Software

BSI: Quantum-safe encryption of data – BSI evaluates available technologies

January 26, 2024. Quantum computers could be able to break existing encryption mechanisms as early as the 2030s. Confidential information in companies, organizations and authorities will then be at risk. For this reason, the German Federal Office for Information Security (BSI) believes it is important to encrypt sensitive data in a quantum-safe manner now. This is the result of a technical position paper on quantum key distribution that the BSI published today with its partner authorities from France, the Netherlands and Sweden. As a result, the participants advocate a focus on post-quantum cryptography, which is already available. The BSI is thus helping decision-makers to align their plans for securing sensitive data.

Symbolic image data security / pixabay joffi

Tags

Data Security, Quantum Computing, Software Development

Contact info

Silicon Saxony

Marketing, Kommunikation und Öffentlichkeitsarbeit

Manfred-von-Ardenne-Ring 20 F

Telefon: +49 351 8925 886

Fax: +49 351 8925 889

redaktion@silicon-saxony.de

Contact person:

Julia Nitzschner

julia.nitzschner@silicon-saxony.de

Telefon: +49 351 8973 3865

Robert Krauße

robert.krausse@silicon-saxony.de

Telefon: +49 351 8925 886

“Modern, intelligent answers are needed to the technological questions and challenges of our time. With the speed at which high-performance computers are developing, the post-quantum threat is very real,” says BSI President Claudia Plattner, assessing the situation. “We must make targeted use of Germany’s existing excellent technological expertise to increase cyber security. I am delighted that we are pulling together with our international partners. Our joint appeal to companies and institutes: Take steps towards quantum-safe encryption today.”

Two fundamentally different approaches to quantum-safe encryption are being discussed. In addition to post-quantum cryptography (PQK), this is quantum key distribution (QKD). From the perspective of the BSI and its international partners, QKD technology has many limitations in its current state. For example, special hardware is required as QKD cannot be implemented on conventional hardware. This leads to high costs. In addition, the short range due to signal loss in the fiber optic cable further restricts the area of application. Due to the high costs, the use of QKD technology would only be justifiable in future in situations where specific safety requirements justify the costs and less expensive options cannot be implemented. The BSI believes that research in the field of QKD technology should be driven forward in order to overcome the aforementioned limitations. However, its use at the present time is limited to a few niche applications. Even in applications where the use of QKD would be suitable, the technology is not sufficiently mature to fulfill all security-relevant aspects.

PQK, on the other hand, can be implemented on classic hardware and is available at short notice: The first standards developed in a process organized by the US NIST are expected to be published in 2024.

The authorities involved are therefore unanimously in favour of focusing on post-quantum cryptography when migrating to quantum-safe encryption methods.

Depending on the use case, it should be considered early and continuously – adapted to current developments – as part of a measured risk management process whether and when a switch to quantum computer-resistant methods should be made. In its recommendations for action, the BSI outlines measures on how a migration to post-quantum cryptography can be initiated today.

– – – – – –