Codebreakers – Encryption in the quantum age

Originally published in Cyber Daily Australia, 7 July 2024

Imagine a world where your every whisper, every strategic move, is laid bare to your enemy or competitor. This was the chilling reality of World War I, where Germany's undersea cables, the lifelines of their communication, were intercepted by British forces.

Fast forward to World War II, and a quiet genius named Alan Turing emerges, cracking the Enigma code, a feat that changed the course of history and laid the foundation for the digital world we know today.

Here in Australia, the Signals Directorate motto rings as important as ever: "Reveal their secrets. Protect our own". As the world hurtles towards a quantum computing future, safeguarding our digital infrastructure from potential breaches becomes paramount, whether we’re a government or commercial organisation.

Proactive adoption of quantum-resistant encryption is essential. But we must also embrace the transformative power of quantum computing. Striking this delicate balance – protecting our encryption while harnessing the efficiency boost promised by quantum computers – is the key to unlocking the full potential of this revolutionary technology.

The keys to our digital world are about to be broken

The internet's security currently relies on a system called Public Key Infrastructure (PKI), which uses complex mathematical problems to keep our data safe. However, the rise of quantum computers threatens to break this system, making our online world vulnerable.

Quantum computing leverages principles from quantum physics to use qubits, units that can exist in multiple states simultaneously, to execute calculations more efficiently than conventional computing.

In the past, attempts to solve PKI problems with a conventional computer would take millions of years. A quantum computer, however, could solve this problem in minutes.

A race to secure our digital future

Quantum computers are coming, and they threaten to break the encryption that protects our online world. This could leave our communications, financial transactions, and sensitive data vulnerable. The race is on to develop quantum-resistant encryption, and many countries including Australia are investing heavily in this critical area.

Several approaches are being taken to address the quantum risk, including:

• Post-Quantum Algorithms (PQAs): Researchers are developing complex algorithms that may resist quantum computing attacks. Several algorithm candidates have already been broken by conventional computers, and standards have not yet been developed. An interesting approach is still in research and standards development.

• Hardware Security Modules (HSMs): These modules enhance security by managing encryption keys. However, their reliance on PKI for key distribution makes them vulnerable to quantum attacks. They are expensive, inflexible, and not quantum-safe.

• Quantum Key Distribution (QKD): This method uses quantum mechanics to distribute encryption keys, making eavesdropping detectable. However, its limited range due to the fragility of quantum states requires specialised repeaters, making it impractical for global use.

• Symmetric Key Agreement (SKA): These platforms offer a secure way to create encryption keys by distributing random data (entropy) instead of the keys themselves. This makes it harder for attackers to steal the keys, even if they intercept the data. These platforms are ideal for devices with limited resources, like those in the Internet of Things, and are a promising solution for securing our digital world.

A new era of security and innovation

For businesses and governments, investing in quantum-safe cryptography is essential to address the looming cybersecurity crisis, which could fundamentally undermine our digital systems. This means developing new encryption methods that can withstand the power of quantum computers.

Just as radar technology, initially developed for military purposes, later led to advancements in television, quantum computing presents both challenges and opportunities. We must seize this opportunity to innovate and secure our digital future.

This requires a concerted effort from governments, businesses, and researchers. We need to work together to develop standards, migrate our digital infrastructure, and ensure that we can protect our data in the age of quantum computing.