What is this Quantum IN Cyber all about?

TL;DR

It is ultimately about safeguarding the organization from security breaches – whether the financial impact is immediate (regulatory penalties, lawsuits) or unfolds over the long period of time (reputational damage, customer attrition). It always comes down to having and understanding:

  • Data classification + data lifespan – know and understand the value of your data. How long stealing them will be profitable for the attacker.
  • Asset management + crypt-asset management – know and understand how you protect your data. What mitigation techniques do you use, including cryptographic algorithms and key lengths.
  • Agility + crypto-agility – know and understand solutions you use to stay resistant. How quickly you can adapt to new threats, including switching to new cryptographic primitives.

Want to know more?

Quantum IN Cyber website is divided into sections. You can immerse yourself in reading the whole story from beginning to the end or pick and choose what interests you the most.

Let’s dive in!

It all started with Feynman’s paper on quantum computing  Simulating physics with computers followed up with Peter Shor’s paper on factoring integers and finding discrete logarithms in 1982. Two difficult mathematical problems on which currently used asymmetric cryptography like RSA, Diffie-Hellman, ElGamal, Elliptic Curve Cryptography is based. In 1996 Lov K. Grover joined with his paper on A fast quantum mechanical algorithm for database search.

So if Shor’s and Grover’s quantum algorithms have been known for years, why are these quantum threats slowly materializing right now? And are they really a threat to cybersecurity?

Cybersecurity

Let’s put the quantum threat into context. What is at risk and what do we do about it? To protect a company and its most valuable resource – data – we need to answer three basic questions:

  • What do we protect? (information crown jewels) – data classification
  • What do we have? (system architecture) – assets management
  • How does data flow through the company? (cash flow equivalent) – network hierarchy

To answer this question we look at the data from two information security triads (CIA triad and AAA triad) perspective. This context allows us to design and properly deploy cost effective security controls.

Why we do what we do

Quantum IN Cyber is focused on technical preventive control: cryptography. Let’s dive deeper into this world.

Cryptology

Just as cybersecurity has its offensive (Red team) and defensive (Blue teams) side, cryptology has its own offensive side (cryptanalysis) for designing algorithms and protocols to secure data and defensive side (cryptography) on how to break these cryptographic systems. To break or secure a system we need to know how it works. What makes it tick…

Cryptography core concepts

  • Kerckhoffs’ principle – security of a cryptographic system should not depend on the secrecy of the algorithm, but only on the secrecy of the key.
  • Zero-knowledge proof – allows one to prove knowledge of a password without disclosing the password
  • Entropy – high entropy results in significant randomness, which creates unpredictability and disrupts patterns in data
  • Confusion – obscures the relationship between cryptographic key and the plaintext
  • Diffusion – spreads the influence of a single plaintext bit over many ciphertext bits
  • One-way functions – mathematical trapdoors that are designed to fall into but nearly impossible to escape
  • Non-repudiation – authenticity of a signature clearly proves who is the creator of the information
  • Modulo function – returns the remainder after division, and the same remainder may occur for different sets of numbers
  • Discrete logarithm– In modular arithmetic, numbers “wrap around” after reaching a certain modulus
  • Alice, Bob, and Eve – In cryptography, Alice and Bob are the parties exchanging information, while Eve is the threat actor attempting to steal their data or scam them

Cryptography primitives

In the cryptographic world, there is an eternal battle between good and evil. Alice tries to pass information to Bob in a secure way. Eve tries to eavesdrop or modify this information every single time. To understand what’s going on under the hood we need to go through some basic core concepts. I will limit math to an absolute minimum. Pinky promise, So bear with me as we go through this journey.

Hash functionsSymmetric
cryptography 		Asymmetric
cryptography		Hybrid
cryptography		Homomorphic
cryptography
Cryptography primitives

…yet to come…