Security News

So we though we'd take a quick look back at some of the major issues we covered over the last couple of weeks, and reiterate the serious security lessons we can learn from them. If you are ever stuck with doing a data breach notification, don't try to rewrite history to your marketing advantage.

Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible. The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer.

Grover's algorithm given a big and powerful enough quantum computer, claims to be able to complete the same feat with the square root of the usual effort, thus cracking the code, in theory, in just 264 tries instead. Shor's quantum factorisation algorithm. Or you'd have to adopt a completely new sort of post-quantum encryption system to which Shor's algorithm didn't apply.

They use quantum keys that guarantee security based on quantum physics rather than computational complexity, thus they are secure even against quantum computers. Quantum key distribution is the most important technology for realizing quantum cryptosystems.

The US National Institute of Standards and Technology has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits - quantum bits - that a quantum machine can muster, and other factors, such as error correction.

Both bills have provisions that could be used to break end-to-end encryption. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers "Have been identified as national security, intelligence, or law enforcement risks." That language is far too broad. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud.

President Joe Biden signed a national security memorandum on Thursday asking government agencies to implement measures that would mitigate risks posed by quantum computers to US national cyber security. The multi-year effort to migrate all vulnerable cryptographic systems to quantum-resistant cryptography will span over 50 government departments and agencies that use National Security Systems.

The vulnerability, which Oracle patched on Tuesday, affects the company's implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally.

Amid the COVID-19 crisis, the global market for quantum cryptography estimated at $93.1 million in the year 2020, is projected to reach a revised size of $291.9 million by 2026, growing at a CAGR of 20.8% over the analysis period, according to ResearchAndMarkets. The U.S. quantum cryptography market is estimated at $40.6M in 2021.

Quantum computing is poised to transform the industry over the next decade. As this technology advances over the next decade, quantum computing is expected to expose vulnerabilities in public-key cryptography encryption algorithms within seconds.