Cloud Hosting

Encryption & Key Management , Events , RSA Conference

Prepare now for the coming of quantum computing and its potential ability to crack current cryptographic systems, warned panelists of an annual cryptographer panel at the RSA Conference.Despite their status today as expensive science projects, superfast computers that use atom-level states of uncertainty are likely a matter of time, leading to worries that today's encryption standards are destined for obsolescence.

While hype is high around quantum computing, Cryptographers Panel Radia Perlman, a fellow at Dell EMC who's an expert in network routing protocols and network security, said there's a clear imperative for "the good guys" to research the risk posed by quantum computers because "the bad guys" will be doing the same. If that happens, she said, "we're all going to have to replace our current public key algorithms."

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

At least some organizations should organize for the potential eventuality that quantum computers will break current cryptographic systems. Longtime panelist Adi Shamir - the S in the RSA cryptosystem and who's a professor of computer science Israel's Weizmann Institute - said the big danger is that a quantum computer able to crack today's encryption could well get developed in 30 years, and that "the NSA or other bad guys are going to record everything that everyone says today then wait until quantum computers become available and then break the cryptography."

For anyone who needs to keep a set of data secure for more than 30 years, his advice is simple: Don't rely on public key cryptography.

Shamir added that "99.99% - and maybe a few additional nines - of what's being encrypted today and signed do not require a 50-year secure life," given that most emails are about banal matters - think plans for lunch. Even sensitive information, such as an organization's product development efforts, might become public knowledge in 12 months.

Whether quantum computers will ever be able to crack today's cryptosystems remains unclear. Perhaps simply making existing cryptosystem key sizes larger will be a suitable defense, said panelist Anne Dames, a distinguished engineer at IBM who's leading its effort to develop quantum-safe cryptography.

The U.S. National Institute of Standards and Technology last year picked four algorithms designed to resist decryption attacks mounted by a quantum computer, as part of its effort to set a post-quantum cryptographic standard. Panelists noted NIST has signaled that it might expand the shortlist, in part because all four use a similar mathematical approach, which isn't ideal.

Among the hot topics at RSA Conference 2023, arguably the hottest is the impact of AI and machine learning, driven by chatbots such as ChatGPT. "What they seem to be pretty good at is human engineering," said Whitfield Diffie, who with Martin Hellman pioneered public-key cryptography in the early 1970s said.

Shamir said until last year, he thought AI might have some use cases purely on the defensive side of cybersecurity, and very few offensive use cases.

"I've completely changed my mind as a result of last year's developments, including ChatGPT, etc.," he said. "I now believe that the ability of ChatGPT to produce perfect English, to interact with people, is going to be misused on a massive scale" and to "have a major impact on social engineering."

If ChatGPT is ascending the hype scale, blockchain's star seems to be falling.

"Blockchain has been having a bad year," Diffie said, perhaps due only in part to revelations such as how collapsed cryptocurrency exchange FTX was being run (see: 3rd FTX Official Pleads Guilty to Criminal Charges).

"Well, there's cryptocurrencies and there's blockchain," Perlman said.

She said her longstanding advice to project teams interested in applying blockchain remains the same: evaluate different strategies for accomplishing your goal, "and if that is blockchain, which is unlikely," then select that, she said, to laughter from the audience.

An engineer once told her their manager was demanding blockchain be used. In such a case, her advice was to "look at all the alternatives, choose the best one, build that then tell your manager you built it with blockchain; they'll never know the difference."

See the original post:
RSA Cryptographers' Panel Talks Quantum Computing and AI - BankInfoSecurity.com