The clock is ticking on encryption

Today's secure cipher-text may be tomorrow's open book

1 2 3 4 Page 3
Page 3 of 4

Mosca explains that, with a conventional computer, finding a pattern for an EC cipher with N number of bits in the key would take a number of steps equal to 2 raised to one-half N. As an example, for 100 bits (a modest number), it would take 2^50 (1.125 quadrillion) steps.

Michele Mosca
Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo, calls quantum computing a "game changer" for cryptography and says it could happen within 20 years.

With a quantum computer it should take about 50 steps, he says, and code-breaking would then be no more computationally demanding than the original encryption process.

With RSA, determining the number of steps needed for a solution through conventional computation is more complicated than with EC encryption, but the scale of the reduction with quantum computation should be similar, Mosca says.

The situation is less dire with symmetric encryption, Mosca explains. Breaking a symmetric code like AES is a matter of searching all possible key combinations for the one that works. With a 128-bit key there are 2^128 possible combinations. But thanks to a quantum computer's ability to probe large numbers, only the square root of the number of combinations needs to be examined -- in this case 2^64. This is still a huge number, and AES should remain secure with increased key sizes, he says.

Timing issues

When will all this happen?

"We don't know," says Mosca. To mere mortals, 20 years is a long way off, but in the world of cyber-security, it's right around the corner. "Is that an acceptable risk? I don't think so. So we need to start figuring out what alternatives to deploy since it takes many years to change the infrastructure."

Moorcones at SafeNet disagrees. "DES lasted for 30 years, and AES is good for another 20 or 30 years," he says. Increases in computing power can be countered by changing keys more often -- one per message if necessary -- he adds, as many enterprises currently change their key only once every 90 days. Every key, of course, requires a fresh cracking effort, as any success with one key is inapplicable with the next.

The rule of thumb, when it comes to encryption, is that "you want your messages to provide 20 years or more of security, so you want any encryption that you use to remain strong 20 years from now," says Kolodgy.

The other quantum technology

If quantum technology calls into question the methods used to disseminate encryption keys, it also offers technology -- called quantum key distribution, or QKD -- by which such keys can be simultaneously generated and transmitted securely. This works in at least in some situations.

QKD has actually been on the market since 2004, with the fiber-based Cerberis system from ID Quantique SA in Geneva, Switzerland. Grégoire Ribordy, the firm's founder and CEO, explains that the system is based on the fact that measuring quantum properties changes them.

1 2 3 4 Page 3
Page 3 of 4
Shop Tech Products at Amazon