Cybersecurity is more crucial than ever, with exabytes of information transferred across the Internet on a daily basis. With the evolution of security features and sophisticated attack approaches, Quantum Cryptography is considered to be one of the major approaches for providing security in V2V-Systems (Vehicle-to-Vehicle).
Cryptographic algorithms play a very important role in providing data integrity and confidentiality. Security standards for both symmetric and asymmetric cryptography require longer keys as computational capabilities of computers increase, which makes brute force attacks less time consuming. However, we may not be safe even if every system uses secure cryptographic algorithms with appropriate key sizes. The reason for this is quantum computers, which are capable of solving mathematical problems hundreds or even thousands times faster than any existing computers nowadays. Conversely, we can also apply the principle of quantum computing to secure data. This article describes the concept of quantum cryptography, how it works, existing challenges and opportunities associated with this technology, and, finally, how it affects data security now and in the future.
Quantum cryptography is the science that utilizes quantum mechanics to perform cryptographic tasks, originating fairly recently in the 1970s. The topic is attracting more discussions and debates as quantum computers are increasingly relevant in today’s technological world. Some of the features of Quantum Cryptography which may be included in the V2V-Systems are Quantum Key Generation, Quantum Key Distribution (QKD), and Quantum Random Number Generation (QRNG).
State-of-the-art cryptography and its weakness against quantum cryptography
Today, there are two different traditional types of encryption: public-key and symmetric cryptography. Symmetric cryptography is based on encrypting and decrypting texts with the same cryptographic key. Public-key cryptography, also known as asymmetric cryptography, uses another technique and is based on other complex mathematical problems. In this form of encryption, everybody owns a public and a private key in order to encrypt or decrypt data. When encrypting data, the recipient’s public key is used that it, like the name says, is publicly available. The data can only be decrypted by the person owning the related private key.
The security of asymmetric cryptography algorithms is based on mathematical problems. These problems would take centuries for traditional computers to break the encryption and gain access to the private key. This is the reason why public keys can be shared freely. However, this only applies to current computers. Due to the development of quantum computers, this approach of encryption might fall apart rather sooner than later. In fact, quantum algorithms work differently than current algorithms and will be able to break public-key encryption much faster than is the case today.
Technically, the difference between quantum cryptography and current cryptography is that quantum mechanics are used in order to solve cryptographic problems. Traditional computers work with bits that can have the value of either 1 or 0. Quantum computers on the other hand work with qubits, which can be 1 and 0 at the same time. This phenomenon is called “superpositions.” Shor’s algorithm makes use of qubits and thus provides a huge threat to asymmetric encryption once big enough quantum computers are available.
Source: Google
Potential defense against quantum cryptography
Since quantum computers have an outstanding performance and are able to factor prime numbers very fast, one of the approaches to resist quantum computers is to increase key length of widely used asymmetric algorithms such as RSA and ECC. Longer keys result in performance overhead while performing the encryption/decryption process but introduce a potential defense against quantum computers. However, the key size must be increased dramatically to provide sufficient level of security in “quantum” cyberspace. This led the Committee on National Security Systems (CNSS) to suggest a minimal key length of 3072-bit for RSA [1].
Considering performance requirements for various services and systems, it may not be feasible to work with very large asymmetric keys. Fortunately, there is another option of defending against quantum computer-based brute force attacks – lattice-based encryption. There is no known quantum method to break lattice-based encryption [2]. Lattice-based cryptography involves usage of lattices, which have very important applications in number theory that form the base for cryptographic algorithms. Most of existing algorithms depend on difficulty of factoring prime numbers that is easily solvable on a quantum computer. Oppositely, lattice-based cryptographic algorithms depend on the hardness of lattice problems, which cannot be solved by quantum computers and thus considered to be secure assuming the worst-case hardness of lattice problems. This characteristic is common for post-quantum-algorithms. Some of the existing lattice-based cryptography algorithms are GGH encryption/signature scheme and SWIFFT hash functions [3].
Although the described defense approaches against quantum computers can be realistic, quantum computers will continue to evolve, gaining more and more computational power. It means that even the lattice-based encryption may not be sufficient to provide an appropriate level of security in the future.
Difference quantum-cryptography and post-quantum-cryptography
Although post-quantum cryptography and quantum cryptography only differ by one word, there is still a significant difference. While quantum cryptography uses quantum mechanics with the goal of breaking current state-of-the-art cryptographic algorithms (used by traditional computers), post-quantum cryptography sets its focus on algorithms that are used by quantum-computers. Post-quantum cryptography is aiming to find algorithms that are secure, even when facing attacks from quantum computers.
Google achieving Quantum Supremacy?
On October 23 Google researchers published a paper in Nature claiming they reached Quantum Supremacy. But what does that term mean? Quantum Supremacy is reached when a quantum computer is able to solve tasks that classical computers cannot do in polynomial time. According to the researchers, the quantum computer going by the name “Sycamore” solved a problem in about 200 seconds using 53 qubits, whereas current state-of-the-art supercomputers would need roughly 10,000 years to find a solution to this task. IBM on the other hand questions this result. They argue that a classical supercomputer could deal with this issue in 2.5 days instead. Many experts agree with IBM in this regard [4].
Future of quantum cryptography
Despite all of the promising and exciting qualities and algorithms related to opportunities and disadvantages of quantum cryptography, these concepts will not be widely used in the near future. Existing technical challenges will take decades to be solved. In addition to this, the most powerful quantum computer today has 53 qubits, while cracking today’s RSA encryption will take thousands of qubits. Expanding the number of qubits on computers is a highly complex task due to the nature of mechanical properties of quantum physics. So, Moore’s Law will not apply to quantum computers and, most likely, we will not see fast growth in the number of qubits added to existing computers.
But, even with the technology being out in the future, it is important to keep in mind the potential of this technology and plan ahead and prepare for the changes that are coming to the security field. ESCRYPT is actively participating in research on the topic and will keep you informed.
If you have any questions, please feel free to contact us or comment below!
Author: Kirill Kultinov, Security Specialist
Primary Contributor: Maximilian Tietz, Security Specialist
[1] https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf
[3] https://en.wikipedia.org/wiki/Lattice-based_cryptography
[4] https://www.quantamagazine.org/google-and-ibm-clash-over-quantum-supremacy-claim-20191023/