Information Security in the Age of Quantum Technologies

Similar documents
The science behind these computers originates in

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Cyber Security in the Quantum Era

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION

Quantum threat...and quantum solutions

FIS' Partnership with Zelle for P2P Payments

Quantum Computing. Richard Jozsa Centre for Quantum Information and Foundations DAMTP University of Cambridge

The Quantum Threat to Cybersecurity (for CxOs)

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

The quantum threat to cryptography

Quantum Technologies: Threats & Solutions to Cybersecurity

Security Implications of Quantum Technologies

Lecture 1: Introduction to Public key cryptography

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

L E A D I N G T H E C O M P U T I N G R E V O L U T I O N

Managing the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016

Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

Briefing. H.E. Mr. Gyan Chandra Acharya

Quantum Entanglement and Cryptography. Deepthi Gopal, Caltech

10 - February, 2010 Jordan Myronuk

Broadband Internet Access Disclosure

Cryptography in a quantum world

Quantum Wireless Sensor Networks

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Quantum technology popular science description

Introduction to Quantum Computing

PROGRAM OF THE RUSSIAN FEDERATION CHAIRMANSHIP OF THE ARCTIC COUNCIL IN

Notes for Lecture 17

Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

CHEMICAL AND EXPLOSIVE TERRORISM

Quantum Cryptography. Marshall Roth March 9, 2007

The Two Time Pad Encryption System

Attacks on RSA & Using Asymmetric Crypto

Putting the U.S. Geospatial Services Industry On the Map

9 Knapsack Cryptography

Quantum Networking: Deployments, Components and Opportunities September 2017

European Lignite Mines Benchmarking. Sanitized Report

CIMA Dates and Prices Online Classroom Live September August 2016

White paper Quantum computing in financial services

The Elliptic Curve in https

Alluvium Consulting Australia Senior integrated water management specialist Position Description March 2018

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Build your own CSIRT/SOC real projects experience

COGNITIVE GROUP why talent is the key to successful business transformation

EU investment in Quantum Technologies

LECTURE NOTES ON Quantum Cryptography

Ground-Satellite QKD Through Free Space. Steven Taylor

R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.

ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS

The purpose of this report is to recommend a Geographic Information System (GIS) Strategy for the Town of Richmond Hill.

Working with Rumaila's Supply Chain

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

Quantum Cryptography and Security of Information Systems

Copernicus Academy. Roles and responsibilities of the Copernicus Academy. user uptake. Focus Data uptake, capacity building and skills development

The Quantum Age Technological Opportunities

Ministry of Health and Long-Term Care Geographic Information System (GIS) Strategy An Overview of the Strategy Implementation Plan November 2009

Cryptography. pieces from work by Gordon Royle

DATA ENCRYPTION DEVICE USING RADIOACTIVE DECAY AND A HYBRID QUANTUM ENCRYPTION ALGORITM

Arctic Spatial Data Infrastructure Enabling Access to Arctic Location-Based Information

PUBLIC SAFETY POWER SHUTOFF POLICIES AND PROCEDURES

Lattice-Based Cryptography

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Quantum Teleportation Enters the Real World By Nathaniel Scharping med expo

Frequently Asked Questions

Standardization of Quantum Cryptography in China

THE ROLE OF GEOSPATIAL AT THE WORLD BANK

Intel s approach to Quantum Computing

Research, Development and Simulation of Quantum Cryptographic Protocols

Quantum Computing and the Possible Effects on Modern Security Practices

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

Whitepaper. All Currency, One Wallet!

PQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel

CRYPTOGRAPHY AND NUMBER THEORY

Cryptographic Hash Functions

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

EVALUATION REPORT OF THE RUSSIAN QUANTUM CENTER RQC

Ping Pong Protocol & Auto-compensation

The Swedish National Geodata Strategy and the Geodata Project

Using Quantum Effects for Computer Security

Draft Model Memorandum of Understanding to promote voluntary cooperation between Government and Chemical Industry to enhance Precursors Chemicals

Device-Independent Quantum Information Processing

ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK

UK Networked Quantum Information Technologies Hub: Opportunities for Business

Advancing Geoscientific Capability. Geological Survey of Finland

CPSC 467: Cryptography and Computer Security

CRYPTOGRAPHY AND LARGE PRIMES *

GeoComply Overview. 666 Burrard Street, Suite 1530, Vancouver BC V6C 2X8

Vaisala AviMet Automated Weather Observing System

Single and Entangled photons. Edward Pei

Keynote Address. Felecia Etheridge Chief Customer Engagement Officer CPS Energy

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Blockchain and Quantum Computing

VISIT MISSISSIPPI GULF COAST CRISIS COMMUNICATION MANUAL 2016

Economic Benefit Study on Value of Spatial Information Australian Experience

POLICY: FI/PL/03 Issued on August 5, Fee Policy for GEF Partner Agencies

APPLICATIONS OF THE QUANTUM KEY DISTRIBUTION (QKD) METHOD

Transcription:

www.pwc.ru Information Security in the Age of Quantum Technologies

Algorithms that enable a quantum computer to reduce the time for password generation and data decryption to several hours or even minutes have already been developed. Cyber Security: The Quantum Threat Rapid technological progress has created a new business reality, the digital economy. Nowadays companies largely interact with each other and their partners and customers via digital channels that send and receive data. The issue of digital trust therefore arises. How can you ensure that sensitive data and information is secure and your company can be trusted digitally? Eighty-three percent of Russian CEOs believe that a cyber security breach would have negative consequences on confidence in their business. 1 At PwC, we believe that emerging technologies can both undermine consumer trust fostered over many years in companies, products and services as well as taking those levels of trust to new, previously unattainable levels. Quantum technologies are a perfect illustration of this dichotomy. Information security techniques currently employed by Russian companies rely upon data encryption and password-protected access. Thus, to obtain confidential information, a cyber-criminal needs either to intercept the password or solve a complex mathematical problem to guess the password (i.e. break the encryption), a time-consuming process even for modern classical computers. However new types of computers are currently being developed that leverage the computational power of quantum physics. These are quantum computers. One of their strengths is a much stronger capacity to perform parallel computations compared to classical computers. Algorithms 2 that enable a quantum computer to reduce the time for password generation and data decryption to several hours or even minutes have already been developed. Quantum computer development is progressing at a faster pace than expected. Alongside the successful initiatives of IBM and Google, research teams from Harvard and the University of Maryland have almost simultaneously implemented two new 51- and 53-qubit quantum computing systems. 3 Breaks of the RSA cryptosystem in recent years using conventional computation 4 Key length (bits) Log scale 2048 1024 512 Extrapolation suggests that 2048-bit keys could be safe from conventional attack for some time, but quantum computers using Shor s Algorithm + sufficient memory could make the trend exponential. Risk from quantum computing 256 Key lengths broken by conventional computing architectures in recent years 1995 2000 2005 2010 2015 2020 Years broken 1 PwC 20th Russian CEO Survey, 2017 2 Shor s and Grover s algorithms. 3 https://www.forbes.com/sites/jasonbloomberg/2017/08/11/this-is-why-quantum-computing-is-more-dangerous-than-you-realize. 4 ETSI. Quantum Safe Cryptography and Security: an introduction, benefits, enablers and challenges. ISBN 979-10-92620-03-0

Should Russian businesses be doing more to protect their data from the threat posed by Quantum Computing? PwC and the Russian Quantum Centre (RQC) believe they should for the following reasons: A rapid transition to new information security technologies, tools and methodologies is unrealistic because it requires significant infrastructural, cultural and procedural change, as well as funding. Transformation takes time and money. Cyber criminals are already capable of intercepting encrypted and strategically important confidential information and storing it. As quantum computing develops and becomes commercially viable they will be able to access and use quantum assets to break the encryption protecting this data. Quantum Computing the threat and the solution: there are two quantum enabled approaches to ensuring digital asset protection from the threats posed by quantum computers Information security guaranteed by the laws of physics Quantum key distribution Quantum key Encrypted data GOST* encryption Quantum channel Encrypted data Open communication channel Quantum key distribution GOST decryption Quantum key Quantum cryptography aims to protect the information transferred between individual users or data sources within one network. The primary objective is to prevent its interception and therefore avoid any subsequent decryption. Quantum cryptography uses a complex key sent from the sender to the recipient via photons, which are elementary particles of light. The integrity of the anti-interception security is complete since even the most sensitive intercepting device would inevitably change the photon s state. Therefore, whenever you try to eavesdrop on the information transmitted via a quantum channel, you will corrupt the message and be detected instantly. A safely transmitted key can then be used to encrypt information transferred along existing data channels. In the age of quantum computers, quantum cryptography will ensure long-term data protection. This technology does not require new infrastructure and can work via existing optical fibre lines, and it is compatible with the encryption devices currently in use. Such hardware solutions have been implemented and tested by RQC in Russia and are operational. However, there are a number of nuances that need to be taken into account when implementing this technology. For example, at the current development stage, there are certain limitations on key transmission distances (50-100 km) and generation time. To work, a dedicated optic fibre without amplifiers and repeaters is necessary. This, coupled with a relatively high cost, has so far made it difficult to apply this technology to ensure the end-to-end protection of all corporate data. It is therefore reasonable to focus on the most critical data. A new generation of mathematical algorithms Post-quantum cryptography puts forth new encryption algorithms that are hard to crack both for classic and quantum computers. The field of post-quantum cryptography is currently focused on R&D activities to develop such algorithms, verify existing solutions and test concepts and pilots. However, there are so far no unified and battle-proven standards for post-quantum encryption in the market. It is probable that given the pace of development of quantum technologies, the selected algorithm would no longer ensure the required level of protection and it would have to be replaced. That is why it is crucial to select an optimum algorithm at the very beginning of the project. Another nuance of post-quantum encryption is the high-level specifications for computational resources. On the one hand, these algorithms can be rolled out in almost any code, while on the other hand, the greater the volume of data to be protected, the more computational capacity it will take. * GOST Russian National Standards

Which quantum data protection technology should I choose? Quantum and post-quantum cryptography methods have their pros and cons. To select an optimal solution for a specific organisation, PwC and RQC have developed an approach combining global information security best practices and knowledge, and the experience of Russia s top quantum data protection solutions developer. Our approach consists of five steps: 1. Diagnostics The advent of the quantum computer enabling the decryption of data protected by classic encryption algorithms will affect market participants differently. We assess the business impact by analysing the technologies and infrastructure your company uses as well as the assets you wish to protect. 3. Pilot project In order to implement the data protection tools selected and establish appropriate quantum and post-quantum encryption solutions within your infrastructure, we suggest to start with a pilot project. Based on the pilot results, the proposed solutions and action plan can be modified and tailored to better fit an organisations need 5. Action plan update Enhancing data protection systems with quantum technologies is a continuous process. It is important to be informed on the latest developments in the field and to update your action plan accordingly. We suggest that your action plan is revised every six months. 1. Diagnostics 2. Action plan 3. Pilot project 4. Rollout 5. Action plan update 2. Action plan Based on the results of the diagnostic phase, we offer actions to modernise cryptographic tools in terms of cost efficiency and performance. The action plan will include suggestions on which means of data protection you could select, the order of implementation and cost estimation. 4. Rollout This step includes rolling out a successful solution (as tested and refined during the pilot) across the entire organisation to protect critical information. The rollout will scale the implemented technology to its full capacity in order to protect your company s most critical assets.

Quantum technologies have a much stronger capacity for parallel computations compared to classic computers. Algorithms that enable a quantum computer to reduce the time for password generation and data decryption to several hours or even minutes have already been developed. This increases the risk that quantum computers can be used to break encryptions allowing access to, and misuse of, sensitive data. Russia s first quantum communication line and the world s first quantum secured blockchain Office No. 1, 7, Koroviy val On 31 May 2016, Russia s first experimental and operational protected quantum communication line was commissioned and the first cryptographic data transfer was made along the 30-kilometre commercial line between two Gazprombank office buildings in Moscow. The Ministry of Education and Science of the Russian Federation is supporting the project. Investment in the project amounted to RUB 450 million. In 2017, the world s first experimental quantum blockchain technology was tested. Gazprombank is planning to use quantum communications in its daily operations. Office No. 2, 63, Novocheryomushkinskaya A quantum network project for interbank data transfers Bank 1 Bank 1 Intrabank networks Bank 1 Bank 3 Bank 2 Bank 2 Bank 3 Bank 3 Bank 3 In July 2017, it was decided to establish a quantum network to transfer interbank data. This project entails implementing quantum key distribution technology and a dedicated network protocol stack. This solution will enable communication through secure channels between various organisations. The plan is to set up quantum networks within specific organisations and between them. The time line for the project is three years. Interbank networks Joint development of quantum information security systems PwC and RQC signed a cooperation agreement at the 21st St Petersburg International Economic Forum. RQC's knowledge and leadership in quantum technology and PwC's best practices in cybersecurity will enable the joint development of unique solutions based on new quantum technologies to ensure unprecedented data protection and cybersecurity levels.

Our contacts We will gladly answer any questions about using quantum technology for information security purposes. PwC RQC Igor Lotakov Managing Partner PwC Russia + 7 (495) 967 6023 igor.lotakov@ru.pwc.com Ruslan Yunusov CEO Russian Quantum Center (RQC) +7 (495) 280 1291 ry@rqc.ru Tim Clough Technology Leader PwC Russia + 7 (495) 967 6018 tim.clough@ru.pwc.com Yuri Kurochkin Project Leader Russian Quantum Center (RQC) +7 (926) 275 8856 yk@rqc.ru Victor Morozov Director Risk assurance PwC Russia + 7 (903) 961 2665 victor.morozov@ru.pwc.com Aleksey Fedorov Group Leader Russian Quantum Center (RQC) +7 (916) 297 0977 akf@rqc.ru At PwC, our purpose is to build trust in society and solve important problems. We re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. 2017 PwC. All rights reserved.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback