feature article
Subscribe Now

Tick Tock: The Quantum Boogeyman is Coming for Your Most Sensitive Data

Here’s a little thought experiment for you. It starts with a question:

When do you think that practical quantum computers will be available?

Please feel free to leave your answer as a comment below. Due to the nature of this publishing medium and the way it works, I won’t get your answer for a few weeks, but I can assure you that your answer will not alter the results of this thought experiment.

Because I can’t see your answer for a while, I’m going to tell you about some relevant information that I have, thanks to IBM Research. IBM has been developing quantum computers for several years now. In 2021, IBM announced the 127-qubit Eagle quantum processor. The company unveiled the 433-qubit Osprey quantum computer last November and has stated that it plans to put this machine online by the end of this year. The company’s stated goal is to build a quantum processor with more than 4000 qubits by 2025, and the company has a roadmap to get there.

My answer to this first question about the timing for accessible quantum computing is “real soon now;” however, I encourage you to do your own research.

Now for the next part of the thought experiment. When do you think bad actors will start using quantum computers to crack the security of the world’s data? If you read the EEJournal article that I published last November, “Looming Crypto Crisis Rides In With Quantum Computing,” you’ll find a quote from Ray Harishankar, an IBM Fellow and Vice President working on quantum-safe cryptography:

“NIST has put out some reports and you also have national security memorandums that call out 2035 as a date. NSA announced [in September 2022] that 2035 is the date they expect things to be compliant [with yet-to-be-published quantum-safe cryptography standards].”

This 2035 estimate was echoed in a world Economic Forum article published by Deloitte and the World Economic Forum. The US National security Agency (NSA) said that all web servers and all the network devices should be compliant by 2030.

Well, it’s four months later and I have an update that you probably won’t like. According to Dr. Michele Mosca at the Institute of Quantum Computing, University of Waterloo:

“There is a 1 in 7 chance that fundamental public-key crypto will be broken by quantum by 2026, and a 1 in 2 chance of the same by 2031.”

IBM’s Harishankar provided that quote during a recent presentation on quantum-safe cryptography, and, if you believe that quote, you’ll realize that it’s already past time to do something about data security in your designs. Now, that’s a problem because NIST, the US National Institute of Standards and Technology, has yet to publish standards for quantum-safe cryptography. NIST has a process underway at the moment and has four candidate quantum-safe cryptographic algorithms in a draft standard for creating and verifying digital signatures and for data encryption, but those standards won’t be finalized for a while. Because digital signatures and data encryption have different requirements, multiple algorithms are needed.

Let’s take a step back to scope this data-security problem. Our entire digital world sits on top of a cryptographic foundation. Here are a few examples to remind you of just how pervasive cryptography has become in our everyday lives:

  • Internet: Domain Name Service (DNS), Hyper-text Transfer Protocol (HTTP), Telnet, File-Transfer Protocol (FTP)
  • Digital Signatures: eIDAS – PDF Advanced Electronic Signature – (PAdES), Advanced Electronic Signatures (AES), …
  • Critical Infrastructure: Code updates, Control systems, Car systems, IoT
  • Financial Systems: Payment Systems: (EMV, CHAPS, Fedwire, Target2, EURO1, …), SWIFT, Settlement Systems
  • Blockchain: Wallets, Transactions, Authentication
  • Enterprise: EMAIL – PGP, Identity Management PKI/LDAP, Virus scanning patterns, PKI Services, Bespoke applications

Every piece of data that flows over the Internet or through private networks relies on cryptographic security, and most of that security is based on the RSA algorithm, the public-key cryptographic scheme most favored in all of cyberspace. That’s the same algorithm that Dr. Michele Mosca gives a 50/50 chance of being broken by 2031 using quantum computers.

What happens when quantum computers can break today’s encryption? According to Harishankar, bad actors will be able to undertake activities such as:

  • Creating fake identities for websites
  • Creating fake software downloads and software updates
  • Launching extortion attacks by threatening to disclose harvested data
  • Creating indistinguishable fraudulent land records or lease documents
  • Manipulating software updates and forging financial transactions through fraudulent authentication
  • Manipulating legal history by forging digital signatures
  • Decrypt lost or harvested confidential historical data by cracking encryption keys

Now, should you think to yourself, “Whew! I’ve got a good seven years before I need to worry,” please think again. Bad actors are already vacuuming up and storing all of the packets they can find on the expectation that they will be able to decrypt these packets in a few short years. If you think that old data will be obsolete, then please reconsider, for two reasons explained by IBM’s Harishankar: data needs to stay secure for a long time and there’s an inherent multi-year lag when upgrading digital infrastructure.

How long does data need to stay secure? Here are a few international examples provided by Harishankar:

  • US Health Insurance Portability and Accountability Act (HIPAA) records: 6 years from its last use, Securities exchange act
  • Tax Records – 7-10 Years in most countries, Sarbanes Oxley
  • Health Canada Guidance for Records Related to Clinical Trials (GUI-0068) – 25 Years
  • Medical Records in Japan – 100 years

How long does it take to upgrade digital infrastructure? Here are a few examples, again provided by Harishankar:

  • Passports – 10 years from issue
  • Road vehicles – 15-20 Years
  • Critical infrastructure – 25-30 Years
  • Aircraft and trains – 25-30 Years
  • Critical Mainframe Applications – 50 Years

These few bullet points underscore the urgent nature of modern cryptography for sensitive data, and today, what data isn’t sensitive? Note that the longer equipment stays in service – in applications with the longer life cycles – the more urgent it is for this equipment to adopt quantum-safe algorithms. That’s because the equipment will be in service as more and more capable quantum computers come online.

For its part, IBM has been experimenting with the use of quantum-safe algorithms to encrypt information stored on some of the company’s tape drives and has equipped its z16 mainframes with the Crypto Express 8S Hardware Security Module (HSM), which provides quantum-safe API access to two of NIST’s selected quantum-safe algorithm candidates – CRYSTALS-Kyber and CRYSTALS-Dilithium. In addition, the company has incorporated quantum-safe technology and key management services into LinuxONE 4, its highly secure, enterprise-grade Linux server.

However, only a small fraction of the devices on the Internet are high-end servers like IBM’s z16 mainframes, and the threat is to every device on the Internet. Today’s situation seems dire: the quantum-safe encryption standards won’t be final until 2024, if all goes according to plan. With no standards in place, there are no IP cores to implement the quantum-safe cryptography algorithms. Hardware that ships today is guaranteed to be obsolete by 2031.

To me, this situation demands the use of FPGAs to implement preliminary standards and to be ready as soon as standards are in place. One of the first places where these quantum-safe standards are likely to be implemented is in data centers, and I’m currently placing my bet on FPGA-based IPUs. As far as other Internet-connected hardware is concerned, I think FPGAs are the only way to create hardware implementations of quantum-safe cryptography algorithms that will be fast enough to support line-rate encryption and decryption, until a standard arises, until IP cores can be certified against the standards, and until those IP cores can be implemented in ASIC and SoC silicon.

One thought on “Tick Tock: The Quantum Boogeyman is Coming for Your Most Sensitive Data”

  1. Two comments:
    1. Some cryptographic devices, like the IBM HSMs you mention, already have internal FPGAs where new algorithms can be implemented.
    2. You talk about what would be “fast enough to support line-rate encryption and decryption”, but the actual encryption of data would no be done using the new, quantum-safe algorithms – it would be done with a symmetric algorithms such as AES. The quantum-safe algorithms might be used as part of key transport or key negotiation, but the actual encryption would be done with other (faster) algorithms.

Leave a Reply

featured blogs
Sep 21, 2023
Wireless communication in workplace wearables protects and boosts the occupational safety and productivity of industrial workers and front-line teams....
Sep 21, 2023
Labforge is a Waterloo, Ontario-based company that designs, builds, and manufactures smart cameras used in industrial automation and defense applications. By bringing artificial intelligence (AI) into their vision systems with Cadence , they can automate tasks that are diffic...
Sep 21, 2023
At Qualcomm AI Research, we are working on applications of generative modelling to embodied AI and robotics, in order to enable more capabilities in robotics....
Sep 21, 2023
Not knowing all the stuff I don't know didn't come easy. I've had to read a lot of books to get where I am....
Sep 21, 2023
See how we're accelerating the multi-die system chip design flow with partner Samsung Foundry, making it easier to meet PPA and time-to-market goals.The post Samsung Foundry and Synopsys Accelerate Multi-Die System Design appeared first on Chip Design....

Featured Video

Chiplet Architecture Accelerates Delivery of Industry-Leading Intel® FPGA Features and Capabilities

Sponsored by Intel

With each generation, packing millions of transistors onto shrinking dies gets more challenging. But we are continuing to change the game with advanced, targeted FPGAs for your needs. In this video, you’ll discover how Intel®’s chiplet-based approach to FPGAs delivers the latest capabilities faster than ever. Find out how we deliver on the promise of Moore’s law and push the boundaries with future innovations such as pathfinding options for chip-to-chip optical communication, exploring new ways to deliver better AI, and adopting UCIe standards in our next-generation FPGAs.

To learn more about chiplet architecture in Intel FPGA devices visit https://intel.ly/45B65Ij

featured paper

An Automated Method for Adding Resiliency to Mission-Critical SoC Designs

Sponsored by Synopsys

Adding safety measures to SoC designs in the form of radiation-hardened elements or redundancy is essential in making mission-critical applications in the A&D, cloud, automotive, robotics, medical, and IoT industries more resilient against random hardware failures that occur. This paper discusses the automated process of implementing the safety mechanisms/measures (SM) in the design to make them more resilient and analyze their effectiveness from design inception to the final product.

Click here to read more

featured chalk talk

ADI's ISOverse
In order to move forward with innovations on the intelligent edge, we need to take a close look at isolation and how it can help foster the adoption of high voltage charging solutions and reliable and robust high speed communication. In this episode of Chalk Talk, Amelia Dalton is joined by Allison Lemus, Maurizio Granato, and Karthi Gopalan from Analog Devices and they examine benefits that isolation brings to intelligent edge applications including smart building control, the enablement of Industry 4.0, and more. They also examine how Analog Devices iCoupler® digital isolation technology can encourage innovation big and small!  
Mar 14, 2023