By, Julia Rabinovich, Architect, Network Security Products
Michael A. Greenberg, Product Marketing Manager, Security Platforms
Today, it is pretty expected from what we can see in the way hackers go after their victims. Whether through social engineering, phishing scams, or ransomware attacks ultimately it is just a hacker and his classic computer.
Which means not a lot of computing power to decrypt complicated encryption protocols in a desired timeframe. There are just too many secure encryption keys in place and with the compute power we have today – it is not enough to get the job done, it will take too much time to decrypt and not worth the effort – it is all about quick wins.
Now what if said hacker actually had a quantum computer to conduct his attacks and use it to break into your bank account – in no time the hacker will have access to account details, funds, addresses, you name it, they can steal it. Not only will they be able to carry out their attack in real time but a quantum computer has the ability to retrospectively decrypt all previously recorded traffic quickly leaving millions exposed.
The outcome could be devastating, the cost and damage could be overwhelming, and it would surely bring institutions to a halt in moments. The rise of super powerful quantum computers is not so far off.
At Check Point, we are always thinking about the future, and how we can secure your everything. A cyber attack or threat of this magnitude is not something we take lightly. All around the world, new ways to protect data and communications from such threats is being worked on. Post-quantum cryptography is the cryptographic algorithms that are believed to be secure against an attack by such a quantum computer.
Even though as of today quantum computers lack the processing power to crack any cryptographic algorithm, cryptographers everywhere are working on new algorithms in preparation for a time when quantum computing actually becomes a threat.
Let’s take it back to the beginning and understand why this is so imperative for us as cyber security professionals.
What is Quantum Computing?
Today’s classical computers encode information using bits, where each bit has a specific value of either 0 or 1. Now, quantum computers operate with what is called qubits, something defined originally in quantum mechanics. A Qubit is a data unit that holds not just a distinct value of 0 or 1, but also simultaneously the superposition of 0 and 1. This superposition of qubits is what gives quantum computers their inherent parallelism: applying single operations on the quantum register means applying it to each of the qubit values of the superposition. Since the number of possible states in the quantum register holding n qubits is now 2n, performing a single operation on a quantum computer is equivalent to performing an exponential (2n) number of operations on a classical computer holding n bits in a register! Truly impressive stuff. However, since the result of such an operation on a quantum computer is also a qubit value (i.e. superposition), special algorithms are required to take advantage of that type of processing speed.
General Impact on Cryptography and Derived Products
In 1994 and 1996, two algorithms, presented by Peter Shor and Lov Grover respectively, succeeded to use quantum parallelism. Shor’s algorithm can be used to break any public key encryption scheme whose security relies on the hardness of the integer factorization or discrete logarithm problem in polynomial time. This includes most widely deployed public key encryption/signature schemes including RSA, EC-DSA, ECDHE, etc.
Grover’s algorithm can reduce the brute force attack time to its square root. For the symmetric key algorithms like AES and TDES, this implies that once a quantum computer is available, the strength of a 256-bit key becomes identical to the strength of 128-bit with today’s classical computers. Grover’s algorithm also allows to reduce the time of the collision attack, decreasing the strength of hash functions. The strength of SHA256 is reduced from 128-bits to 80 bit, and strength of SHA384 from 192 bit to 128 bit.
What does it All Mean?
Quantum computers would allow not only breaking tomorrow’s encrypted communication, but also retrospectively the decryption of today’s safely encrypted data. In advance to the availability of quantum computers, the following shall be changed to guarantee the level of security we have today:
- Crypto schemes used for authentication, confidentiality and key exchanges require replacements
- Symmetric cryptography needs not just a confidential way to exchange private keys but also to increase the symmetric key size and hash product size.
The National Institute of Standards and Technology (NIST) leads a Post Quantum Standardization (PQS) program aiming to define new algorithms that are quantum safe – i.e. cannot be broken using known techniques on quantum computers of expected strength. The project has entered its final stage and is expected to be completed over the next two years.
Transitioning to Quantum Safe Computing
In order to transition to quantum safe computing, the security protocols such as: SSH, VPN/IPSec, and SSL/TLS, etc. would actually need to be upgraded to operate in a hybrid mode – this would allow for existing pre-quantum behavior to stay backward compatible as well as introducing an extra layer in the secure communication establishment to protect the world against quantum attacks.
The change impacts asymmetric cryptography and key generation algorithms and requires enlarged key/product size in symmetric cryptography algorithms. This heavily impacts performance and bandwidth. Therefore customers advancing towards these algorithms shall align the transition with hardware base upgrades.
Making a Quantum Leap with Check Point
On a mission to secure your everything, every day we do more than we did yesterday. It is so important that the products, solutions and platforms we design bring simplicity and consolidation to cyber security across the enterprise.
Check Point continues to monitor ongoing activities related to quantum safe cryptography and will make all required efforts to upgrade products, solutions and associated authenticity means like certificates once these new algorithms are approved and certified. This is where Check Point’s Quantum Security GatewaysTM come into play since they will be able to implement the approved and certified algorithms and provide the best level of protection over a variety of security protocols. It is not just about what we can prevent against today, but for tomorrow as well.