Researchers tout alternative to protect encrypted data from quantum
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
In the race to protect data from encryption-breaking quantum technology, two researchers are pushing a faster, more effective way to secure government secrets in a post-quantum future.
Driving the news: Pursuing a fragmented, yet still encrypted, data storage scheme might be the best bet companies have now to get ahead of the quantum threat in time, according to research published today by the Foundation for Defense of Democracies (FDD) first shared with Axios.
Why it matters: Depending on who you ask, quantum computers — which are expected to be able to crack today's encryption standards in less than a minute — could be operational anywhere in the next three to 28 years, but it will take about five to 15 years for organizations to transition to a new quantum-resilience standard.
- New government-approved encryption standards also aren't expected to be ready until 2024.
The big picture: It’s possible for agencies and other critical organizations to start pursuing a decentralized approach to encryption now, rather than having to wait for new quantum-proof encryption standards, the research says.
How it works: In the report, an FDD research team tested a data storage technique known as "augmented improbability of access," where data is individually encrypted and then stored in pieces across various places like the cloud, mobile devices and physical computers.
- Doing so would add more hurdles for hackers trying to collect any encrypted data they're trying to unlock since they'd need to break into multiple storage locations to piece together the whole file.
- Compare that to current encryption schemes, where typically hackers face only one central data repository.
Yes, but: Each organization would have to take time to figure out its unique storage needs, and implementation could still take "between two weeks and several months," per the paper.
- Waiting for post-quantum encryption standards might be better for organizations that don't have valuable or high-risk data to protect from foreign adversaries.
Sign up for Axios’ cybersecurity newsletter Codebook here.
