Quantum computing’s encryption threat on IoT
When the clock ticked over to 2020, it ushered in a decade that experts such as the National Institute of Standards and Technology predict a commercially viable quantum computer will advance life-changing research and break existing cryptographic algorithms. Recently, surveyed IT directors, managers and specialists think the day a quantum computer can crack existing cryptography could come sooner than predicted. The survey shows that 71% of experts expect it’ll happen by 2025, according to DigiCert.
Unlike traditional computers which measure performance in bits that represent either a one or zero, quantum computers measure performance in qubits that take the form of a one, zero or a combination. Using quantum mechanics, these computers can calculate much more rapidly than traditional ones.
In 2019, Google demonstrated quantum supremacy with a quantum computer able to prove the randomness of numbers generated from a random number generator in 3 minutes and 20 seconds, something that would have taken the world’s fastest traditional supercomputer 10,000 years to achieve. For IoT environments and many other use cases, quantum computing holds massive potential, but it also introduces new risks.
The promise of quantum computing
Quantum computing will help organizations address big challenges much faster than they could otherwise. Possible applications include:
Machine learning. Ultimately, machine learning boosted by quantum computing might be able to process far more complex data sets than a traditional computer, according to a study by IBM and MIT. Managing and analyzing huge amounts of data created by IoT devices requires serious computation power, making quantum computing an ideal solution.
Medical sciences. Possible healthcare benefits include supersonic drug discovery and development, and simulated clinical trials that can replace human and animal testing.
Particle physics. A mature quantum computer of the future is a strong candidate to help particle physicists classify a growing amount of data.
The risk to current encryption
Though the promise of quantum computing is unquestionably exciting, there’s cause for concern about how cybercriminals could use it to break today’s most advanced encryption. Within this decade, expect to hear of a quantum computer that can break RSA with 2048-bit keys, or ECC with 224-bit keys, which are now the minimum key sizes used to encrypt and decrypt data. That will put employee, customer and company data at risk unless companies strategize an approach. Today’s IoT devices are typically built to last for five, ten or even many more years. To keep IoT environments secure, organizations will need to be thinking about future-proofing their encryption against quantum threats today.
Thankfully, a majority of those in IT are aware of these looming security risks and no action needs to be taken. A survey found that 55% of IT members consider quantum computing an extremely large or somewhat large threat today, according to DigiCert. Seventy-one percent said it will be an extremely large or somewhat large threat in the future.
Eight out of ten those surveyed say it’s extremely important or somewhat important for IT to learn about quantum-safe security practices.
The solution to mitigating the risk to encryption
The solution to these security concerns is post-quantum cryptography (PQC). Recognizing the threat to encryption, 56% of IT surveyed by DigiCert are discussing budgeting for PQC and 35% already have a PQC budget. Most said the focus of their budget was to avoid being caught off guard by quantum computing threats and arm themselves with information on what approaches to take.
Companies should establish crypto-agility as a core practice, which provides the ability to swap out current encryption algorithms for new ones without major disruptions to your operations, including:
- Monitoring your cryptography
- Establishing crypto agility as a core practice
- Understanding your existing risk and acceptable risk
- Researching PQC and its impact
- Developing Transport Layer Security (TLS) best practices
During this decade, quantum computing will transform computing power and challenge current encryption algorithms in IoT and beyond. However, be reassured that quantum-safe algorithms are being refined and that by planning for quantum computing now, you’ll ensure your company is protected from what’s to come.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.