Rama Krishna Sangem
Suddenly, the world is getting alarmed over a new threat of quantum computing to all the encrypted data stored in all forms of gadgets- PCs, laptops and even mobiles. This is a big threat not just to individuals and private companies, but also to governments across the globe.This is compared to bigger, yet similar Y2K crisis in 1999. But, this time, there is no deadline like that of Y2K, which has year 2000 timeline.
Entire data and secret codes can go into the hands of hackers who use quantum computing, a super efficient technology that is waiting to unfold soon. This threat is flagged by none other than our SEBI chairman Tuhin Kanta Panda at a Fintech seminar on October 15.
The quantum threat to cryptography is that future quantum computers could break modern encryption methods like RSA and ECC, jeopardizing online security. This is because quantum algorithms like Shor’s algorithm can factor large numbers and solve the mathematical problems that currently protect our data, potentially in hours instead of thousands of years. This threat necessitates a transition to post-quantum cryptography (PQC), which uses new algorithms resistant to both classical and quantum attacks.
What’s this threat?
Breaking encryption: Most of today’s public-key cryptography, which secures everything from online banking to encrypted messaging, relies on problems that are too difficult for classical computers to solve. A powerful quantum computer could solve these problems, rendering these systems vulnerable.
“Harvest now, decrypt later”: A significant risk is that attackers can intercept and store encrypted data today, planning to decrypt it in the future once powerful quantum computers are available.
Compromising integrity: In addition to confidentiality, quantum computers could also break the digital signatures used to verify the authenticity of data and transactions, allowing attackers to forge them.
Impact on various systems: The threat extends to many digital systems, including online banking, secure communication, digital signatures, blockchain technologies, and VPNs.
Solution? Post-quantum cryptography (PQC)
New algorithms: PQC involves replacing current cryptographic algorithms with new ones based on mathematical problems believed to be hard for both classical and quantum computers to solve. Ongoing development: Organizations like the U.S. National Institute of Standards and Technology (NIST) are developing and standardizing new PQC algorithms. The Internet Engineering Task Force (IETF) is also working on incorporating these standards into communication protocols.
The transition is underway: Companies are already working to integrate these new standards and develop quantum-resistant products and systems, though it will take time to complete the full transition. Why immediate action is needed? “Harvest now, decrypt later” attacks: Sensitive data with long-term confidentiality requirements is already at risk today from this type of attack.
Urgency: While cryptographically relevant quantum computers are not yet fully available, their development is accelerating, and the cost of being unprepared is potentially irreversible. Organizations need to start planning and preparing for the transition to PQC now.