Cryptography will crack and algorithms will be eaten
The GSMA’s recent whitepaper on Quantum computing didn’t go far enough to warn telcos of the urgency of preparing for Quantum computing age, according to the Alliance for Telecommunications Industry Solutions (ATIS). In February, the GSMA released an advisory paper, Post Quantum Telco Network Impact Assessment Whitepaper, which outlined the work of governments, standards bodies and telcos in addressing the scale and complexity of the challenge. However, a much more focused paper has been released by ATIS and it has concentrated minds on the dangers of quantum computing to telcos.
Mobile network operators face a difficult challenge as the age of Quantum computing dawns, because the omnipotent power will see right through today’s cryptography, beat security algorithms and consume telco configurations across the world. Though telco strategists might still be processing the implications of all this, while weighing up their other multiple challenges, but they cannot afford a Quantum of hesitation they have been warned. Now is the time to start preparing to make communications services systems quantum safe, said Susan Miller, the CEO and president of ATIS.
The wrong type of Quantum owner could spy, manipulate and steal massive amounts of sensitive and secret data, according to a new report, Implications of Entropy on Symmetric Key Encryption Resilience to Quantum. The report comes from the Alliance for Telecommunications Industry Solutions (ATIS), a Washington DC-based industry body that develops technical and operational specifications and solutions for the ICT industry. ATIS has 160 member companies and is accredited by the American National Standards Institute (ANSI), reports Telecom TV.
The report hints at the futility of using symmetric key cryptography against a quantum computer attack because increasing the encryption key length from the current security AES (Advanced Encryption Standard) of 128 bits to 256 bits never be enough to protect a mobile operator’s systems and data. Symmetric-key algorithms use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys can be identical or may be relatively transformational. In symmetric key encryption, both the transmitting and receiving parties have access to the same secret key, an obvious drawback: But symmetric-key encryption algorithms work well for bulk encryption, hence their use in telecom systems.
Putting this in context, Telecom TV pointed out that in 1996 the Indian computer scientist Lov Grover created an algorithm that could use a brute-force attack on a 128-bit symmetric cryptographic key in about 264 iterations. By today’s standards that equates to more than 18 quintillion (billion billion) processes, or a 256-bit key in roughly 2128 iterations, which is a number with 78 digits. That was the limit of all human imagination, the mathematical equivalent of the IBM executive who said that maybe one day there would be five major computers in the world, and then all society’s needs could be fulfilled.
Grover’s algorithm has been cited by others as evidence that the doubling of symmetric key lengths could protect systems and data against future quantum attacks for at least the next 15 years. The new ATIS study, however, disabuses us of that certainty. In a quantum computing age, there must be absolute, verifiable certainty that the cryptographic secret key generation comes from what is referred to as A Good Source of entropy, one that is sufficient to produce genuinely random numbers able to protect data while it is either in storage or in transit. The higher the quality of random number generation (RNG), the greater the quality of random keys produced, and thus the higher the security value of the key. If it is based on 256 bits, the secret key must be truly random across 256 bits. “Widespread application of quantum computing will not take place for up to 10 years in the future; however, the security implications will be far reaching,” said Susan Miller, the CEO and president of ATIS. Take note of the threats that quantum computing introduces, Miller advised mobile network operators. “Now is the time to start preparing to make communications services systems quantum safe.”