Building Quantum-Secure Hardware While Filling “Dangerous Cybersecurity Talent Gap”

Future-proofing Security for the Coming Quantum Era

Excerpts and salient points ~

+  One of the most immediate needs is for engineers who can design cryptographic hardware accelerators that will keep data secure in the coming era of quantum computers. Unfortunately, the most popular encryption methodologies today are based on variations of the “large prime-number factors” methodology. For instance, RSA (Rivest–Shamir–Adleman) is one of the most widely used public-key crypto-systems. Unfortunately, it is based on the difficulty of factoring the product of two large prime numbers. Quantum computers will eliminate this difficulty, exposing the entire history of encrypted state secrets, financial data, passwords, and anything else using RSA today.

“Hardware forms the Root of Trust on any given system. Security starts in hardware. Cryptographic solutions typically use dedicated hardware to execute algorithms,” said Aysu. “If the hardware leaks information, which it does today, then there is no point in using even the strongest, theoretically secure cryptographic algorithm.”

+  On the world stage, the International Association for Cryptologic Research (IACR) sponsors both conferences and seminars it calls Cryptology Schools: four-to-five-day affairs that provide intense training in specific aspects of cybersecurity. Explained IACR chair Michel Abdalla, “The main goal of IACR schools is to develop awareness and increased capacity for research in cryptology. In particular, IACR schools aim to fill gaps that may exist in local expertise.” Abdalla said the IACR schools address many topics in cybersecurity, “and these evolve constantly based on the needs of real-world applications. Some examples of problems that have received a lot of attention recently include post-quantum security, side-channel [Spectre] resistance, cloud security, methods for computing with encrypted data, and privacy-preserving machine learning.”    

+  According to Aysu, however, special programs are only stop-gap measures. If society is to successfully fill the gaping need for cybersecurity experts, then engineering curriculums need to incorporate training in cybersecurity from the outset. “The majority of cyber-vulnerabilities occur due to the ignorance of well-meaning engineers/developers and can thus be fixed by proper education at the undergraduate and graduate level,” he said.

+ Many alternatives to RSA are being researched and proposed today, but without proprietary hardware accelerators, none of them can assure enduring security against quantum computers, according to Aysu.

Source:  COMMUNICATIONS of the ACM.  R. Colin Johnson ,  Future-proofing Security for the Coming Quantum Era…

Content may have been edited for style and clarity.