Next Generation Cryptography
Eberbacher Gespräch: Fraunhofer SIT publishes a position paper on the future of cryptography
Darmstadt, 20.03.2018. Whether online-banking or blockchain – most IT security mechanisms for protecting data and digital communication are based on cryptography. Quantum computers and new forms of attacks are threatening many of these IT security mechanisms. How businesses and society can protect the cyber world from such devastating threats in the future was discussed by experts from business, research, and politics at the “Eberbacher Gespräch” on “Next Generation Cryptography”. The experts’ opinion: Cryptography must become more flexible in order to be able to react quickly to technical changes. If this does not happen soon, the cyber world could experience a security meltdown. Therefore, the experts recommend education on IT security, the development of practical help, as well as minimum EU-wide standards and an EU expert board for cryptography.
In today’s digitized and connected world, businesses and private citizens as well as politics and society see themselves confronted every day with challenges resulting from security vulnerabilities and threats via IT attacks. The industry is in an arms race with attackers trying to break cryptographic keys, protocols, and implementations. As a result, systems that are using cryptography have to be continuously improved and updated to withstand new attacks. Widespread cryptographic processes are continuously facing erosion: The increase in computing power of potential attackers is forcing us to adjust and strengthen security parameters permanently (e.g., the length of cryptographic keys), and to retire and replace outdated algorithms and protocols. In extreme cases individual cryptographic algorithms may be broken overnight.
This ongoing race will be significantly impacted by the development of quantum computers. In comparison to classical computers, quantum computers shorten the time required for attacks on cryptographic algorithms substantially. So far, quantum computers have been primarily the subject of academic research, and the first commercial prototypes do not yet present an imminent threat to today’s cryptography. However, China and other countries are massively investing in the development of quantum computers so that it is only a matter of time until a sufficiently powerful quantum computer will dramatically change today’s cryptography. With the help of quantum computers, attackers will be able to render not only individual services and products insecure – they will be able to completely break cryptographic algorithms like RSA, DSA, DH, and ECC. Therefore, encrypted data and digital signatures protected by these algorithms will become vulnerable immediately. The consequences of this will affect individuals and companies as well as economy and society in general. #
Fraunhofer SIT invited IT security experts from business and science to an “Eberbacher Gespräch” on “Next Generation Cryptography” in order to discuss the upcoming challenges for IT security technology. The participants of this event proposed seven recommendations for business and policy makers: The experts recommend developing minimum standards for IT security solutions in business and industry in order to ensure more business IT security. Furthermore, a “Handbook for Cryptographic Solutions” should be provided to help making the development of secure IT products faster and easier. The USA is already standardizing cryptographic algorithms. Therefore, the experts are calling for EU decision makers to invest in the development of new cryptographic alternatives and to strategically address the support of agile cryptography in order to actively contribute to shaping the future technological map of the world. Furthermore, the European Union itself should develop standards for cryptography as well. Additionally, a board of crypto experts should be created that develops recommendations and counsels political representatives on questions of development and standardization.
Finally, the general public must be sensitized to IT security questions and educated on the basics of cryptography. The complete paper is now available and can be downloaded for free here.