We explore how encryption protects your data and why quantum computers might shake things up.
Quantum computers are capable of very quickly solving very complex problems, such that even a supercomputer would be stumped for a long time. True, most of these problems are currently somewhat removed from real life, and quantum systems themselves are largely limited. But progress does not stand still, and this technology could one day take over the world. Here’s how that affects you and your data.
Data encryption at the heart of Internet security
At the heart of protecting data on computers and online lies encryption. Encrypting means using certain rules and a character set known as a key to transform the information one wants to send into a seemingly meaningless jumble. To understand what the sender wanted to say, the jumble has to be deciphered, also with a key.
One of the simplest examples of encryption is a substitution cipher whereby each letter is replaced with a number (say, 1 for A, 2 for B, and so on). In this example, the word “baobab” would become “2 1 15 2 1 2,” and the key would be the alphabet with each letter represented by a number. In practice, more complex rules are used, but the general idea remains more or less the same.
If, as in our example, all parties share one key, the cipher is said to be symmetric. Before communication can commence, everyone must receive the key to be able to encrypt their own and decrypt others’ messages. What’s more, the key has to be transmitted in unencrypted form (the receiving parties have nothing yet to decrypt it with). And if that happens over the Internet, cybercriminals might be able to intercept it and then read the supposedly secret messages. Not good.
To get around that problem, some encryption algorithms use two keys: one private to decrypt and one public to encrypt messages. The recipient creates both. The private key is never shared with anyone, so it can’t be intercepted.
The second, public key is designed such that anyone can use it to encrypt information, but after that, decrypting the data requires the corresponding private key. For this reason, there is nothing to fear from sending the public key in unencrypted form or even sharing it for anyone on the Internet to see. This type of encryption is called asymmetric.
In modern encryption systems, the keys are usually very large numbers, and the algorithms themselves are built around complex mathematical operations involving these numbers. Moreover, the operations are such that reversing them is next to impossible. Therefore, knowing the public key is of no use in cracking the cipher.
Quantum cracking
There is a catch, however. Strictly speaking, cryptographic algorithms are designed so as to make cracking the cipher impossible in a reasonable amount of time. That’s where quantum computers come in. They can crunch numbers far faster than traditional computers can.
Thus, the unreasonable amount of time a traditional computer would need to crack the cipher can become perfectly reasonable on a quantum computer. And if a cipher is vulnerable to quantum cracking, that negates the whole point of using the cipher.
Protection against quantum cracking
If the thought of wealthy criminals armed with a quantum computer someday decrypting and stealing your data sends shivers down your spine, don’t worry: Infosec experts are already on the case. As of today, several basic mechanisms exist to protect user-information from intruders.
- Traditional encryption algorithms resistant to quantum attacks. It may be hard to believe, but we’re already using encryption methods that can stand up to quantum computers. For example, the widespread AES algorithm, used in instant messengers such as WhatsApp and Signal, is too tough a nut — quantum computers accelerate the cracking process, but not by much. Nor do they pose a mortal threat to many other symmetric ciphers (that is, with only one key), although the abovementioned key distribution problem is still in effect here.
- Algorithms developed to protect against quantum attacks. Mathematicians are already devising new encryption algorithms that even mighty quantum technologies cannot crack. By the time cybercriminals arm themselves with quantum computers, data protection tools are likely to be able to fight back.
- Encryption with several methods at once. A decent solution that’s available right now is to encrypt data several times using different algorithms. Even if attackers crack one, they’re unlikely to break through the rest.
- Quantum technologies used against themselves. Using symmetric ciphers — which, as you’ll recall, are less vulnerable to quantum cracking — can be made more secure with quantum key distribution systems. Such systems don’t guarantee protection against hackers, but they will let you know if the information was intercepted, so if the encryption key is stolen in transit, it can be scrapped and another one sent. True, that requires special equipment, but such equipment is already available and in operation in some government organizations and private companies.
Not the end of security
Although quantum computers seem able to crack ciphers that are off-limits to traditional computers, they are not omnipotent. Also, security technologies are developing ahead of the curve, and they will not give ground to attackers in the arms race.
Encryption as a concept is unlikely to collapse in a heap; rather, some algorithms will gradually replace others, which is no bad thing. In fact, it’s already happening now, because, as we said, progress does not standstill.
As such, it’s worth checking every so often which encryption algorithm a particular service uses, and whether that algorithm is obsolete (that is, vulnerable to cracking). As for especially valuable data destined for long-term storage, it would be wise to start encrypting it now as if the era of quantum computers had already dawned.
by Egor Nashilov | Source: Kaspersky blog