does not just work as a strategy for quantum computers. We will likely have more powerful processors for brute-forcing in the future. Additionally, other types of stochastic computation machines, such as spintronics, are showing promise and even the de-quantification of popular algorithms may one day see a binary computer version of Peter Shor’s algorithm. The latter helps us explain how quantum computing may help to make quick work of current encryption techniques. This will allow breaking of Diffie-Hellman key exchanges or RSA on a conventional computer in smaller time frames.
So how do we shield ourselves?
It is past time to take steps now that will protect organizations from future threats. This includes developing actionable standards. Both federal agencies and the private sector need to embrace quantum-safe encryption.
While looking to protect against current threats is certainly important, organizations should begin projecting future threats, including the threat posed by quantum computing. As technology continues to advance each day, one should remember that past encryption, like the Enigma machine, didn’t remain an enigma for long and was broken in time. The advent of quantum computing may soon make our “unbreakable” codes go the way of the dinosaur. Prepare accordingly.
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.