Quantum computing represents a major threat to today’s encryption, DigiCert wants to fix that.
Quantum-safe Encryption is a concept that needs to come into focus sooner rather than later. This year has seen incredible progress on the quantum computing front, and while that’s exciting in its own respect—it also represents a major threat to the encryption standards we use today.
Fortunately, DigiCert has announced a partnership with Gemalto and ISARA to work on quantum-safe digital certificates and key management solutions, specifically for IoT devices.
“DigiCert, Gemalto and ISARA are collaborating today to solve tomorrow’s problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash,” says Deepika Chauhan, Executive VP of Emerging Markets at DigiCert. “The work we’re doing now will ensure that the connected systems that serve as the brains of automobiles, industrial control systems, medical devices, nuclear power plants and other critical infrastructure are safe from those threats in five, 10 and 20 years.”
So, what is quantum-safe encryption and what does this partnership portend for the digital certificate industry?
Let’s hash it out…
What is Quantum Computing?
It’s probably best to start out with a general refresher on what quantum computing actually is. We’ve covered this in depth, but here’s the abridged version: traditional computers operate on a binary system, meaning bits – 0’s and 1’s – that are known quantities, i.e. the bit is either a zero or a one.
Quantum computing throws all of that out. Quantum bits, which are referred to as qubits, can be in superposition, meaning that they can be both a 0 and 1 simultaneously. If that seems abstract, it is. And frankly, it’s probably not worth going too far into the weeds on this one. The important thing to take away is that quantum computing power is exponentially greater than the computing power of modern computers. And that represents a huge threat to today’s encryption.
RSA (Rivest-Shamir-Adleman), one of the most common cryptosystems in use today, is based on prime factorization. As you know, a private key is really just a long string of letters and numbers. To “crack” RSA’s encryption you would need to guess the key. It would take 6.4 quadrillion years for a standard desktop computer to crack a 2048-bit RSA private key on account of the fact that a standard computer can only try one combination at a time.
Because of qubits’ ability to be in superposition – multiple positions at once – a quantum computer can try more than one combination at a time. You can probably see where this is going… Being able to try more than one combination simultaneously cuts down on the time it takes to crack a key considerably.
A single Qubit quantum computer can try two values simultaneously. A two quantum bit computer can be in four positions at once, meaning it can attempt four values simultaneously. In March, Google unveiled a 72 qubit quantum computer, besting IBM’s 50 qubit quantum computer. A 72 qubit quantum computer can try 272 (4,722,366,482,869,645,213,696) values at once.
Suddenly, guessing that private key isn’t so difficult. In fact, it can be done pretty quickly. And RSA doesn’t scale well—key hardness doesn’t increase equally in conjunction with key length as you go bigger.
“Experts estimate that the dawn of large-scale quantum computing will arrive in the next eight to 10 years, bringing with it the moment when all current public key cryptography can no longer be trusted,” says Scott Totzke, CEO & Co-founder at ISARA. “The work we’re doing today ensures that a fundamental element of the security stack, root certificates, is secure by embedding quantum-safe cryptography. This means that IoT manufacturers and other large organizations will have the solutions and tools they need to prepare for the quantum threat well in advance of that date, keeping confidential information and high-value assets safe.”
The future of Digital Certificates is Quantum-proof
It’s obvious that the cryptosystems in use today are not going to withstand the power of quantum computing, so it’s going to be critical that companies like DigiCert take the lead and get out ahead of the upcoming quantum revolution. These issues are too important to wait on and figure out after the fact.
DigiCert is uniquely situated to attack this challenge, too. Already, DigiCert enjoys a reputation as one of the leaders in Enterprise security, so it’s well versed in meeting the challenges and pain points of large companies and organizations.
The way that’s materialized at the outset of this partnership is that Gemalto’s SafeNet Hardware Security Modules, which is a key management and storage solution, will integrate with DigiCert’s API, allowing for large scale issuance of quantum-safe digital certificates for connected devices. The digital certificates will make use of quantum-safe encryption as supplied by ISARA.
The three companies are also collaborating with the IETF and other standards organizations to help lay the groundwork for other companies to begin using quantum-safe encryption.
“Researchers at ISARA and elsewhere are developing new cryptographic algorithms that quantum computers can’t break, and these will need to be used in PKI/TLS certificates, and everywhere else classical asymmetric algorithms are used,” DigiCert’s Tim Hollebeek told eWEEK.
What is Quantum-Safe Encryption?
That’s a difficult question to answer without a doctorate in mathematics or possibly physics. From a conceptual standpoint, quantum-safe encryption refers to a cryptosystem that could withstand an attack from a quantum computer.
The security of today’s cryptosystems relies on one of three types of mathematical problem:
- Integer Factorization
- Discrete Logarithms
- Elliptic-Curve Discrete Logarithms
The problem with all three is that they could potentially be cracked by a quantum computer running Shor’s Algorithm. Shor’s algorithm is a quantum algorithm first presented in 1994 by Peter Shor, which can be used to solve break most public key cryptography schemes.
In order to be Quantum-safe, a cryptosystem needs to be able to withstand the processing power a quantum computer could throw at it. Most of the study with regard to post-quantum cryptography focuses on one of six possible methods:
- Lattice-based cryptography
- Multivariate cryptography
- Hash-based cryptography
- Code-based cryptography
- Supersingular Elliptic Curve Isogeny cryptography
- Symmetric key quantum resistance
One of the methods ISARA seems to favor is an approach called the Leighton-Micali scheme, which is a hash-based cryptosystem that is currently being considered for standardization. It combines a one-time signature scheme with a Merkle tree function.
What would a Quantum-safe Digital Certificate look like?
Now that we’ve at least scraped at the surface of what quantum-safe encryption is, let’s look at how the concept could be applied to the digital certificates we use today.
Essentially, what you’re looking at is an X.509 certificate that supports two algorithms and has two digital signatures. One algorithm and signature would be for a classic cryptosystem that is currently in use (like RSA), while the other algorithm and signature would be quantum-safe (like the Leighton-Micali scheme we just discussed).
That way, the certificate could still be used by regular computers just like any other digital certificate, and in the future updated systems will be able to use the quantum-safe encryption algorithm instead.
This makes the certificates future-proof in a way that is going to be very attractive to a lot of organizations. There’s still a lot of work to be done, including upgrades to existing validation and issuance systems and buy-in from stakeholders both in and out of the digital certificate industry.
But this is a big first step.
“Transitioning to quantum-safe techniques will eventually require an investment from everyone who uses cryptography to protect their systems,” Said Hollebeek. “We are offering the ability for manufacturers of long-life devices to start the process now, so that their products with a long shelf-life can use quantum-safe algorithms and not need to be retrofitted later.”
As always, leave your comments and questions in the section below…