Implications of entropy on symmetric key encryption resilience to quantum

A new research paper on the security implications of quantum computing and its potential impact on communications service providers (CSPs) shows that the tremendous speed of quantum computers will enable them very quickly to break even the most powerful current cryptography, including the all-important security algorithms and configurations applied by network operators and telcos the world over. Quantum computers would enable malign actors to surveil, manipulate and steal massive amounts of sensitive and secret data. The new report, Implications of Entropy on Symmetric Key Encryption Resilience to Quantum, is from the Alliance for Telecommunications Industry Solutions (ATIS), a Washington DC-based industry body that develops technical and operational specifications and solutions for the ICT industry. It has 160 member companies and is accredited by the American National Standards Institute (ANSI).

The thesis of the report is that the notion of endeavouring to improve the strength of symmetric key cryptography against a quantum computer attack simply by increasing the encryption key length from the current security AES (Advanced Encryption Standard) of 128 bits to 256 bits would not be enough to protect CSP systems and data. Symmetric-key algorithms use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys can be identical or may be relatively transformational. In symmetric key encryption, both the transmitting and receiving parties have access to the same secret key, an obvious drawback: But symmetric-key encryption algorithms work well for bulk encryption, hence their use in telecom systems.

In 1996, the Indian computer scientist, Lov Grover, posited an algorithm that could use a brute-force attack on a 128-bit symmetric cryptographic key in about 264 iterations (which equates to more than 18 quintillion processes – a quintillion is a billion billion), or a 256-bit key in roughly 2128 iterations (a number so immense it runs to 78 digits). Grover’s algorithm has been cited by others as evidence that the doubling of symmetric key lengths could protect systems and data against future quantum attacks for at least the next 15 years. The new ATIS study, which was produced with the collaboration of both industry and academia, shows this may not be the case. In a world where quantum computing will exist, there must be absolute, verifiable certainty that the cryptographic secret key generation comes from what is referred to as a “good” source of entropy, that is to say sufficient to produce genuinely random numbers able to protect data while it is either in storage or in transit. The higher the quality of random number generation (RNG), the greater the quality of random keys produced, and thus the higher the security value of the key. If it is based on 256 bits, the secret key must be truly random across 256 bits.

Susan Miller, the CEO and president of ATIS, noted: “Widespread application of quantum computing will not take place for up to 10 years in the future; however, the security implications will be far reaching. ATIS has offered insight into the threats that quantum computing introduces and builds a case for why now is the time to start preparing to make communications services systems quantum safe.”

Please visit GSMA paper on this topic https://www.gsma.com/newsroom/wp-content/uploads/PQ.1-Post-Quantum-Telco-Network-Impact-Assessment-Whitepaper-Version1.0.pdf

CT Bureau