Time to re-think encryption

 Modern cryptographic systems are rapidly becoming more vulnerable — take the cases of the A5/1 GSM  and RSA 768 bit cracks recently as example. But the real threat for long-term crypto security comes from Quantum Computers… mere science fiction 2 years ago, but now quite a reality and getting more real month by month. Recently Google and NIST have demonstrated and used quantum computing for large number calculations — specifically, Google used a D-Wave adiabatic quantum effect computing machine for image searching and matching, and NIST accounted a working 2 qubit quantum computer that accurately calculated the precise energy of molecular hydrogen.

The events in the quantum computing space and the speed at which they are occurring is a clear indication of the need for rapid change in how we protect information, be it at rest or in motion.  Why? Because quantum computers will render RSA and ECC (elliptic curve) encryption null and void. Yes, that’s right — these two industry “standards” will be cracked in the snap of a finger.  And we’re not talking decades away — usable quantum computers will be here within 7-10 years. Imagine a reconnaissance satellite whose data encryption and authentication is suddenly cracked and open for anyone to see (or manipulate) … can’t imagine the NSA liking that one bit.

We must cease reliance on what will soon be antiquated [in terms of internet time] technology for that protection.  This year at the RSA Conference (March 1-5 in San Francisco) there will be several presentations on new crypto mechanisms, including one by Belgian researchers Jens Hermans, Frederik Vercauteren , and Bart Preneel — we should pay attention because RSA and ECC will soon be useless.

Here’s a link to the NIST report on quantum-resistant Public Key Cryptography by Perlner & Cooper: http://middleware.internet2.edu/idtrust/2009/papers/07-perlner-quantum.pdf 

Quantum computing is real… and it’s time to re-think crypto.