Use of encryption continues to grow as people increasingly appreciate the value of their data, with 34 percent of respondents to Thales' 2015 Global Encryption and Key Management Trends Study reporting that their organisation uses encryption extensively. In restrictive regimes including China, the UAE and Russia, secure messaging platforms like Telegram are used to communicate inside the country and internationally.
But despite all the privacy benefits of encryption, it has become a controversial issue as authorities try to figure out who should and who shouldn't use encryption, while technologists say that the genie is out of the bottle and won't go back, and privacy advocates say it shouldn't even if it could.
Different societies – not just governments but also companies, private bodies and citizens alike, want to find the right balance between privacy and legitimate government surveillance, eg to fight crime and terrorism. Most governments want to be able to track what their citizens are doing online, but are largely thwarted when communications are encrypted, unless there are ‘backdoors'.
Bulk collection of data is increasingly government sanctioned, and private companies have a voracious appetite for our data, while criminals are equally keen to find out about us to steal our physical and virtual assets. And it is encryption which forms the key tool that defends data from being processed by someone for whom it wasn't intended.
Government, GCHQ/NSA, surveillance, IP Bill
Luther Martin, distinguished technologist at HP Enterprise Security, told SC Magazine UK that, “While much of what's still used today in encryption can be traced back to the first ideas of a few cryptographers at GCHQ over 30 years ago, the private sector has adopted it much more quickly than governments. Many business applications now use cryptography to protect sensitive information, and once technologies become commercially viable governments seem to have a hard time keeping up with the private sector.”
Several law enforcement and intelligence agencies, if they had their way, would either have encryption outlawed or come with pre-existing backdoors.”
Not all governments support backdoors: in January this year a Dutch government position paper, published by the Ministry of Security and Justice concluded, “the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands.”
Dr Nithin Thomas, co-founder and CEO of SQR Systems comments, “The decisive announcement from the Netherlands to maintain strong encryption and avoid implementing backdoor access sets a powerful example that other world governments should follow.
“Dutch Security and Justice Minister Ard van der Steur is correct in asserting that strong encryption is vital to the privacy and security of the entire country. Creating backdoors in encryption technology would just as readily create access for hackers as it would intelligence services, leaving everything from individual financial data to national secrets at risk.
“Rather than pursuing any approach that would make current encryption technology less secure, we must ensure that the organisations and individuals that own the data are able to access and control it themselves. This would allow them to comply with legal needs during investigations and criminal proceedings without compromising security. This requires communications service providers to re-think their communications security architecture and corporate policy to enable them to deal with legal intercepts.”
Quantum computing killing public-key crypto?
According to proponents, quantum computing promises to be one of the most transformative innovations of the 21st Century, enabling researchers and scientists to construct more calculation-intensive programmes than ever before. However critics are currently expressing concerns on how it could also undermine the cryptographic algorithms that underpin most of the World Wide Web, according to former NSA technical director Brian Snow.
Unlike conventional computers which require data to be encoded into binary digits (bits) with values of either zero or one, quantum computers use quantum bits (qubits), which also represent both zero and one values simultaneously. If these qubits are placed in an ‘entangled' state – physically separated but acting as though they are connected – they can represent a vast number of values simultaneously. This is where existing encryption is in trouble as the existing limitations of computing power are thrown out the window, with quantum computers theoretically able to solve problems that even today's most advanced supercomputers struggle to handle.
To try and explain the vast differences between how quantum computers work and get a better understanding of where quantum computing could affect cryptography, SC spoke to Krysta Svore, senior researcher at the Quantum Architectures and Computation Group, part of Microsoft Research based in Redmond, USA.
When asked about quantum computing killing cryptograhphy, Svore said that, “It remains an open question where exactly quantum speed-ups come from. In the case of RSA, the quantum algorithm is exponentially faster than the best-known classical algorithm. The speed-ups stem from a combination of the attributes of quantum mechanics [mentioned above]. It turns out the Fourier transform is fast on a quantum computer, and Peter Shor, who developed the algorithms to break RSA, skilfully found a way to map factoring to the problem of period-finding, for which he could then use the Quantum Fourier Transform to identify the period.”
In terms of security in quantum computing, one of the main developments in the field is in quantum key distribution - a single photon carrying information that won't be able to be intercepted or cracked. Svore adds, “Quantum key distribution takes advantage of quantum measurement to provide security. If Alice shares a key with Bob, and the key is quantum, then if Eve tries to look at the key value, it will result in a measurement of the state, and so Alice and Bob will immediately know that Eve tried to look at the state. The security comes from the fact that to look at the value, one must measure the state. Depending on the key size, one may need to send a sequence of photons to describe all bits in the key.”
Interestingly, there are also current real world hardware implementations of this security method. Svore says that the main one currently is, Id Quantique out of Switzerland. The company describes itself as “the world leader in quantum-safe crypto solutions, designed to protect data for the long-term future. The company provides quantum-safe network encryption, secure quantum key generation and quantum key distribution solutions and services to the financial industry, enterprises and government organisations globally.”