Quantum-Resistant Algorithm Standardization: Strengthening CyberSecurity

This News Covers

• What is quantum computing?
• How will quantum computing impact cybersecurity research and product development?
• Which countries are investing in quantum computing for cybersecurity?
• Which federal policies govern quantum computing in cybersecurity?
• Who are the top companies that may invest in quantum computing in cybersecurity?
• What is Quantum Computing Cybersecurity Preparedness Act
• Which countries will likely be top leaders in this space?
• What is quantum destruction?
• How significant is IBM's role quantum-resistant algorithms standardization?

Recently, the National Institute of Standards and Technology (NIST) made a significant move in the field of cybersecurity by selecting four quantum-resistant algorithms for standardization. This development marks an important milestone in the industry's efforts to address the impending threat posed by quantum computing to traditional cryptographic systems. With the rapid advancement of quantum computers, it has become crucial to prepare for a post-quantum era where current encryption methods may no longer be secure. The selection of these quantum-resistant algorithms by NIST paves the way for the development and implementation of robust cryptographic solutions that can withstand the computational power of quantum computers. This step is of great significance to the cybersecurity industry as it signals the urgency and importance of transitioning to quantum-safe technologies to protect sensitive data and maintain the security of critical systems in the face of evolving cyber threats.

MarketsandMarkets welcomes this news and our editors share their views.

What is quantum computing?

Quantum computing is a revolutionary approach to computation that leverages the principles of quantum mechanics. Traditional computers use bits to represent information as either a 0 or a 1, while quantum computers use quantum bits, or qubits, which can exist in a superposition of states, representing both 0 and 1 simultaneously. This unique property of qubits allows quantum computers to process and manipulate large amounts of data simultaneously, leading to exponential speedup in certain computational tasks.

Our analysts estimate that global quantum computing market is poised to reach $0.43 billion by 2026, growing at a CAGR of 30.5% from 2021 to 2026.

How will quantum computing impact cybersecurity research and product development?

The impact of quantum computing on cybersecurity research and product development is profound. One of the most significant implications is the potential threat it poses to current encryption methods. Many encryption algorithms, such as RSA and Diffie-Hellman, rely on the difficulty of factoring large numbers or solving discrete logarithm problems, which can be efficiently solved by quantum computers using Shor's algorithm. This means that once large-scale, error-corrected quantum computers become a reality, they could break these encryption algorithms, rendering much of the existing cryptographic infrastructure vulnerable.

To address this challenge, researchers and experts are actively working on developing quantum-resistant or post-quantum cryptography algorithms. These algorithms are designed to withstand attacks from both classical and quantum computers. The aim is to create encryption methods that are resistant to the computational power of quantum computers, ensuring the security of sensitive data even in the presence of quantum threats.

In addition to encryption, quantum computing can also have an impact on other areas of cybersecurity, such as secure communication protocols, authentication mechanisms, and random number generation. Quantum key distribution (QKD), for example, is a promising approach for secure communication that leverages the principles of quantum mechanics to ensure the confidentiality and integrity of transmitted data.

Which countries are investing in quantum computing for cybersecurity?

Several countries are actively investing in quantum computing for cybersecurity purposes. The United States has been a leading player in quantum research and development, with significant investments from both the government and private sector. The National Quantum Initiative Act, passed in 2018, allocated substantial funding to advance quantum research and technology in the country. The U.S. government, through agencies like the National Institute of Standards and Technology (NIST) and the Department of Energy, is also actively involved in the development of post-quantum cryptography standards.

Other countries, such as Canada, China, and European nations, are also making significant investments in quantum computing and cryptography. Canada's Perimeter Institute for Theoretical Physics and the Institute for Quantum Computing at the University of Waterloo are renowned centers for quantum research. China has set ambitious goals in quantum technology and is investing heavily in quantum research and infrastructure. European countries, through initiatives like the Quantum Flagship program, are fostering collaboration among researchers and industry partners to accelerate quantum technologies' development.

Which federal policies govern quantum computing in cybersecurity?

Federal policies governing quantum computing in cybersecurity vary across countries. In the United States, the National Institute of Standards and Technology (NIST) plays a crucial role in developing standards and guidelines for quantum-resistant cryptography. NIST initiated a Post-Quantum Cryptography Standardization process in 2016, which involves evaluating and selecting quantum-resistant algorithms. The goal is to establish a set of widely accepted, standardized algorithms that can be used to secure sensitive information in a post-quantum world.

MarketsandMarkets' analysts estimat that global cyber security market was worth $173.5 billion in 2022. It is expected to grow at a compound annual growth rate (CAGR) of 8.9% to reach $266.2 billion by 2027

What is Quantum Computing Cybersecurity Preparedness Act

This act addresses the migration of executive agencies' information technology systems to post-quantum cryptography. Post-quantum cryptography is encryption strong enough to resist attacks from quantum computers developed in the future. The act does not apply to national security systems.[1]

Similarly, other countries are also working on defining policies and standards for quantum-resistant cryptography. The European Telecommunications Standards Institute (ETSI) and the European Union Agency for Cybersecurity (ENISA) are actively involved in developing guidelines and recommendations for post-quantum cryptography. These policies aim to ensure that cryptographic systems and protocols used in critical infrastructure and sensitive sectors can withstand quantum attacks.

Who are the top companies that may invest in quantum computing in cybersecurity?

Several top companies are expected to invest in quantum computing for cybersecurity. Major tech giants like IBM, Google, Microsoft, and Intel have already made substantial investments in quantum research and development. IBM, in particular, has made significant progress in developing quantum computers and is actively working on quantum-safe cryptography solutions. These companies have the resources, expertise, and infrastructure to drive advancements in quantum computing and its applications in cybersecurity.

In addition to tech giants, startups and specialized companies focused on quantum-resistant cryptography are emerging. Examples include companies like PQShield, which specializes in post-quantum cryptography solutions, and Quantum Xchange, which offers quantum-safe key distribution services. As the demand for quantum-resistant solutions grows, we can expect increased investments and collaborations in this space.

Which countries will likely be top leaders in this space?

The top leaders in the field of quantum computing for cybersecurity are likely to be countries that have made significant investments in quantum research and development. The United States, with its strong focus on quantum technologies and robust ecosystem of research institutions and companies, is expected to be a key player. China, with its ambitious quantum technology goals and substantial investments, is also likely to be a frontrunner. Other countries such as Canada, Germany, the United Kingdom, Australia, and the Netherlands have made notable strides in quantum research and are well-positioned to become leaders in this space.

What is quantum destruction?

Quantum destruction refers to the potential risk posed by quantum computers to current cryptographic infrastructure. As quantum computers become more powerful, they have the potential to break widely used encryption algorithms that rely on the difficulty of certain mathematical problems. For example, algorithms like Shor's algorithm can efficiently factor large numbers, which would undermine the security provided by encryption methods such as RSA.

The concept of "harvest now, decrypt later" attacks arises from the fact that quantum computers could store encrypted data until they become powerful enough to break the encryption. This means that sensitive information encrypted with current cryptographic methods could be vulnerable to decryption in the future when large-scale, error-corrected quantum computers are available.

To mitigate the risks of quantum destruction, the development and adoption of quantum-resistant or post-quantum cryptography are crucial. These cryptographic algorithms are designed to be resistant to attacks from both classical and quantum computers, ensuring the long-term security of sensitive data. By transitioning to quantum-safe encryption methods, organizations and individuals can protect their data from future quantum threats.

Few of the quantum computing cybersecurity products

IBM recently announced its IBM Quantum Safe roadmap, which helps organizations navigate the complex landscape of quantum-safe cybersecurity. The roadmap includes products such as IBM Quantum Safe Explorer, which scans code to identify vulnerabilities, and IBM Quantum Safe Advisor, which analyzes cryptographic posture to prioritize risks.

PQShield, a post-quantum cryptography company, welcomed the U.K. government's focus on improving cybersecurity and called for continued support and investment. The company emphasized the need for cryptography modernization and a clear strategy to lead in the emerging quantum-secure technology sector.

The Federal Energy Regulatory Commission (FERC) approved a new rule to incentivize cybersecurity investments in the U.S. utility sector. Electric utilities can now earn an additional return on equity for certain cybersecurity investments, encouraging the protection of critical infrastructure from cyberattacks.

Overseas Chinese Banking Corp Ltd (OCBC) invested in the First Trust Nasdaq Cybersecurity ETF (CIBR), signaling its appreciation for advanced cybersecurity strategies. CIBR invests in companies that provide cybersecurity products and services, offering diversification and exposure to the fast-growing information security sector.

Investors, including Arkadios Wealth Advisors and Mirador Capital Partners LP, increased their holdings in the First Trust Nasdaq Cybersecurity ETF. The ETF provides an investment option for those seeking exposure to the growing cybersecurity industry.

Overseas Chinese Banking Corp Ltd also purchased shares in Rapid7, a cybersecurity provider. Rapid7 offers a comprehensive suite of cybersecurity solutions, positioning them as a valuable partner for businesses seeking to secure their operations online.

These developments highlight the increasing focus on quantum-safe cybersecurity and the investments being made by companies and governments in this field. The emergence of quantum computing poses a significant threat to current encryption methods, driving the need for quantum-resistant solutions and strategies to protect critical data from quantum attacks.

How significant is IBM's role quantum-resistant algorithms standardization?

Last July, the National Institute of Standards and Technology (NIST) selected four quantum-resistant algorithms for standardization, including three contributed by IBM and its collaborators: CRYSTALS-Kyber public-key encryption, CRYSTALS-Dilithium digital signature algorithms, and the Falcon digital signature algorithm. This announcement served as a wake-up call for the world to start preparing for the quantum-safe transition.

IBM had already begun making its technology quantum safe, including the IBM z16 mainframe and IBM Tape storage technology. However, the company recognized that clients have unique needs in their own quantum-safe transitions. The ultimate goal for clients is crypto-agility, which refers to the ability to protect systems against emerging vulnerabilities, adapt to new compliance requirements, and respond to breaches while maximizing efficiency and minimizing operational disruption.

To address this need for agility, IBM launched IBM Quantum Safe and developed an end-to-end solution for clients in the post-quantum era. The solution revolves around three key actions: Discover, Observe, and Transform.

In the Discover stage, IBM Quantum Safe Explorer was developed. This tool scans both source code and object code to identify and locate cryptographically relevant artifacts and dependencies. It generates a call graph that catalogs these artifacts, creating a Cryptography Bill of Materials (CBOM) as a knowledge base.

The next stage, Observe, involves analyzing the cryptography posture of compliance and vulnerabilities to prioritize remediation based on risks. Clients can use IBM Quantum Safe Advisor to assess their cryptographic inventory dynamically and guide the remediation process.

Finally, in the Transform stage, IBM Quantum Safe Remediator comes into play. It allows clients to learn and apply quantum-safe remediation patterns in a development environment, preparing them to deploy quantum-safe solutions across their technology stack.

Through these technology capabilities, IBM aims to provide clients with a comprehensive solution for their quantum-safe transition, enabling them to identify cryptographic assets, assess vulnerabilities, and implement remediation strategies. By embracing quantum-safe technologies, organizations can proactively protect their systems and data in the face of the quantum computing threat.

References

1. Quantum Computing Cybersecurity Preparedness Act
2. Bain Capital and Accel invest $190m in cybersecurity provider, Blackpoint Cyber
3. Neo Ivy Capital Management Increases Investment in Fortinet by 284.7%
4. China Telecom to set up quantum technology unit with $434m
5. Is quantum Computing a threat to Cyber Security?
6. How IBM Quantum is bringing organizations along their quantum-safe technology journey