Encryption is a fundamental aspect of Public Key Infrastructure (PKI) – a service used to confirm identity by proving ownership of a private key. Encryption plays a crucial role in this process, ensuring the confidentiality and integrity of data to build confidence that senders and receivers of information are who they say they are.
However, the rise of quantum computing poses a significant threat to existing encryption protocols, potentially rendering them ineffective. Companies must be prepared for quantum to fundamentally change PKI effectiveness and explore the emerging field of post-quantum cryptography (PQC) as a solution to safeguarding data in the era of quantum technology.
The risks of quantum computing for PKI
Quantum computers work differently to that of conventional computers, and boast the ability to leverage quantum bits, or qubits, which can exist in multiple states simultaneously. This, effectively, allows them to take shortcuts to solve the hard mathematical problems that underpin current encryption systems.
Once large-scale, fault-tolerant quantum computers become a reality, encryption protocols that have protected sensitive information for years will become vulnerable to attacks. This is because cyber criminals, well-aware of these impending vulnerabilities, will eagerly exploit the weakness in PKI systems to gain unauthorised access to valuable data. It is therefore imperative for organisations to take proactive measures to protect themselves – before quantum technology becomes mainstream.
The consequences of PKI hacks extend beyond financial losses and immediate security breaches. When PKIs are compromised, hackers can achieve more privileged access, and once they have these “keys to the digital kingdom” they can wreak havoc – whether that’s through manipulating company information or forcing service outages, for example. Compromised data confidentiality, identity theft, disruption of critical infrastructure, and erosion of trust pose severe risks not just to organisations, but to individuals and society as a whole. In fact, Statista’s Cybersecurity outlook estimated the cost of cyber crime in 2022 was $8.44tn (£6.5tn), and this is expected to rise to $23.84tn by 2027.
Many organisations are already taking steps to protect their PKI. In fact, in a ranking of tech skills most in demand from ITJobsWatch, PKI jumped 240 places over the past year. However, these IT professionals need to think beyond well-known PKI protocols (such as not sharing privately hosted PKIs across communities with different security expectations) and take proactive steps to future-proof systems.
The future of a secure and connected world hinges on our ability to defend against PKI attacks and safeguard the trust we place in these – so the industry must explore new ways to bolster policies, procedures and technology.
Post-quantum cryptography: securing the future:
Post-quantum cryptography (PQC) represents a revolutionary approach to encryption that aims to develop new cryptographic algorithms resistant to attacks by quantum computers. PQC seeks to provide mathematical problems that even quantum computers will find unsolvable, thereby ensuring the security of encrypted data.
PQC explores different mathematical frameworks, such as lattice-based, code-based, multivariate, and other novel cryptographic techniques. These algorithms are designed to withstand the immense computational power of quantum computers, making them a reliable solution for protecting sensitive information in the future.
PQC’s benefits for PKI
By integrating PQC into PKI systems, organisations can fortify the security of critical national infrastructure, including transportation networks, energy grids, and vital communication channels. Additionally, the financial services sector, which heavily relies on secure transactions, can greatly benefit from PQC implementation.
Although PQC is still in its early stages, organisations and governments around the world are recognising the urgency of investing in this cutting-edge technology. The aim is to ensure that, as quantum computers pose a threat to the existing walls of encryption protecting data, PQC simultaneously constructs new, impregnable barriers.
The final word
As the advent of quantum computing looms closer, the future security of PKI hangs in the balance. The risk of quantum attacks on existing encryption protocols demands proactive action from organisations and governments alike. Embracing post-quantum cryptography offers a promising solution to counteract these threats and ensure the long-term protection of sensitive data.
Four candidate cryptographic algorithms that aim to be quantum resilient have already been down-selected by NIST. There is, however, a risk that these candidate algorithms may not be sufficiently successful, so a hybrid model that leverages both post quantum and legacy RSA/ECC cryptographic algorithms is being used.
Investments in PQC research and development will pave the way for robust encryption algorithms that can withstand the computational prowess of quantum computers. By adopting PQC within PKI systems, critical sectors can enhance their resilience and maintain the integrity of their operations, safeguarding their sensitive information against the imminent threats posed by quantum technology.
Organisations must act now to stay ahead of the curve and actively prepare for the future of secure communication in the quantum era.
John Cullen is strategic marketing director for cyber security at Thales.