(ZDNet) To protect our private communications from future attacks by quantum computers, Verizon is trialing the use of next-generation cryptography keys to protect the virtual private networks (VPNs) that are used every day by companies around the world to prevent hacking.
Verizon has significant amounts of VPN infrastructure and the company sells VPN products, which is why the team started investigating how to start enabling post-quantum cryptography right now and in existing services,
Verizon implemented what it describes as a “quantum-safe” VPN between one of the company’s labs in London in the UK and a US-based center in Ashburn, Virginia, using encryption keys that were generated thanks to post-quantum cryptography methods – meaning that they are robust enough to withstand attacks from a quantum computer.
According to Verizon, the trial successfully demonstrated that it is possible to replace current security processes with protocols that are quantum-proof.
Quantum computers are expected to bring about huge amounts of extra computing power – and with that, the ability to hack any cryptography key in minutes.
Although a large-scale quantum computer could be more than a decade away, there is still a chance that the data that is currently encrypted with existing cryptography protocols is at risk. The threat is known as “harvest now, decrypt later” and refers to the possibility that hackers could collect huge amounts of encrypted data and sit on it while they wait for a quantum computer to come along that could read all the information. “If it’s your Amazon shopping cart, you may not care if someone gets to see it in ten years,” says Josyula. “But you can extend this to your bank account, personal number, and all the way to government secrets. It’s about how far into the future you see value for the data that you own – and some of these have very long lifetimes.”
A quantum-safe VPN could be a good start – even though, as Josyula explains, many elements still need to be smoothed out. For example, Verizon still relied on standard mechanisms in its trial to deliver quantum-proof keys to the VPN end-points. This might be a sticking point, if it turns out that this phase of the process is not invulnerable to quantum attack.
The idea, however, is to take proactive steps to prepare, instead of waiting for the worst-case scenario to happen.