A revered pioneer of cryptography has warned that anyone involved with securing systems must take quantum computing seriously, as it’s not going away into the night anytime soon.
dr Whitfield Diffie, known for his co-invention of public-key cryptography and digital signatures and as a winner of the 2015 Turing Award, considered by many to be the Nobel Prize in computing, delivered both a history lesson and a recent keynote address at SecTor 2022 Toronto.
Ahead of the eventual advent of quantum computing, Diffie, who along with Stanford University professor of electrical engineering Martin Hellman invented a new method for distributing cryptographic keys, said it was important to understand that cryptosystems like RSA and others are under the control of secret Key: “I want to emphasize the word secret. There’s a big problem: if you depend on a secret, you have a vulnerability.
“Whether it’s a secret love affair, a secret bribe, or a secret key, it can leak, and that can cause a lot of trouble. One of the most important decisions is whether there is a way to do something without keeping the secret.”
He added that while cryptographic methods have been around for centuries, cryptography “as we know it was born in World War I for two reasons. One was the rise of radio. This was the first war to be fought over radio, and radio, like the Internet today, like Wi-Fi, is just too good to ignore.”
The problem, Diffie said, is that radio has a major disadvantage from a security standpoint, since anyone can or may be listening in.
He likened the current public-key cryptosystem space to a racetrack, since it’s easy to encrypt—move forward—but difficult to decrypt or go backwards: “If you know the length of the track, you can create a back step by walking forward far enough to get there. If you don’t know, you’re screwed.”
How bad is the situation? Diffie recalled a recent meeting with Adi Shamir, an Israeli cryptographer and co-inventor of the Rivest-Shamir-Adelman algorithm, also known as RSA.
“He told me if you want to keep certain things secret for 100 years, I wouldn’t use RSA.
“Well, I’m not the person to ask if quantum computing is really going to work. That’s up to the physicists, but there’s a lot of money going into it, so you have to take it seriously.”
According to a European Telecommunications Standards Institute (ETSI) discussion paper, “The advent of large-scale quantum computing offers great promise for science and society, but poses a significant threat to our global information infrastructure. Public-key cryptography, which is widespread on the Internet today, is based on mathematical problems that are considered difficult to solve in view of the computing power available now and in the medium term.
“However, popular cryptographic schemes based on these difficult problems — including RSA and elliptic curve cryptography — are easily broken by a quantum computer. This will rapidly accelerate the obsolescence of our currently deployed security systems and will have a direct impact on all industries where information needs to be kept safe.”
ETSI warns that “without quantum-proof cryptography and security, any information transmitted on public channels – now or in the future – is vulnerable to eavesdropping. Even encrypted data, secure against current adversaries, can be stored for later decryption once a practical quantum computer becomes available. At the same time, the integrity and authenticity of the information transmitted can no longer be guaranteed, since manipulated data remains undiscovered.”
The organization notes that “Cryptoanalysis and the standardization of cryptographic algorithms require a great deal of time and effort so that governments and industry can be confident in their security. ETSI is taking a proactive approach to defining the standards that protect our information as technology advances.”