DigiCert Inc., Gemalto and ISARA Corp. have teamed up develop quantum-proof digital certificates and secure key...
management for IoT devices.
The partnership will combine ISARA's quantum-proof algorithms with Gemalto's SafeNet hardware security modules and DigiCert's public key infrastructure (PKI) to offer certificates that are resistant to quantum computing threats. Scott Totzke, CEO at ISARA, based in Waterloo, Ont., said he believes public key cryptography could be fundamentally insecure within a decade.
"Experts estimate that the dawn of large-scale quantum computing will arrive in the next eight to 10 years, bringing with it the moment when all current public key cryptography can no longer be trusted," Totzke said in the announcement.
IoT devices rely on authorizations and identity management that are based on digital certificates signed with public key signatures, and the problem with such physical devices is compounded by their long lifecycles in the field. But just about everything that relies on PKI, not just IoT, will be broken if Totzke and other experts are right. This prospect spurred the three vendors to join forces to build quantum-proof certificates.
The qubit tide
In quantum computing, one important measure of computing power is the number of qubits, or quantum bits, maintained in the computer. Whereas actual, working quantum computers have used only very small numbers of qubits to date -- IBM's 2016 Q Experience computer managed 5 qubits, for instance -- recent breakthroughs late last year enabled IBM, Intel and Google to experiment with computers as large as 79 qubits.
While qubits are analogous to memory in a classical computer CPU, the implications of qubit quantity are far more tightly intertwined with raw computing capability. IBM has predicted that quantum computers will have the wherewithal to beat the most powerful classical computers at certain kinds of computations within five years.
Tim Hollebeek, industry and standards technical strategist at DigiCert, based in Lehi, Utah, started life as a quantum chemistry graduate student before switching to computer security. And he has interesting bona fides when it comes to thinking about how quantum computing might affect security and, in particular, encryption. It's not that quantum computers are so much faster that they can brute-force the guessing of encryption keys, he said.
"It's a common misunderstanding," Hollebeek said, "that quantum computers work better than classical computers just due to the fact that they brute-force things and that somehow quantum mechanics allows them to calculate many different paths at once or something like that. That's not really what's going on."
A talent for special problems
Hollebeek explained that quantum computers are extremely good at solving certain problems, but they are not so good at solving others.
"That's actually the difference between classical cryptography and post-quantum cryptography," he said. "For classical cryptographic algorithms like RSA and ECC [elliptic-curve cryptography], well, those just happen to use these problems like integer factoring."
Classical encryption uses mathematical problems that it turns out quantum computers "are just insanely good at," he said.
Public key encryption, regardless of the specific algorithm, relies on a trapdoor mathematical problem of one kind or another. In RSA, for example, the problem is it's easy to pick two large prime numbers, multiply them and know what the product is. But there's no easy way to do this in reverse -- that is, take the product and figure out which two prime numbers were multiplied in order to get it. Essentially, factoring the product would require taking all the prime numbers in turn until you find one that divides into the product and yields another prime number.
A classical computer can run through prime numbers in order and do your guessing for you. But if the two prime numbers were sufficiently large, the process could take centuries, even with an extremely fast computer. ECC -- the other main option out there -- has similar properties. And both RSA and ECC are problems that are far easier to solve using quantum computing.
"We got kind of unlucky. The algorithms we chose to base all of our cryptography on just happened to be the same ones that quantum computers are extremely good at," Hollebeek said.
Lattice cryptography and beyond
Despite the looming threat of quantum computing, all isn't lost.
"There are lots of public key algorithms that you can use. And we just happened to select these two. There are lots of others -- for instance, lattice space cryptography -- and it was a mathematical curiosity for a while, because nobody really had a good reason to not use RSA and ECC, which seemed to work so well," Hollebeek said.
There are encryption alternatives, and they aren't susceptible to quantum computing in the same way that RSA and ECC are. The logical inference is everyone is going to need to move to quantum-proof alternatives, like lattice cryptography, before quantum computers are sufficiently powerful to turn loose on them. However, Hollebeek said this sort of transition is slow.
"We've seen the move from DES to 3DES, for example, and from SHA-1 to SHA-2 -- it takes a decade or two. I like to tell people building a quantum computer that can break RSA or ECC -- that's a hard problem, and it's going to take a decade or two," he said. "Getting the entire world's cryptography off of RSA and ECC and onto new algorithms ... that's also a hard problem. It will also probably take a decade or two."