Quantum computing could undermine personal data security, Euro believes

Quantum computing could allow malicious actors to compromise public-key cryptography systems by carrying out decryption without prior knowledge of the private key, thereby compromising the integrity of Internet protocols like HTTPS (TLS) required for secure browsing, online banking, and online shopping, the European Data Protection Supervisor has warned.

A report published by the Technology and Privacy Unit of the European Data Protection Supervisor (EDPS) has highlighted concerns around malicious actors and entities using superior computing capabilities afforded by quantum computing to break public-key cryptography systems as well as symmetric cryptography systems such as AES, thereby compromising the integrity of HTTPS that uses asymmetric and symmetric cryptography together.

“Quantum computing can break many of today’s classical cryptography and as such harm severely IT security. The risk extends to the core internet security protocols. Nearly all of today’s systems that demand security, privacy or trust, would be affected,” the report warned.

While public-key cryptography relies on the use of cryptographic protocols based on algorithms such as RSA that requires two separate keys, a private and a public key, a sufficiently powerful quantum computer can enable adversaries to carry out the decryption without prior knowledge of the private key, thereby defeating the very purpose of encryption.

Malicious actors could also use increasing computing power afforded by Quantum computing to carry out retrospective decryption of data from the past by exploiting the existing use of short key lengths in today’s classic computers to encrypt data.

“Security experts regularly call out for an increase of key lengths to keep data secure for a given period. Some governments’ secret services are reported to collect data purposefully for future retrospective decryption. Quantum computers though follow different laws and would allow retrospective decryption in many cases much earlier,” the report said.

Post-quantum cryptography needed to secure encrypted data in the future

The European Data Protection Supervisor also said via the report that in order to prevent the decryption of sensitive data using the power of Quantum computing by adversaries, organisations must start work on the development of post-quantum cryptography whose security will be unaffected by quantum computers.

Post-quantum cryptography will involve the use of very different mathematical building blocks, which incorporate mathematical operations that quantum computers cannot solve more efficiently than other computers.

“Post-quantum cryptography however will likely come with performance drawbacks and require larger computing resources to e.g. encrypt and decrypt data or sign and verify signatures and more networking resources to exchange lengthier keys and certificates. Post-quantum cryptography is not yet standardised. Sufficient and convincing knowledge must be available to conclude in a so-called cryptanalysis that such a solution is safe for both quantum and binary computing,” the authority said.

However, the good news here is that even though a few demonstrations of the power of Quantum Computing have already taken place, the European Data Protection Supervisor believes it will take more than a decade to build a quantum computer that will be able to execute useful algorithms of practical relevance. This will allow organisations and researchers more time to develop and refine post-quantum cryptography systems and algorithms.

“Based on what we know today there is no immediate threat posed by a quantum computer in the foreseeable future. It may likely take decades to build a usable quantum computer that can execute known algorithms. But for data that needs to remain safe for very long, this uncertainty poses an issue that may require an early transition to post-quantum cryptography,” the authority added.

ALSO READ: Google unveils quantum computer breakthrough; critics respond

Source link