Glossary of Quantum Terms
We know there are a lot of quantum terms out there and that the landscape can sometimes be confusing. QuSecure is here to help guide you to better understand the world of quantum computing.
Critical Cryptography Concepts
Foundational Quantum Concepts
Navigating the Quantum Problem
Solving the Quantum Problem
Standards & Regulation
Critical Cryptography Concepts
In today’s omnipresent digital world cryptography is essential to help us secure and protect the dissemination flow and reception of data. The terms below are to help you understand the current concepts within cryptography.
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior.
Click here to see how and why today’s cryptography needs to change.
Asymmetric Cryptography & Public Key Cryptography
This is known as secret-key cryptography which uses two sides of different keys (one public and one private) to encapsulate and decapsulate (Key Encapsulation Mechanism) or verify and sign (Digital Signatures).
These are a couple examples of the most used type of classical cryptography. RSA and ECC do not hold up against quantum computers. Click here to see what you can do to better protect your organization.
This is one of the oldest public-key encryption systems used for data protection.
This is an acronym for Elliptic Curve Cryptography, the key-based technique for encrypting data.
Shor’s Algorithm was developed in 1994 by mathematician Peter Shor to find prime factors of a given integer. Quantum computers allow for modular exponentiation as well as efficient quantum Fourier transforms, thus enabling this algorithm to run exponentially faster than current factoring algorithms such as the general number field. sieve. This is anticipated to make current public key cryptography vulnerable, including, but not limited to, RSA, Finite Field Dife-Hellman, and Elliptic Curve Dife-Hellman key exchange.
Post-Quantum Cryptography (PQC)
Post-quantum cryptography, also known as quantum-resistant cryptography, is a form of encryption that uses algorithms and mathematical codes designed to protect communications against attacks by quantum computers. It is essential for protecting data and systems from the rapidly advancing capabilities of modern computing technology. Post-quantum cryptography encodes information so that even powerful quantum computers should not be able to decipher the data.
A post-quantum cryptographic algorithm that, as of July 2022, won the National Institute Standards of Technology (NIST) competition to be the first post-quantum cryptography standard for key exchange.
CRYSTALS-Kyber uses an ideal lattice to provide a secure and efficient key exchange, digital signatures, and encryption. CRYSTALS-Kyber offers security against even the most powerful quantum computers to keep data and communications safe from future attacks.
Symmetric cryptography is a means of protecting data using a secret key to encrypt (lock) and decrypt (unlock) it. The sender and recipient share the key or password to gain access to the information. The key can be a word; a phrase; or a nonsensical or random string of letters, numbers, and symbols.
Grover’s Algorithm is a search algorithm developed in 1996 by Lou Grover that allows the discovery of high-probability unique inputs from unstructured search of a domain (of size N) into a black box function that produce a particular output value in sqrt (N) evaluations.
The Advanced Encryption Standard (AES) has a key length of 256 bits, is practically unbreakable, and is used to protect data. Click here to learn about reaching maximum protection leveraging AES-256.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient and that the message was not altered in transit (integrity). Very strong reason to believe that the message was created by a known sender (authenticity).
This refers to the ability of security hardware to swap algorithms, as per industry standards, without the need to rewrite applications. Click here to learn how QuProtect can help you with crypto-agility.
Zero trust cybersecurity is an approach to security that assumes no user or device can be trusted, regardless of whether they’re inside or outside the organization’s network. This approach requires organizations to continuously verify the identity and trustworthiness of users, devices, services, and applications before granting access to the organization’s network, data, and resources. Click here to learn Why Zero Trust is Today’s Secret Weapon for Enterprise Security
Foundational Quantum Concepts
While quantum computing becomes ever more prevalent in our digital lives, it is increasingly important to understand the foundational concepts around quantum computing.
These are emerging quantum technologies involving physics and engineering that rely of the properties of quantum mechanics.
A computer which makes use of the quantum states of subatomic particles to store information. Click here to better understand the implications of quantum computing.
Quantum communications include technologies that use entangled particles to transmit information. The main area of interest in quantum communications is QKD (Quantum Key Distribution). This is an exciting technology however, there are existing limitations to the applications it is useful for because of range and interference limitations.
Quantum random number generation. It uses noise to generate genuinely random numbers. Click here to see how QuSecure leverages QRNG to provide entropy. These are superior to current methods in cybersecurity of generating random numbers because generating random numbers for cryptographic keys because those are based on programmatic generation and can be reversed engineered. Click here to see how you can leverage QRNG to provide entropy throughout the entire networks.
Quantum Key Distribution (QKD)
This is a method that leverages the properties of quantum mechanics, such as the ‘no-cloning theorem,” to allow two people to securely agree on a key, a secret code word that is shared only between you and the person you are trying to communicate with. This secret code word can then be used to encrypt messages such that they can be transmitted without being read by a malicious third party.
Quantum sensors are expected to have a number of applications in a wide variety of fields including positioning systems, communication technology, electric and magnetic field sensors, gravimetry as well as geophysical areas of research such as civil engineering and seismology. Quantum sensors is using quantum principles to develop highly sensitive sensing devices.
These are the essential building blocks that make up quantum technology.
In computing, bits are the size of any character or information in the computing environment, and in quantum computing, they represent the size of the information loaded.
A classical bit can be in two states, it can be either zero or it can be one. A quantum bit or qubit, however, can be in a sort of zero state and in a one-state at the same time. This situation is called a superposition of (quantum) states. Qubits have some very particular properties: for instance, it is not possible to make copies of qubits. This is sometimes very useful, such as when you want to keep information private, and in fact this property is used in quantum cryptography. Click here to learn more about qubits and their relevancy to computers today.
A physical qubit is a physical device that behaves as a two-state quantum system, used as a component of a computer system.
A logical qubit is a physical or abstract qubit that performs as specified in a quantum algorithm or quantum circuit subject to unitary transformations, has a long enough coherence time to be usable by quantum logic gates.
Quantum Component Behavior
The aforementioned quantum components can behave in spectacular fashion. The uniqueness of quantum physics lies in the complexity where subatomic particles interact with each other producing fascinating results.
Quantum entanglement is the physical phenomenon that occurs when a group of particles are generated, interact, or share spatial proximity.
A fundamental principle of quantum mechanics stating that, like waves in classical physics, quantum states can be added together – superposed – to yield a new valid quantum state: and conversely, that every quantum state can be seen as a linear combination, a sum of other distinct quantum states.
The coherence of a qubit, roughly speaking, is its ability to maintain superposition over time. It is therefore the absence of “decoherence”, which is any process that collapses the quantum state into a classical state, for instance by interaction with an environment.
At QuSecure we use entropy to refer to the genuine randomness produced by quantum noise the we leverage to add an extra layer of security to our cryptographic keys.
Navigating the Quantum Problem
Quantum computing will usher in a new era of great opportunities for the world. The computing power that quantum will allow us opens up new avenues in research and application beyond what current classical computers can offer. That said, with the great power of quantum computing there is the problem that bad actors can use quantum computing for nefarious purposes. Understanding the problem today allows you to intelligently plan for your organizations security for both today and tomorrow.
The Quantum Threat
Below are a few relevant terms to help explain today’s quantum threat and allow you to begin developing a plan to help optimize your organization’s cybersecurity road map.
Proof that the quantum computer is superior to the classical computer, based on tasks and outcomes.
A Cryptographically Relevant Quantum Computer
This enables a quantum computer to attack cryptographic systems that classical computers can’t.
Store-Now Decrypt-Later (SNDL)
Also called Harvest-Now, Decrypt-Later (HNDL), This is when protected data is intercepted today only to be used when a quantum computer can break the encryption.
“Years to Quantum”, is the moment of uncertainty when we could lose digital security.
Quantum Readiness Index
This is a tool that is used to determine if an organization is quantum-safe. It measures the company’s readiness for quantum technology.
Quantum Threat & Cryptography
With the quantum threat there arises a need for better cybersecurity. Cryptography is evolving at a rapid pace to keep up with advances in quantum technology.
An algorithm is a collection of instructions that allows you to compute a function, for instance the square of a number. A quantum algorithm is exactly the same thing, but the instructions also allow superpositions to be made and entanglement to be created. This allows quantum algorithms to do certain things that cannot be done efficiently with regular algorithms.
Uses math believed unbreakable by future quantum computers but will be broken eventually. Currently no way to break NIST or PQC quantum-safe solutions. Addresses short-term security needs
Unconditional security against classical and quantum computers. Proven safe against an attack from any adversary that has unlimited resources. Immune to mathematical attacks
NIST Post-Quantum Cryptography Standardization
NISTIR 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process is now available. NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.
Solving the Quantum Problem
The quantum problem is real and exists today. A variety of methods and applications are in development to help address and solve for the quantum problem.
From QuSecure, this is the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels. With QuProtect, for the first-time organizations can leverage quantum resilient technology to help prevent today’s cyberattacks, while future-proofing networks and preparing for post-quantum cyberthreats. Click here to learn more about how QuProtect can help your organization.
Also called Post-Quantum. Quantum resilient refers to cybersecurity methods that stand up against quantum cybersecurity attacks.
Quantum Algorithm vs Post-Quantum
Quantum Algorithm – runs on quantum computers
Post-Quantum Cryptographic Algorithms – runs on today’s classical computer systems and defend against certain quantum algorithm driven attacks
Provides the tools that define the notion of security.
Standards & Regulations
The complexity that is inherent with quantum computing necessitates a common and unified approach in how this new technology can be successfully applied in both governmental and commercial environments.
Standards and Regulatory Bodies
The following organizations are a few of the major groups that set the standards for enabling a consistent and secure digital framework. These organizations have recognized how disruptive the advent of quantum computing could be without standards and enhanced security measures.
National Institute of Standards and Technology (NIST)
Since 1901, NIST has strived to be the world’s leader in creating critical measurement solutions and promoting equitable standards. Their most recent efforts to stimulate innovation, foster industrial competitiveness, and improve the quality of life can be seen in their release of the first four quantum resistant cryptographic algorithms from their six year competition. This competition, in our new quantum era, is intended to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Click here to learn more about NIST’s newly standardized algorithms.
Internet Engineering Task Force (IETF)
The Internet Engineering Task Force (IETF) is a standards organization for the internet and is responsible for the technical standards that make up the internet protocol suite. It has no formal membership roster or requirements and all its participants are volunteers.
Federal Information Processing Standard (FIPS)
FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce.
National Security Agency (NSA)
A federal government intelligence agency that is part of the United States Department of Defense. NSA has released guidance on post-quantum. They largely endorse the NIST standards.
Federal Risk and Authorization Management Program (FedRAMP)
The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. For security companies hoping to work with the federal government, obtaining FedRAMP authorization indicates one of the strongest forms of commitment and partnership between government and private enterprise. FedRAMP is important because it ensures consistency in the security of the government’s cloud services—and because it ensures consistency in evaluating and monitoring that security. It provides one set of standards for all government agencies and all cloud providers.
Federal Government Mandates
The rapid advancement of quantum computing has led to a sense of urgency from both the White House and Congress. With multiple countries increasing their efforts toward quantum supremacy the president and both houses of congress in a bipartisan fashion have begun escalating our national efforts in the area of cybersecurity and specifically post-quantum cryptography (PQC).
Presidential Memo 1 – January 19, 2022
Click here to read the Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.
Presidential Memo 2 – May 4, 2022
Click here to read the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.
Sources include but not limited to wikipedia.com, dictionary.com, and vocabulary.com.