Your Encryption Isn't Quantum Safe

Summary

In this video, IBM Technology discusses the looming threat of quantum computers to current encryption systems. The video outlines the differences between symmetric and asymmetric algorithms, and how quantum computing, particularly through Shor's and Grover's algorithms, poses a significant threat to them. The video emphasizes the urgency of transitioning to quantum-safe cryptography, as the timeline for quantum computers to break current encryptions is not far off. IBM highlights the importance of data inventory and crypto-agility in preparing for a secure future.

Highlights

• Quantum computers could nullify current encryption methods by cracking them with ease. 🔄
• Symmetric encryption can be fortified by doubling key lengths, but not asymmetric. 🚫🔒
• Shor's algorithm poses significant threats to asymmetric encryption, urging the need for quantum-safe solutions. 💣
• The National Institute of Standards has chosen four quantum-safe algorithms with IBM contributing to three. 🏆
• Preparing for a quantum era requires understanding data sensitivity and ensuring crypto-agility. 🛡️

Key Takeaways

• Quantum computers pose a threat to current encryption systems by potentially rendering them obsolete. 🔓
• Symmetric algorithms can be strengthened by increasing key length, but asymmetric algorithms are more vulnerable to quantum attacks. ⚠️
• Shor's algorithm, optimized for quantum computers, can break modern asymmetric encryption like RSA. 😱
• IBM has contributed to the development of quantum-safe algorithms, with four being picked by the National Institute of Standards. 🚀
• Data inventory and crypto-agility are crucial steps to prepare for a quantum-secure future. 🔐

Overview

Imagine a future where quantum computers crack today's crypto systems like a hammer to glass—this isn't science fiction; it's a looming reality. The video from IBM Technology paints a picture of what could happen if quantum computing power advances as expected. The privacy of our data and the security of our transactions hang in the balance as these super-computers could unscramble our cryptographic defenses with ease.

The crux of the issue lies in the difference between symmetric and asymmetric algorithms—while symmetric algorithms can be made robust with longer key lengths, asymmetric ones, like RSA, are in jeopardy due to quantum computing powers like Shor's algorithm. This sets the stage for a pressing need to develop quantum-safe cryptography, a challenge IBM is tackling by contributing to new encryption algorithms.

But it's not just about creating new algorithms—it's about being proactive with current data security practices. The emphasis on data classification, inventory, and achieving crypto-agility becomes paramount. Thinking ahead, IBM underscores that our future safety depends on actions we take today—because data harvested now can be decrypted later when quantum computers come of age.

Chapters

• 00:00 - 00:30: Introduction to Quantum Threats The chapter "Introduction to Quantum Threats" discusses the potential future impact of quantum computing on current encryption systems. It explores a hypothetical scenario where someone could travel to the future, obtain a quantum computer, and use it to break today's cryptographic systems. The chapter emphasizes the idea that while data encryption currently provides security, future advancements in technology, such as quantum computing, might render this encryption ineffective, leading to a loss of privacy, unreliable transactions, and untrustworthy records.
• 00:30 - 01:00: Types of Cryptographic Algorithms This chapter examines the threat of quantum computers cracking cryptographic algorithms. It highlights the distinction between symmetric and asymmetric algorithms, explaining that symmetric algorithms utilize a single key for both encryption and decryption.
• 01:00 - 01:30: Symmetric and Asymmetric Algorithms The chapter explores both symmetric and asymmetric encryption algorithms, highlighting their key characteristics and differences. For symmetric algorithms, the primary example given is the AES encryption standard, typically utilizing key sizes ranging from 128 to 256 bits. In contrast, asymmetric algorithms make use of two keys: a public key and a private key. A common example of an asymmetric algorithm discussed is the RSA algorithm, which involves encrypting data with one key and decrypting it with the other.
• 01:30 - 02:30: Strengths of RSA and Factorization The chapter discusses the fundamental differences between asymmetric and symmetric algorithms, particularly focusing on RSA. It highlights how RSA uses much longer key lengths, typically between 1024 to 2048 bits, making them substantially larger than keys used in symmetric algorithms. This increased key length is crucial for the security of RSA. The chapter also touches on the underlying mathematics that differentiate these types of algorithms, suggesting that the unique operational methodologies contribute to their effectiveness, especially in terms of security.
• 02:30 - 04:00: Quantum Computer Threats to Cryptography The chapter discusses the potential threats quantum computers pose to cryptography. It uses the example of factorization to explain why current cryptographic methods are secure, as they rely on mathematical problems that are difficult to solve using classical computers. For instance, figuring out the prime factors of a simple number like 21 is easy (7 and 3), but the complexity increases significantly with larger numbers, making it a strong basis for cryptography.
• 04:00 - 05:30: Projections and the Immediate Need for Action The chapter titled 'Projections and the Immediate Need for Action' delves into the complexities of determining large prime factors, a fundamental challenge in cryptography. The chapter uses the example of RSA encryption to illustrate mathematical intricacies, emphasizing how the introduction of quantum computers could significantly alter the landscape of cryptographic security by efficiently cracking such encryption methods.
• 05:30 - 08:00: Developing Quantum Safe Strategies The chapter titled "Developing Quantum Safe Strategies" discusses the vulnerabilities of symmetric algorithms due to Grover's algorithm, which effectively weakens them by half. However, the solution to counteract the enhanced cracking capabilities of quantum computers is relatively straightforward: by simply doubling the length of the encryption key, the security can be restored.
• 08:00 - 09:30: Conclusion and Call to Action The chapter discusses the vulnerabilities of asymmetric algorithms when faced with quantum computing, particularly through Shor's algorithm, which can effortlessly break these algorithms despite their long keys. This highlights the urgent need for developing new, quantum-safe cryptographic algorithms to ensure security in the face of quantum computing advancements.

Your Encryption Isn't Quantum Safe Transcription

• 00:00 - 00:30 Today, you assume that if your data escapes, as long as it's encrypted, it's no problem, because if someone gets the data, they still can't read it. But imagine a case where if you could jump into a time machine and go a hundred years into the future and bring back one of their computers with all its capabilities and use it to crack today's crypto systems? Well, guess what? They would fall. In fact, nothing would be secret anymore. Privacy would go out the window. Transactions would no longer would be reliable and records couldn't be trusted.
• 00:30 - 01:00 Well, that's the threat that we're facing with quantum cracking of crypto algorithms. So let's take a look at not only the threat, but why is this a problem and what's the nature of the problem? Well, first of all, as you may be aware, there are different types of crypto algorithms. There are symmetric algorithms and there are asymmetric algorithms. Symmetric algorithms use one key; you encrypt with that key, you decrypt with the same key.
• 01:00 - 01:30 The most common example of this is the AES encryption standard, and the key links are normally in the 128 to 256 bit range in terms of their size. So that's how that works. Asymmetric is different. Asymmetric, we use two keys. One is a public key and one is a private key. So if I encrypt with one, I decrypt with the other. Most common example of this is the RSA algorithm.
• 01:30 - 02:00 And what's different here is the algorithms operate differently and the math behind them is different. The key lengths for asymmetric algorithms tend to be much longer. For instance, RSA, we're typically using 1024 to 2048 bits in length. So really 10x the size of the keys that we were using for symmetric algorithms. Now, just as an aside, why does this stuff work? Well, for instance, if you're looking at an asymmetric algorithm like RSA--
• 02:00 - 02:30 Now this is not an exact example, so this is a gross approximation, just to give you an idea. But they're strong because they rely on underlying mathematical problems that are hard to solve. One of those is trying to do factorization. If, for instance, I give you an example of a number like 21. And I say, tell me what are the prime factors of 21? Well, 7 and 3, not so hard to figure out. Those are both prime numbers and they multiplied together, become 21.
• 02:30 - 03:00 But what if I give you a really big number like this and say, tell me, what are the two large prime factors that will multiply together to equal that? Much more difficult to determine. Now, again, RSA uses a lot more complexity than that, but it gives you a taste of what's involved mathematically. Well, so let's take a look. If our asymmetric algorithm is like this and we get a key length, that's of this size, well, then what happens if we put a quantum computer on this problem to crack it?
• 03:00 - 03:30 I'll tell you what turns out is, the algorithm effectively becomes half as strong because of a thing called Grover's algorithm. Grover's weakens symmetric algorithms by half. Now, the good news is, if we want to go ahead and overcome the cracking capabilities of the quantum computer, all I have to do is just make the key twice as long. So that's not such a hard problem to solve.
• 03:30 - 04:00 The thing we're much more worried about is in these cases with asymmetric algorithms, even though we have really long keys, it turns out that these things fall like a house of cards against a thing known as Shor's algorithm. Shor's algorithm is optimized for a quantum computer. A traditional computer can't do nearly as much with that. So with Shor's, the whole thing falls. So what we need here is a new crypto algorithm that is going to be quantum safe.
• 04:00 - 04:30 And the good news is, we have some of those now, and I'll talk more about those in a minute. But first of all, why do you care about this? Because today's quantum computers are limited. They can't crack this at the moment. At the moment that I'm saying this. Now, this could all change tomorrow, if somebody finds a new back door. But just consider that today, it's okay. But if we look into the future, crypto experts tell us, for instance, some of the projections are that there's a 1 in 7 chance that by the year 2026,
• 04:30 - 05:00 we'll be able to break these asymmetric algorithms with Shor's algorithm using a quantum computer that has enough qubits, that is a relative measure of the power of the quantum system. Further, the numbers look like it's 1 in 2 by the year 2031. So if we're looking at these kind of projections, that's not so far off into the future.
• 05:00 - 05:30 So if we want to even just estimate and say, well, maybe 5 to 10 years, we'll be okay. You might say to me, "Jeff, why do you care? Wake me up in five years or ten years when the quantum systems get strong enough to actually break this." And I'm going to tell you, you have to care now, because remember that time machine example in the beginning of the video? That's what's going to happen. We have this kind of attack where we harvest the data now and we decrypt later.
• 05:30 - 06:00 In other words, I put a sniffer on your network and I start collecting all the encrypted data that's going across your network. Or I get a copy of your database, even though it's encrypted. Maybe it's a backup copy of the database and it's encrypted. And we're going on that assumption I said at the beginning, that as long as it's encrypted, we think we're safe. Well, if I go and grab one of these systems from the future and I've kept this data, eventually the future comes to us.
• 06:00 - 06:30 And eventually I can start cracking all of the data that I harvested in the past. All of those records now become publicly available. That becomes a huge problem for us. So the time to start thinking about this problem is in fact now. In fact, if you could get into a time machine and go backwards, the time to start thinking about the problem would have been before now. But what can we do for now? Well, there's a number of things that we can do.
• 06:30 - 07:00 And there's there's some good news in this story. So, for instance, what we ultimately want to get to is quantum safe cryptography. That is a new set of algorithms that are not vulnerable to Shor's. And those will allow us to continue to encrypt data with confidence. But until we get there and where we're actually using these in production, then there are some things we could do to set up. Now, first of all, to say we're not having to wait for this necessarily.
• 07:00 - 07:30 The good news is the National Institute of Standards has actually picked four algorithms that they believe are quantum safe. Now, just as a point of pride, IBM contributed to three out of those four. So we're doing a lot of really important research to try to protect the world against this kind of threat. It's going to take some time to vet these algorithms fully and actually get them implemented, so what did we do before then? Well, some of the things we should do first is basically discover where is my data.
• 07:30 - 08:00 See where all of the important information is. Classify it and know what levels of sensitivity I'm dealing with. Not everything is the same level of sensitivity. Some data, maybe if someone decrypts it later and it's two years into the future, or even tomorrow, it might not matter anymore. It's time sensitivity has expired. But some other data has a very long shelf life and we need to protect it for decades. So we need to understand that. The next thing is to do an inventory.
• 08:00 - 08:30 Where is all of that data? Once I've looked at the kinds of data I have, where is it all located? Because eventually I'm going to need to go back and protect all of that stuff. If I don't know where it is, I can't protect it. And then, ultimately, I'm going to look at trying to create an ability that we call "crypto-agility". That is, when I'm coding new algorithms, when I'm putting new functions into place, I want to make sure that I'm not just hard coding crypto algorithms in.
• 08:30 - 09:00 I want to be able to do a plug-and-play-- pull that algorithm out and put a new one in. Pull RSA out and put it in the new quantum safe algorithm. So crypto-agility means creating the right kinds of interfaces into our systems so that we'll have that kind of protection. And then ultimately, when we get the quantum safe crypto, we can put that in place and now we'll have the protection going forward. But again, this is a problem that is going to affect us in the future and we're laying the seeds for how we will deal with that right now.
• 09:00 - 09:30 Remember harvest, now decrypt later. This is what the quantum future holds for us. So be prepared. Thanks for watching. If you found this video interesting and would like to learn more about cybersecurity, please remember to hit like and subscribe to this channel.