Diffie tells security pros: Prepare for the quantum computing era

Diffie tells security pros: Prepare for the quantum computing era

A revered cryptography pioneer has warned that anyone involved in securing systems must take quantum computing seriously, for it is not going to fade into the night any time soon.

Dr. Whitfield Diffie, known for his co-invention of public key cryptography and digital signatures, and as the winner of the 2015 Turing Award, considered by many to be the Nobel Prize of computing, provided both a history lesson and a lecture during his recent keynote speech at SecTor 2022 in Toronto.

In leading up to the eventual advent of quantum computing, Diffie, who, along with Stanford University electrical engineering professor Martin Hellman, invented a new method of distributing cryptographic keys, said it is important to understand that cryptosystems such as RSA and others are under the control of secret keys: “I want to emphasize the word secret. There is a major problem, which is if you are depending on a secret, you have a vulnerability.

“Whether it is a secret love affair or secret bribe or a secret key, it can leak and that can create a great deal of trouble. One of the most important things to decide is if there is any way you can do something without keeping the secret.”

He added that while cryptography methods have been in existence for centuries, cryptography “as we know it was born in World War One and there are two reasons for that. One was the rise of radio. This was the first war fought by radio, and radio, like the internet today, like Wi-Fi, is just too good to ignore.”

The problem, said Diffie, is that from a security viewpoint, radio had a great disadvantage in that everyone can or could listen in.

He likened the current public key cryptosystem space to being on a racetrack in that it is easy to encrypt – move forward – but decrypting or going backwards is hard to do: “If you know the length of the track, then you can go back one step by going forward far enough to get there. If you do not know it, you are screwed.”

How dire is the situation? Diffie recalled a recent meeting he had with Adi Shamir, an Israeli cryptographer and co-inventor of the Rivest-Shamir-Adelman algorithm, otherwise known as RSA.

“He said to me, if you want to keep certain things secret for 100 years, I would not use RSA.

“Now, I am not the person to ask if quantum computing will really work. That is a matter for the physicists, but big money is going into it, so you need to take it seriously.”

According to a discussion paper from the European Telecommunications Standards Institute (ETSI), the “advent of large-scale quantum computing offers great promise to science and society, but brings with it a significant threat to our global information infrastructure. Public-key cryptography – widely used on the internet today – relies upon mathematical problems that are believed to be difficult to solve given the computational power available now and in the medium term.

“However, popular cryptographic schemes based on these hard problems – including RSA and Elliptic Curve cryptography – will be easily broken by a quantum computer. This will rapidly accelerate the obsolescence of our currently deployed security systems and will have direct impacts on any industry where information needs to be kept secure.”

ETSI warns that “without quantum-safe cryptography and security, all information that is transmitted on public channels – now or in the future – is vulnerable to eavesdropping. Even encrypted data that is safe against current adversaries can be stored for later decryption once a practical quantum computer becomes available. At the same time, it will be no longer possible to guarantee the integrity and authenticity of transmitted information, as tampered data will go undetected.”

The organization notes that “cryptoanalysis and the standardization of cryptographic algorithms require significant time and effort for their security to be trusted by governments and industry. ETSI is taking a proactive approach to define the standards that will secure our information in the face of technological advance.”



Source by www.itworldcanada.com

Exit mobile version