As quantum computing advances, the encryption methods that secure our internet communications, like ECDHE in TLS, are becoming increasingly vulnerable. While quantum computers are still in development, the looming threat of “harvest now, decrypt later” poses a serious risk to businesses and governments alike. This post explores how quantum computing could break current encryption protocols and offers solutions to future-proof your data security with quantum-safe encryption.
Storage Is Cheap
In 1998, I built my first PC. I was a junior in high school, and thanks to a vocational program, I had just enough confidence to attempt a build on my own. I pieced all the parts from a local computer store junk bin. I paid $10 for a 66 MHz DX2 chip, motherboard, 8 Megabytes of ram, power supply, modem, and monitor. The only problem was the hard drive. At the time, storage wasn’t cheap. Luckily for me, a friend’s dad worked as a network engineer at the local mill and was willing to part with an extra 500 Megabyte hard drive for the low price of free.
A 1 Gigabyte (or 1024 Megabytes) drive in 1998 cost an average of $300. Fast forward 26 years, and storage costs are an afterthought. Amazon S3, a cloud storage service, offers 1 Gigabyte of storage for $0.023 per month. A whopping 1/13000th 1998 prices. Amazon also offers a long-term storage option called S3 Glacier Deep Archive for a price point of $0.00099 per Gigabyte per month.
It’s estimated that the combined internet traffic in the United States for any given day is around 4 Exabytes. 1 Exabyte equals 1 billion Gigabytes. If we do a little math using our S3 Glacier Deep Archive price point, we could store an entire day of internet traffic in the United States for a mere $3,960,000 in AWS. Of course, all that data is encrypted in transit with TLS and is largely currently unreadable. What would be the point of storing that much unreadable data anyway?
Modern Internet Security
Visit any website these days in your browser, and you will notice some form of security icon displayed by your browser, indicating a secure connection has been established between your browser and your destination website. Modern browsers will now warn you when you’re visiting a website that’s using an unsecure connection.
Transport Layer Security (TLS
This secure connection is established using Transport Layer Security (TLS). When you make a request to visit a website, your request is broken down into a series of small, encrypted data packets. These packets are directed across the internet by routers. Routers look at each packet and determine the best route forward based on the destination IP address of the website you’re visiting. Our data packets typically travel between 5 to 30 routers before they reach their destination.
As mentioned, these data packets are encrypted by TLS as they transfer between the routers, ensuring our data is secured from prying eyes. For the destination address to decrypt the data, a handshake needs to happen between our browser and the destination address (website) to establish a shared key to be used in the decryption process.
TLS encryption addresses a key challenge related to the handshake process when establishing a secure connection. The challenge is finding a way to share a key that both parties can use to encrypt and decrypt data. Since this shared key could be intercepted as it travels across the internet between routers, a mechanism is needed to protect it. This is achieved by using the shared key along with a private key for decryption. The solution to this challenge comes in the form of ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) encryption.
ECDHE Encryption
ECDHE encryption, introduced in TLS 1.2 in 2008 as a replacement for RSA, provides an asymmetric encryption approach where both parties generate a set of private and public keys. The public keys are exchanged, allowing a shared secret to be generated. This shared secret, in combination with the private key, allows each party to encrypt and decrypt subsequent data transfers.
As mentioned, asymmetric ECDHE encryption is used in TLS to help our browser-based internet communications establish a shared key to be used by a computationally faster Symmetric encryption protocol like AES.
The security of ECDHE encryption lies in the near impossibility for modern computers to derive the private key from the public key elliptical curve datapoints. In fact, ECDHE encryption is so secure that it would take billions of years for modern supercomputers to break a single elliptical curve key.
Intro to Quantum Computing
A full explanation of quantum computers is a bit beyond the scope of this article, so please excuse my brief overview. A quantum computer utilizes the properties of quantum mechanics, such as superposition and entanglement, which allow it to perform many calculations simultaneously. A classical computer uses 1s and 0s to operate. A quantum computer uses quantum bits, or qbits, which can represent both 0 and 1 at the same time, thanks to quantum superposition.
While quantum computers may exist now, they are still a few years away from being practical. Quantum entanglement poses a challenge at room temperatures, and quantum particles don’t really like to maintain their state, or coherence, long enough to be reliable in computing.
Companies like IBM have identified roadmaps for 1000+ qbit quantum computers in 2024, though. Many of these qbits are used for error correction techniques necessary due to the aforementioned problems with coherence.
There is no current standard for stable qbit counts in quantum computers. It’s estimated that we’re currently in the 100-200 stable qbit range for quantum computer processing power, taking into consideration the qbits necessary for error correction.
The Quantum Problem – Putting It All Together
Four years prior to my first PC build in 1994, Peter Shor developed a quantum algorithm that would allow quantum computers to efficiently factor large integers and solve the Elliptic Curve Discrete Logarithm Problem (ECDLP). Something, as we’ve discussed, classical supercomputers are not good at.
The number of qbits required to break ECDHE using Shor’s algorithm on a quantum computer depends on the key size. Suppose we consider a typical ECDHE key size of 256 bits. It’s estimated that a quantum computer with 1500-3000 stable logical qbits could break the ECDLP within minutes using Shor’s algorithm. Remember, ECDLP is what the majority of our internet security is based upon. Now we have a real problem on our hands.
The very foundation of internet security will be vulnerable to quantum computers sometime in the not-so-distant future. But the situation gets even more concerning. In a process known as “harvest now, decrypt later,” it’s believed that governments, intelligence agencies, and organizations across the globe are storing encrypted internet traffic now with the intention of decrypting it in the future. Given the low cost of data storage we outlined, this poses a credible threat to our data security. While the average hacker may not be able to afford $3,960,000 to store a day of internet traffic in the US, they could still target specific IP addresses of a business and capture all internet traffic for a more modest investment, putting our sensitive data at risk.
Building a Solution
Thankfully, much like Y2K, this problem is well known, and government organizations like the NIST have been working to establish a series of post-quantum encryption standards that will serve as quantum-safe replacements for our current internet encryption.
As quantum computing continues to advance, the security of current encryption methods, like ECDHE used in TLS, is becoming increasingly vulnerable. While quantum computing technology is still in its early stages, quantum computers have the potential to break the encryption that currently safeguards our data. The threat of “harvest now, decrypt later” is a growing concern for businesses and governments alike.
What You Can Do
1. Upgrade to Quantum-Safe Encryption
At Soliant Consulting, we are actively preparing for the future by integrating quantum-safe encryption protocols, like ML-KEM (Kyber) produced by the NIST, which are designed to protect your data even against quantum computing threats. We encourage you to work with us to assess your current security positioning and begin transitioning to these quantum-resistant encryption standards.
2. Review and Strengthen Your Security
Now is the time to review your current cloud infrastructure and encryption protocols. If your systems rely on traditional encryption methods that could soon be vulnerable to quantum attacks, we can help implement secure alternatives to ensure long-term protection.
3. Stay Ahead of the Threat
By partnering with Soliant Consulting, you can rest assured that we are staying ahead of quantum computing advancements and actively working with AWS and other industry leaders to keep your data secure. We are closely following the developments of post-quantum cryptography standards and will help you adopt them as they become available.
Protect Your Data and Business from Quantum Decryption
Don’t wait for quantum computers to become a reality before acting. Y2K turned out to be an uneventful nothingburger, not due to overhype, but because proactive measures were taken to fix the issue early. Secure your data now and protect your business from the threat of quantum decryption. Reach out to Soliant Consulting today to discuss how we can help you safeguard your digital infrastructure with the latest in quantum-safe cryptography.
