It would take a classical computer 300 trillion years to crack an RSA-2048 encryption key.
A Quantum Computer with 4099 stable qubits could perform the same attack in just 10 seconds.
Chinese researchers released this paper in Dec '22 stipulating that RSA-2048 can be broken using a combination of classical and quantum algorithms and a 372 qubit NISQ. Basically now.
Introduction
Quantum computing has the potential to revolutionize industries, but it also poses significant risks to current encryption systems. In this quick guide, we will help you understand the risks associated with quantum computing and provide strategies to secure your organization in the quantum era.
Understanding Quantum Information Security Risk
Quantum computing utilizes qubits, which have unique properties that allow them to process information at a scale and speed beyond traditional computing. While this technology has the potential to solve complex problems and drive significant advancements, it also poses threats to existing encryption systems like RSA and ECC.
It is difficult to say when Q-day will happen:
- Most industry experts believe sometime in the next 3-7 years.
- Chinese researchers believe it can be done now - although that hasn't been validated and presumably wouldn't scale to be generally available any time soon.
- Government Regulations and Guidance suggest that time will come soon and, whether it does or not, are requiring agencies and government suppliers to act now.
On a positive note, quantum computing opens up new possibilities for secure communication, such as Quantum Key Distribution (QKD).
Assessing Quantum Risk in Your Organization
Managing quantum risk begins with identifying your organization's critical systems and data. Evaluate the potential impact of quantum computing on these assets, and prioritize risks based on likelihood and potential damage.
- Identify critical systems and data: Determine which systems and data are most vital to your organization's operations and would cause the most harm if compromised.
- Evaluate the potential impact: Assess how quantum computing advancements could affect your organization's security infrastructure and its ability to protect sensitive information.
- Consider whether current controls are adequate given that adversaries are implmenting SNDL programs today.
- Prioritize risks: Rank the identified risks according to their likelihood and potential damage to your organization.
Implementing Quantum-Safe Strategies
To protect your organization from quantum information security risks, adopt the following strategies:
- Begin to define your quantum-resistant strategies and corresponding architecture today
- When practical/available:
- Adopt quantum-resistant encryption algorithms: Transition to encryption methods that are resistant to quantum attacks, such as lattice-based, code-based, or multivariate cryptography.
- Utilize Quantum Key Distribution (QKD): Implement QKD for secure communication between parties, ensuring that any intercepted data would be rendered useless.
- Implement quantum-safe protocols and security measures: Ensure that your organization's security infrastructure is updated to incorporate quantum-safe protocols and measures.
Ongoing Risk Management and Monitoring
As quantum computing continues to evolve, it's essential to stay informed about the latest advancements and their potential impact on cybersecurity. Collaborate with industry partners and standards organizations to remain at the forefront of quantum computing research and best practices. Regularly re-evaluate your risk assessment and update your mitigation strategies as needed to ensure long-term security.
Conclusion
Proactive risk management is crucial in the quantum era. By understanding quantum risks, assessing their impact on your organization, and implementing quantum-safe strategies, you can ensure your organization's security in the face of this rapidly evolving technology. Stay informed, collaborate with partners, and adapt your security infrastructure to navigate the challenges and opportunities presented by quantum computing.
To help, VoSec maintains a summary of Government Regulations and Guidance and Quantum Computing Terminology.