Home Features QKD: The “Black Swan” of Data Security

QKD: The “Black Swan” of Data Security

Network Encryption, DSCI Whitepaper on Encryption

By Sunil Gupta, CEO, QNu Labs

The world produces 2.5 exabytes of data every day. And 3.2 billion global internet users continue to feed the data banks with 9,722 pins on Pinterest, 347,222 tweets, 4.2 million Facebook likes–plus all the other data we create by taking pictures and videos; saving documents, opening accounts and more.

Another report proclaims that we create more data every data than the data created until that day. We have reached the limits of the data processing power of current computers, but the data just keeps growing exponentially.

That’s why there’s a race from the biggest leaders in the industry such as Google, Microsoft, IBM and Intel to be the first to launch a viable quantum computer that would be exponentially more powerful than today’s computers, to process all the data we generate, every single day, and solve increasingly complex problems. These quantum computers will be able to complete calculations within seconds, that would otherwise take today’s computers, including current supercomputers, thousands of years to calculate.

The emergence of Quantum Computing

About a month ago, Google claimed to have built a quantum computer that could carry out calculations beyond the ability of today’s most powerful supercomputers, thus achieving Quantum Supremacy, supposedly a holy grail. As per the Nasa website, this quantum computer can perform a calculation in 3 minutes and 20 seconds, that would take today’s most advanced classical computer, Summit, approximately 10,000 years to accomplish. This is also supposed to be the first computation that can only be performed on a quantum processor.

This feat is invaluable and critical if we have to process the monumental amount of data we generate and solve very complex problems. The promise is that, due to their ability to work on Q-bits instead of bits, quantum computers will allow quick analysis and integration of our enormous data sets which will improve and transform our machine learning and artificial intelligence capabilities to the next order.

Unfortunately, like every great technology, Quantum Computers also bring along negative aspects. The industry is gravely concerned that quantum computers will be able to crack most of today’s encryption that uses “trapdoor” mathematical functions that work easily in one direction but not in the other. That makes encrypting data easy, but decoding it is difficult without the help of a special key.

A new study by MIT Technology Review shows that quantum technology will catch up with today’s encryption standards much sooner than expected. That should worry anybody who needs to store data securely for 25 years or more.

How Quantum can strengthen encryption

Cryptosystems are designed to cope with the worst-case scenarios: An adversary with infinite computing resources and access to plaintext/ciphertext pairs knows the encryption and decryption algorithms, so they can choose plaintext or ciphertext values at will. The only element not accessible to this adversary is the secret key, and thus the security of a cryptosystem depends solely on the security of the key.

Today’s encryption (secret) keys are highly vulnerable due to many reasons such as weak randomness, advances in CPU power, new attack strategies, the emergence of new algorithms such as Shor’s, which when run on Quantum simulators or Quantum computers will ultimately render much of today’s encryption unsafe. A particular concern is that data encrypted today can be intercepted and stored for decryption by quantum computers in the future.

Quantum safe technology needs to be adopted.  A technology that can address the practical difficulties such as safeguarding the hacking of encryption keys long, truly random keys, distributing the keys to recipients, sender, and receiver to be totally synchronized to make sure that the same keys are used for the same message, and ensuring that keys are never reused.

Quantum Key Distribution (QKD) is one such technology that addresses all these challenges. QKD is a key establishment and distribution protocol that creates a shared symmetric key material by using quantum properties of light to transfer information from Alice to Bob in a manner that will highlight any eavesdropping by an adversary.  This can be used to derive a key, and the resultant key material can then be used to encrypt plaintext using one-time pad encryption or using AES to provide unconditional security.

Here are some potential applications of  Quantum nature of secret keys to address some of the important problems of the industry:

Quantum safe authentication – A quantum token is used to authenticate a person and to provide access control across the organization.

Secure ‘Data in Transit’ between Enterprise Server and Data Centres – Uncompromised encryption keys generated and distributed between the two entities ensuring the absence of eavesdropping.

Securing ‘Data at Rest’ at the Private Cloud or Public Clouds – Enterprises can generate and use their own unconditionally secure keys to encrypt their data in the cloud ensuring full control of their data.

Secure ATMs – All confidential information such as PIN, etc. from the ATMs is transmitted to the bank, encrypted using QKD.

Security against anti-skimming – Quantum secret is used to encrypt the PIN.

Securing online banking – Replacing TAN with Quantum TAN.

Securing against Cardholder Not Present (CNP) fraud – Keys are not available to an attacker via phishing or keylogging, and the transaction details encrypted via a one-time pad that cannot be retrieved by unauthorized actors.

If QKD is used in carefully selected applications, alongside existing classical cryptography, then great benefits can be derived by the deployment of this technology.

QKD surely has its niche amongst the fundamental building blocks of cryptography and set to cause a cataclysmic upheaval in the world of cryptography.  QKD is a ‘Black Swan’ of Data Security.

The writer is the co-founder and CEO at QNu Labs. Before joining QNu Labs, he was COO at Paladion Networks responsible for driving and growing business for MEA and India regions. 

CISO MAG did not evaluate the advertised/mentioned product, service, or company, nor does it endorse any of the claims made by the advertisement/writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.