40 minute read 7 Mar. 2024

Quantum security whitepaper: Improving tomorrow’s security by decoding the quantum computing threat

Authors
Aaron Perryman

EY Asia-Pacific Financial Services Consulting and Digital Leader

Alexey Bocharnikov

EY Asia-Pacific Quantum Technology Leader

Charles Lim

JPMorgan Chase, Global Head of Quantum Communications and Cryptography

Kaushik Chakraborty

JPMorgan Chase, Applied Research Lead in Quantum Communications

40 minute read 7 Mar. 2024
Related topics Cybersecurity

Information security is now a fundamental component of IT solutions, encompassing various methods to safeguard data, whether in transit, at rest or during processing. Current protection is based on cryptography, which is the science and practice of keeping sensitive information inaccessible to adversaries. Cryptographic systems not only provide confidentiality — they also provide other security features like authentication, integrity and non-repudiation.

Modern cryptographic systems, while robust, are not infallible. In real-world IT applications, security protocols strike a balance between practicality and security. They operate under unproven assumptions that certain computational problems are hard to solve for state-of-the-art computers in reasonable time. This approach to computational security has been serving the purpose effectively over decades. Such assumptions, however, may not hold water as computer science or technology advances. What is deemed computationally difficult today may tomorrow become more manageable with advances in computing power or new algorithms. Consequently, encryption standards are in a constant state of evolution, adapting to the latest technological developments and breakthroughs. The advent of quantum computing has initiated another review cycle of security protocols. Quantum computing introduces innovative methods to solve complex computational problems, challenging existing security assumptions and exposing vulnerabilities in some security protocols.

Quantum computing is not yet fully mainstream and currently unable to break security protocols with the key length recommended for use by standardization agencies. However, there are pressing reasons to be vigilant now. The last decade has witnessed not just advancements in quantum hardware but also significant progress in quantum algorithms aimed at breaching cryptographic protocols. Additionally, considering the time value of data — the idea that security protocols must protect information throughout its entire lifecycle — emphasizes the urgency of transitioning to quantum-safe solutions. Consider the “harvest now, decrypt later” strategy: previously, it hinged on the hope of a significant computational breakthrough. Today, it leans more toward quantum computing based attack. Secrets currently protected by conventional cryptographic algorithms could be at risk, stolen now only to be exposed in the future.

Not all cryptographic systems respond to quantum threats in the same way. They’re built on varied assumptions, which means their resilience to quantum computing varies.

Summary

Quantum computing will increasingly impact existing threats and the cyber tools used to protect organizations. It highlights the importance of migrating to quantum-safe solutions that are robust against future quantum computing attacks. While each organization may have different priorities, overlooking the need for quantum-safe solutions risks imminent attacks culminating in data breaches. The impending threat, coupled with the long-term value of data, significantly narrows the window for proactive action.

Creating a quantum-safe environment involves deploying a comprehensive strategy that encompasses both technological and organizational elements. The sheer complexity requires widespread integration of quantum-safe cryptography components throughout the IT infrastructure. This means that remediation is necessary, not just in isolated areas, but across the entire landscape. Currently, the relevant stakeholders and communities are working together to identify best practices for quantum-safe migration and remediation.

Central to this transition is crypto-agility — the capability to update cryptographic algorithms as and when current algorithms become insecure and new algorithms are introduced.

 

Download the report

 

About this article

Authors
Aaron Perryman

EY Asia-Pacific Financial Services Consulting and Digital Leader

Alexey Bocharnikov

EY Asia-Pacific Quantum Technology Leader

Charles Lim

JPMorgan Chase, Global Head of Quantum Communications and Cryptography

Kaushik Chakraborty

JPMorgan Chase, Applied Research Lead in Quantum Communications

Related topics Cybersecurity