Introducing QuProtect Core Security - Powerful Protection for Router-to-Router Communications
Quick Navigation
Cryptography provides the essential tools to secure private data communications over public or hostile networks like the Internet and is the fundamental enabler of the modern digital world. In terms of the classical cast of cryptography characters, Alice and Bob want to transmit secret messages to one another in the presence of Eve the eavesdropper, and/or Mallory the malicious adversary.
Ancient examples of cryptography include the Caesar cipher, which shifts the letters of the alphabet by a certain number of places to encrypt, and then shifts the letters back to decrypt. For example, we might send the message “fdw” to secretly mean the message “cat.” The Enigma machine of World War 2 represents a much more advanced cipher which, played a major role in the early development of cryptography and computing more broadly.
Whereas early forms of cryptography such as the Caesar cipher or Enigma machine are vulnerable to statistical analysis, modern cryptographic algorithms and protocols are designed to resist cryptanalysis and operate in the presence of attackers seeking to read or tamper with data. Cryptography is a broad and rich field of study, and we will introduce some fundamental concepts below.
Click here to see how and why today’s cryptography needs to change.
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior.
Click here to see how and why today’s cryptography needs to change.
Symmetric, or secret-key cryptography refers to cryptographic schemes which involve a single key. For example, the Caesar cipher described above is a primitive symmetric encryption scheme since both Alice and Bob need to know the same secret key (how many places to shift the letters of the alphabet). If an adversary can compromise this secret key, then they can decipher all communications. Modern forms of symmetric cryptography use keys which are 128 or 256 bits of random data that are infeasible to predict or brute force.
The Advanced Encryption Standard (AES) is a widely used cipher used for symmetric cryptography operations. Many modern computers include hardware support for AES, which make encryption operations significantly faster and resistant to timing-based side-channel attacks.
ChaCha is another family of ciphers widely used in symmetric cryptography operations. ChaCha was designed for fast and secure implementations in pure software, meaning it often exceeds AES in terms of performance and security in the absence of hardware support.
Grover’s algorithm represents one of the two quantum algorithms currently believed to be relevant to cryptography. Grover’s algorithm is a quantum search algorithm developed in 1996 by Lou Grover that gives a quadratic speedup for computing the pre-image of any black box function. In the case of symmetric cryptography, this means that a brute force key search becomes significantly easier—a Grover’s enhanced search for a 128–bit symmetric key is roughly as difficult as a search for a 64-bit symmetric key. However, many experts are skeptical that Grover’s algorithm will ever be practical at scale in the real world since it doesn’t easily parallelize. In any case, doubling symmetric key sizes can mitigate the threat of Grover’s algorithm to symmetric cryptography, even in the worst case.
First introduced by Whitfield Diffie and Martin Hellman in the seminal 1976 paper “New directions in cryptography,” public-key, or asymmetric, cryptography refers to algorithms which involve two distinct keys, usually referred to as a public key and private key. Furthermore, the schemes are constructed in such a way that it is infeasible to compute the private key from the public key.
The genius of public-key cryptography is that Alice can freely share her public key with Bob to securely communicate without concern for an adversary intercepting this public key. A few different types of public-key cryptographic primitives include public-key encryption (PKE), Diffie-Hellman key exchange, and key encapsulation mechanisms (KEMs), and digital signatures.
Public-key encryption refers to a scheme where Bob can encrypt a message to Alice using her public key. Alice, in turn, uses her private key to decrypt the message. Public-key encryption is significantly slower than symmetric-key encryption, so common usage is to securely establish a symmetric key between Alice and Bob, who subsequently use symmetric cryptography to securely communicate.
Diffie-Hellman key exchange is an alternate method for establishing a symmetric key between Alice and Bob which involves a public and private key pair for both Alice and Bob. Most TLS handshakes involve a Diffie-Hellman key exchange.
A key encapsulation mechanism (KEM) is very similar to PKE, but includes the generation of the symmetric key, or “shared secret,” directly within the protocol. Most post-quantum cryptography schemes involving encryption are presented as KEMs.
A digital signature is akin to a human signature for digital data. Alice uses her private key to “sign” some message with her private key and Bob can “verify” the authenticity of the signature using Alice’s public key. Digital signatures do not provide any confidentiality (like encryption), but are instead designed to prove the authenticity and integrity of data.
In the context of public-key cryptography, classical cryptography typically refers to public-key algorithms in widespread use today such as RSA and elliptic curve cryptography which are vulnerable to quantum computing by Shor’s algorithm.
Click here to see what you can do to better protect your organization.
The Rivest-Shamir-Adelstein (RSA) cryptosystem is one of the first instances of a public-key cryptography scheme. The security of RSA is based on the premise that it is infeasible for computers to efficiently compute the prime factorization of very large integers.
Elliptic-curve cryptography (ECC) refers to public-key cryptosystems which make use of an object from mathematics known as an elliptic curve. ECC generally exceeds earlier public-key cryptosystems such as RSA in terms of computational and space performance and security. The security of elliptic curve cryptography is based on the premise that it is infeasible for computers to efficiently compute a value known as the elliptic curve discrete logarithm.
Besides Grover’s algorithm, Shor’s algorithm is the other quantum algorithm with implications on cryptography. Shor’s algorithm actually refers to a couple algorithms developed by mathematician Peter Shor in the mid-1990s which show how quantum computers can efficiently compute the prime factorization of an integer or discrete logarithms. In particular, Shor’s algorithm is anticipated to make current public key cryptography such as RSA and elliptic curve cryptography vulnerable to compromise.
Post-quantum cryptography (PQC), also known as quantum-resistant cryptography, refers to algorithms and cryptosystems believed to be resistant to both classical and quantum computation. In other words, unlike RSA or ECC, Alice and Bob can securely transmit messages even if Eve or Mallory have access to a quantum computer. Most candidate PQC algorithms are either presented as KEMs or digital signature schemes. PQC is essential for protecting data and systems from the rapidly advancing capabilities of quantum computing technology.
CRYSTALS-Kyber, or simply Kyber for short, is a lattice-based post-quantum KEM. In July 2022, the National Institute of Science and Technology (NIST) selected Kyber as the first post-quantum KEM for standardization based on its favorable performance characteristics and extensive security analysis.
Cryptographic agility refers to the ability to swap out the cryptography in use by systems or applications with minimal disruption to operations. By supporting the ability to quickly transition away from vulnerable cryptography, cryptographic agility is an important attribute in preserving the security of networks and systems during the transition to post-quantum cryptography and beyond.
Click here to learn how QuProtect can help you with crypto-agility.
Zero trust is an approach to cybersecurity that assumes no user or device is trusted, regardless of whether they’re inside or outside the organization’s network. This approach requires organizations to continuously verify the identity and trustworthiness of users, devices, services, and applications before granting access to the organization’s network, data, and resources.
Click here to learn Why Zero Trust is Today’s Secret Weapon for Enterprise Security
While quantum computing becomes ever more prevalent in our digital lives, it is increasingly important to understand the foundational concepts around quantum computing.
These are emerging quantum technologies involving physics and engineering that rely of the properties of quantum mechanics.
A computer which makes use of the quantum states of subatomic particles to store information. Click here to better understand the implications of quantum computing.
Quantum communications include technologies that use entangled particles to transmit information. The main area of interest in quantum communications is QKD (Quantum Key Distribution). This is an exciting technology however, there are existing limitations to the applications it is useful for because of range and interference limitations.
Quantum random number generation. It uses noise to generate genuinely random numbers. Click here to see how QuSecure leverages QRNG to provide entropy. These are superior to current methods in cybersecurity of generating random numbers because generating random numbers for cryptographic keys because those are based on programmatic generation and can be reversed engineered. Click here to see how you can leverage QRNG to provide entropy throughout the entire networks.
This is a method that leverages the properties of quantum mechanics, such as the ‘no-cloning theorem,” to allow two people to securely agree on a key, a secret code word that is shared only between you and the person you are trying to communicate with. This secret code word can then be used to encrypt messages such that they can be transmitted without being read by a malicious third party.
Quantum sensors are expected to have a number of applications in a wide variety of fields including positioning systems, communication technology, electric and magnetic field sensors, gravimetry as well as geophysical areas of research such as civil engineering and seismology. Quantum sensors is using quantum principles to develop highly sensitive sensing devices.
These are the essential building blocks that make up quantum technology.
In computing, bits are the size of any character or information in the computing environment, and in quantum computing, they represent the size of the information loaded.
A classical bit can be in two states, it can be either zero or it can be one. A quantum bit or qubit, however, can be in a sort of zero state and in a one-state at the same time. This situation is called a superposition of (quantum) states. Qubits have some very particular properties: for instance, it is not possible to make copies of qubits. This is sometimes very useful, such as when you want to keep information private, and in fact this property is used in quantum cryptography. Click here to learn more about qubits and their relevancy to computers today.
A physical qubit is a physical device that behaves as a two-state quantum system, used as a component of a computer system.
A logical qubit is a physical or abstract qubit that performs as specified in a quantum algorithm or quantum circuit subject to unitary transformations, has a long enough coherence time to be usable by quantum logic gates.
The aforementioned quantum components can behave in spectacular fashion. The uniqueness of quantum physics lies in the complexity where subatomic particles interact with each other producing fascinating results.
Quantum entanglement is the physical phenomenon that occurs when a group of particles are generated, interact, or share spatial proximity.
A fundamental principle of quantum mechanics stating that, like waves in classical physics, quantum states can be added together – superposed – to yield a new valid quantum state: and conversely, that every quantum state can be seen as a linear combination, a sum of other distinct quantum states.
The coherence of a qubit, roughly speaking, is its ability to maintain superposition over time. It is therefore the absence of “decoherence”, which is any process that collapses the quantum state into a classical state, for instance by interaction with an environment.
At QuSecure we use entropy to refer to the genuine randomness produced by quantum noise the we leverage to add an extra layer of security to our cryptographic keys.
Quantum computing will usher in a new era of great opportunities for the world. The computing power that quantum will allow us opens up new avenues in research and application beyond what current classical computers can offer. That said, with the great power of quantum computing there is the problem that bad actors can use quantum computing for nefarious purposes. Understanding the problem today allows you to intelligently plan for your organizations security for both today and tomorrow.
Below are a few relevant terms to help explain today’s quantum threat and allow you to begin developing a plan to help optimize your organization’s cybersecurity road map.
Proof that the quantum computer is superior to the classical computer, based on tasks and outcomes.
This enables a quantum computer to attack cryptographic systems that classical computers can’t.
Also called Harvest-Now, Decrypt-Later (HNDL), This is when protected data is intercepted today only to be used when a quantum computer can break the encryption.
“Years to Quantum”, is the moment of uncertainty when we could lose digital security.
This is a tool that is used to determine if an organization is quantum-safe. It measures the company’s readiness for quantum technology.
With the quantum threat there arises a need for better cybersecurity. Cryptography is evolving at a rapid pace to keep up with advances in quantum technology.
An algorithm is a collection of instructions that allows you to compute a function, for instance the square of a number. A quantum algorithm is exactly the same thing, but the instructions also allow superpositions to be made and entanglement to be created. This allows quantum algorithms to do certain things that cannot be done efficiently with regular algorithms.
Uses math believed unbreakable by future quantum computers but will be broken eventually. Currently no way to break NIST or PQC quantum-safe solutions. Addresses short-term security needs
Unconditional security against classical and quantum computers. Proven safe against an attack from any adversary that has unlimited resources. Immune to mathematical attacks
NISTIR 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process is now available. NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.
The quantum problem is real and exists today. A variety of methods and applications are in development to help address and solve for the quantum problem.
From QuSecure, this is the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels. With QuProtect, for the first-time organizations can leverage quantum resilient technology to help prevent today’s cyberattacks, while future-proofing networks and preparing for post-quantum cyberthreats. Click here to learn more about how QuProtect can help your organization.
Also called Post-Quantum. Quantum resilient refers to cybersecurity methods that stand up against quantum cybersecurity attacks.
Quantum Algorithm – runs on quantum computers
Post-Quantum Cryptographic Algorithms – runs on today’s classical computer systems and defend against certain quantum algorithm driven attacks
Provides the tools that define the notion of security.
The complexity that is inherent with quantum computing necessitates a common and unified approach in how this new technology can be successfully applied in both governmental and commercial environments.
The following organizations are a few of the major groups that set the standards for enabling a consistent and secure digital framework. These organizations have recognized how disruptive the advent of quantum computing could be without standards and enhanced security measures.
Since 1901, NIST has strived to be the world’s leader in creating critical measurement solutions and promoting equitable standards. Their most recent efforts to stimulate innovation, foster industrial competitiveness, and improve the quality of life can be seen in their release of the first four quantum resistant cryptographic algorithms from their six year competition. This competition, in our new quantum era, is intended to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Click here to learn more about NIST’s newly standardized algorithms.
The Internet Engineering Task Force (IETF) is a standards organization for the internet and is responsible for the technical standards that make up the internet protocol suite. It has no formal membership roster or requirements and all its participants are volunteers.
FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce.
A federal government intelligence agency that is part of the United States Department of Defense. NSA has released guidance on post-quantum. They largely endorse the NIST standards.
The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. For security companies hoping to work with the federal government, obtaining FedRAMP authorization indicates one of the strongest forms of commitment and partnership between government and private enterprise. FedRAMP is important because it ensures consistency in the security of the government’s cloud services—and because it ensures consistency in evaluating and monitoring that security. It provides one set of standards for all government agencies and all cloud providers.
The rapid advancement of quantum computing has led to a sense of urgency from both the White House and Congress. With multiple countries increasing their efforts toward quantum supremacy the president and both houses of congress in a bipartisan fashion have begun escalating our national efforts in the area of cybersecurity and specifically post-quantum cryptography (PQC).
Click here to read the Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.
Click here to read the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.
Sources include but not limited to wikipedia.com, dictionary.com, and vocabulary.com.
1 Franklin Parkway
Bldg #930/1, Fintech Suite
San Mateo, CA, 94403
© 2024 Copyright QuSecure, Inc.
© 2024 Copyright QuSecure, Inc.
