Blair Canavan | Director of Business Development Digital Identity and Security, Thales
Rapid developments in quantum computing, such as IBM's Quantum Condor processor with a 1000 qubit capacity, have prompted experts to declare that the fourth industrial revolution is about to make a “quantum leap”.
The exponential processing capability of a quantum computer is already being welcomed by governments and corporations. New drug discovery, more in-depth and faster analytics for financial trading, increased efficiency in supply chain management systems, and many other exciting and cutting-edge applications are all possible thanks to the ongoing transition from academic and physics principles to commercially available solutions.
While organizations explore how to maximize these new capabilities, they must also ensure they are fully prepared for the cybersecurity implications of quantum computing.
Quantum computing and the cybersecurity threats
Quantum computing will enable great innovations in the future, but it will be accompanied by diverse risks. The potential of quantum computers to break the current security of common activities in our daily lives could have severe consequences. The quantum cybersecurity threat will increase data breaches of sensitive health and financial personal data, challenge the integrity of digital documents, and break certain cryptocurrency encryption.
Threat 1: Harvest Now, Decrypt Later
According to a Deloitte poll, just over half of responding professionals (50.2%) believe that their organizations are at risk for "harvest now, decrypt later" cybersecurity attacks.
This refers to an attack where threat actors collect encrypted data from target organizations today, fully anticipating that data can be decrypted later when quantum computing reaches a maturity level capable of rendering many publicly utilized cryptographic algorithms like RSA entirely obsolete.
Threat 2: Making Asymmetric Cryptography Obsolete
Quantum computing will also render most current popular encryption methods unsafe except for AES 256.
Back in 1994, Peter Shor developed a quantum algorithm to factor large prime numbers. It was not considered an urgent problem at the time, given the lack of quantum computers.
Today, however, quantum computing is much closer, and the world's data currently protected by asymmetric cryptography algorithms such as RSA and Elliptic Curve will become readable.
Besides threatening current encryption schemes, quantum computing has the capacity to render blockchain technology unsafe; this is a pressing issue that is not highlighted as much.
The vulnerabilities of blockchain technology
Blockchain depends on the disseminated consensus of trust, achieved through existing hash functions and public-key cryptography. While the chain itself is relatively secure, the endpoints wallets have been already proven "hackable" and quantum methods will expose the chain to fraudsters and thieves.
New technology and new algorithms could, in the near to medium term, subvert established digital security practices using what is known as a storage attack. Storage attacks involve a malicious party stealing from susceptible blockchain addresses, such as those where the wallet’s public key is visible on a public ledger.
A recent study found that 25% of all bitcoins in circulation and 65% of ether — the tokens in the Ethereum network — reside in addresses with a published public key. This means they could be stolen by leveraging a quantum computer with sufficient resources. Hundreds of billions of dollars’ worth of cryptocurrencies could be vulnerable to storage attacks.
The extent of the threat can be understood by examining the impact of a recent incident involving Solana, an increasingly popular blockchain known for its speedy transactions. During this security breach, Solana users reported that funds have been drained from internet-connected “hot” wallets. The estimated loss is around $8 million.
The attack affected only “hot” wallets or wallets that are always connected to the internet, allowing people to store and send tokens easily. The cause of the attack remains unclear, but industry leaders pointed out that the transactions were properly signed, which means the vulnerability could be a “supply chain attack” that managed to compromise the users’ private keys.
Developing post-quantum cryptography and encryption solutions
Governments and businesses have already begun preparing for a post-quantum world. For example, CISA and NSA recently released quantum-resistant algorithm recommendations and requirements for critical infrastructure and national security systems based on the post-quantum cryptography selections from NIST.
A key ingredient of the preparation is the ability to support today both legacy and post-quantum cryptographic algorithms.
The use of hardware wallets to guard cryptographic keys is the way ahead, but many question their ability to upgrade to support post-quantum cryptography (PQC).
The role of Thales Luna Network HSMs in post-quantum strategies
Thales Luna Network Hardware Security Module solves this future problem today. The optional Luna Functionality Mode (FM) allows you to customize your Luna Network HSM's functionality to suit the needs of your organization.
Functionality Modules consist of your own custom-developed code, loaded and operating within the logical and physical security of a Luna Network HSM. Custom functionality provided by your own FMs can include:
- new cryptographic algorithms, such as the post-quantum ones selected by NIST
- security-sensitive code, isolated from the rest of the HSM environment
- keys and critical parameters managed by the FM, independent from standard PKCS#11 objects, held in tamper-protected persistent storage
Thales Luna Network HSM and Luna FM have already been incorporated in use cases on post-quantum cryptography. Read more about Luna Network HSMs or download the Thales Luna Network HSM Product Brief.