Much has been bantered about how advances in quantum computing will adversely affect the ability of companies and governments to keep secret information, well, secret. Jeffery Moore, chief of UK’s Secret Intelligence Service (MI-6), summed it up nicely when he spoke at the International Institute for Strategic Studies (IISS) on November 30, on Human Intelligence in a Digital Age:
“We live in a world transformed by digital connectivity and stand on the cusp of revolutionary advances in technology which will affect the way we live and work in ways we cannot fully foresee. Advances in quantum engineering and engineered biology will change entire industries. The huge volumes of data now available across the globe, combined with ever increasing computer power and advances in data science, will mean the integration of artificial intelligence, AI, into almost every aspect of our daily lives.”
Moore warned, “Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology, because they know that mastering these technologies will give them leverage. “
This is spot-on. Quantum computing may have a deleterious effect on continued security of data encrypted with today’s digital cryptographic system. Nation-state actors with the resources are likely taking actions now to prepare for the day when quantum computing can crack standard encryption methods. Two nations with such resources are, China and Russia. Their signals intelligence entities are no doubt engaging in the equivalent of a “hoover vacuum” exercise in acquiring encrypted communications going to and from targets of interest for future cryptoanalysis and exploitation.
NIST efforts re: quantum cryptography
The National Institute of Standards and Technology (NIST) is looking at the post-quantum cryptography, also known as quantum-resistant cryptography, issue. The goal is to develop cryptographic systems that are “secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.”
NIST is deep into this effort, as detailed in its July 2020 NISTIR 8309 bulletin. The NISTIR details how the 69 original submissions in 2017 have now been whittled down to three viable candidates. It is NIST’s intent to release the initial standard for quantum-resistant cryptography in 2022.
In an MIT Technology Review piece, Dustin Moody, a mathematician at NIST warned, “The threat of a nation-state adversary getting a large quantum computer and being able to access your information is real. The threat is that they copy down your encrypted data and hold on to it until they have a quantum computer.” He cautioned, “Adversaries and nation-states are likely doing it. It’s a very real threat that governments are aware of. They're taking it seriously and they're preparing for it.”
He’s right, history has shown us that this strategic approach has legs.
A bit of déjà vu: The Venona Project
A look back into history provides demonstrable evidence of that the above scenario has proven productive in the past and no doubt will be in the future. One need to only look at 37-year Venona Project– Soviet Espionage and the American Response 1939-1957.
In 1995 the U.S. intelligence community released an archive of 2,900 Soviet intelligence messages, decrypted years after they had been transmitted. The trove of messages detailed the success enjoyed by the Soviet Union in its espionage operations against the United States and the United Kingdom in the 1940s. Message collection began in 1939 with the code being broken and exploited from 1943 to 1946.
The success was not via the most obvious means of having the luck of a stolen the codebook, nor by acquiring access to the plain-text messages. Rather, famed crypto-linguist Meredith Gardner reconstructed the codebook using classic codebreaking techniques. The Soviets in 1942, arguably in a period of great flux given Germany’s invasion in June 1941, created codebooks that used duplicative code -- a situation that continued from 1942 through 1948.
DHS warning on danger of quantum technology breakthrough
Tim Mauer, who advises the U.S. Department of Homeland Security (DHS) secretary on cybersecurity and emerging technology, told MIT Technology Review, “We don’t want to end up in a situation where we wake up one morning and there’s been a technological breakthrough, and then we have to do the work of three or four years within a few months—with all the additional risks associated with that.” The DHS in its October 2021, Post-Quantum Cryptography – Frequently Asked Questions document, highlights why post-quantum cryptographic solutions are needed, as current algorithms will be vulnerable.
Moore and Mauer have highlighted the salient point for CISOs, the future is going to be one of rapid change. Change which would awe the cryptanalysts of in Bletchley Park and Arlington Hall at the speed at which their 1940s efforts could be accomplished in our near future.
Remember, providing you truly use the one-time-pad key once, a number two pencil, pad of paper, and the one-time-pad key, continues to provide secure data encryption. It just doesn’t scale nicely.