Quantum-Safe Cryptography: What Early Research from SAP Shows

If we think data security and business trust are in crisis mode now, wait until the threat of quantum computing becomes real. Better yet, start looking ahead to quantum-safe cryptography.

Also called quantum-resistant or post-quantum, this next generation of cryptography will be designed to withstand a quantum computer-based attack.

“Cryptography is the last line of defense when it comes to protecting data across every organization’s applications and communications platforms, as well as storage systems,” said Dr. Mathias Kohler, research manager at SAP Security Research. “Companies can’t wait for quantum computers to emerge. They need to estimate the potential impact and develop mitigation strategies early.”

According to experts, quantum computers will be able to calculate the prime factors of an integer much faster than classical computers, posing a fundamental threat to many currently secure software applications on the planet. As scary as that prospect sounds, it is important to remember that quantum computers with sufficient power do not exist yet. That gives organizations a precious window of opportunity to be prepared for cryptography 2.0.

Strong Business Case for Being Prepared

Current state-of-the-art, cloud-based computing may be safe for the moment, but it could become infinitely more vulnerable when more powerful quantum computers take hold. For example, quantum-safe cryptography is central to preventing corporate data espionage around everything from proprietary ingredients and formulas to differentiating processes and valued business relationships.

“Every serious software vendor today needs to investigate how they will address the upcoming quantum computing cryptography challenge,” Kohler said. “Criminals could collect all the currently encrypted data and wait until quantum computing is available and exploit it then. Organizations have to look ahead and prepare for the next generation of encryption to prevent this.”

Kohler added that quantum computing also challenges the viability of blockchain and bitcoin, which rely on signature-based cryptography. Some experts believe it would render current blockchain technology obsolete.

Exploration for Future-Proof Software

Industry organizations worldwide are working on standardization efforts, experimenting with algorithms for quantum-safe cryptography. SAP is actively involved in exploring this next generation of quantum-safe encryption, specifically evaluating standardization models aligned with the company’s strategy and software application solutions. Teams at the company have some early research results from proof of concept projects comparing the performance of quantum-safe standardization candidates to classical signature encryption.

“We found that certain candidates were not appropriate for IoT-based devices due to limited computing power and storage that prevented a much longer than usual signature and public/private key from being stored on the device,” said Tobias Dyrba, senior software engineer for the SAP ASE Platform. “Without that capability, you cannot encrypt or sign your information, making the algorithm useless. In other experiments, we found performance was comparable to classical encryption models.”

Encryption Secures Customer Trust

When it comes to data security and privacy, the stakes are high in every industry. With the help of quantum computers, criminals could trigger false orders within automated systems. Manufacturers could waste resources trying to manage vast unused inventories or shipments routed to the wrong locations. Robot-intensive factories could face production line disruption when attacked by criminals using quantum computer-directed programming, not to mention the untold damage that fraudulent, sensor-based data could inflict on farms, power plants, and chemical companies.

Foundationally, secure cryptography translates to customer trust. The latest IDC survey of CEOs worldwide found that building digital trust programs was the No. 1 new agenda item for growth in the next five years. Some analysts view trustworthiness as a competitive advantage. Gartner researchers predicted that in 2020, digitally trustworthy companies would generate 20 percent more online profit than those who were not.

“Organizations using quantum-safe cryptography can better protect citizens against voting and tax fraud,” Dyrba said. “It will also prevent businesses from accepting and deploying fraudulent software updates from seemingly valid resources, heading off catastrophic system impact.”

While there is no definitive time frame for quantum computers to emerge, they are certain to usher in the next generation of quantum-safe cryptography.  And that is a data protection promise that customers expect every organization to keep.


Follow me @smgaler

This story originally appeared on SAP BrandVoice on Forbes.