Mobile phone calls, messaging and online banking all rely on complex mathematical algorithms to scramble information in order to protect them from hackers, spies and cybercriminals. It is no exaggeration to say that there would be no confidentiality or security online without encryption and that many of the operations we take for granted today would no longer be feasible.
Faced with increasing cyber-attacks against critical infrastructure — including but not limited to power utilities, transport networks, factories and the health care industry — encryption is evolving to meet the threat.
The most prevalent system nowadays is called public key encryption. It works by giving users two keys: a public key, shared with everyone, as well as a private key. The keys are large numbers that form part of an intricate mathematical algorithm that scrambles a user’s messages.
The sender encrypts a message by using the receiver’s public key in order that only the intended recipient can unlock it with her or his private key. Even though the public key is freely available, the numbers involved are sufficiently large to make it very difficult to reverse the encryption process with only the public key.
From quantum to post-quantum
As computers become more powerful, however, and in the face of rogue states with the technology resources to pose a more serious threat, cryptographers are turning away from mathematics and looking to the laws of quantum mechanics to achieve greater security.
Quantum cryptography is based on the behaviour of quantum particles. For example, an encryption system called quantum key distribution (QKD) encodes messages using the properties of light particles.
The only way for hackers to unlock the key is to measure the particles, but the very act of measuring changes the behaviour of the particles, causing errors that trigger security alerts. In this way, the system makes it impossible for hackers to hide the fact that they have seen the data.
The problem is that we may be no more than 10 years away from fully functioning quantum computers that are capable of breaking current cryptographic ciphers. Experts in the IEC and ISO Joint Technical Committee for information technology believe that the development, standardization and deployment of post-quantum cryptography is a top priority.
