SAP Eyes Quantum-Safe Cryptography|
May 7, 2020
we think data security and business trust are in crisis mode now, wait
until the threat of quantum computing becomes real. Better yet, start
looking ahead to quantum-safe cryptography.
Also called quantum-resistant or post-quantum, this next generation of
cryptography will be designed to withstand a quantum computer-based
“Cryptography is the last line of defense when it comes to protecting
data across every organization’s applications and communications
platforms, as well as storage systems,” said Dr. Mathias Kohler,
research manager at SAP Security Research. “Companies can’t wait for
quantum computers to emerge. They need to estimate the potential impact
and develop mitigation strategies early.”
According to experts, quantum computers will be able to calculate the
prime factors of an integer much faster than classical computers, posing
a fundamental threat to many currently secure software applications on
the planet. As scary as that prospect sounds, it is important to
remember that quantum computers with sufficient power do not exist yet.
That gives organizations a precious window of opportunity to be prepared
for cryptography 2.0.
Strong Business Case for Being Prepared
Current state-of-the-art, cloud-based computing may be safe for the
moment, but it could become infinitely more vulnerable when more
powerful quantum computers take hold. For example, quantum-safe
cryptography is central to preventing corporate data espionage around
everything from proprietary ingredients and formulas to differentiating
processes and valued business relationships.
“Every serious software vendor today needs to investigate how they will
address the upcoming quantum computing cryptography challenge,” Kohler
said. “Criminals could collect all the currently encrypted data and wait
until quantum computing is available and exploit it then. Organizations
have to look ahead and prepare for the next generation of encryption to
Kohler added that quantum computing also challenges the viability of
blockchain and bitcoin, which rely on signature-based cryptography. Some
experts believe it would render current blockchain technology obsolete.
Exploration for Future-Proof Software
Industry organizations worldwide are working on standardization efforts,
experimenting with algorithms for quantum-safe cryptography. SAP is
actively involved in exploring this next generation of quantum-safe
encryption, specifically evaluating standardization models aligned with
the company’s strategy and software application solutions. Teams at the
company have some early research results from proof of concept projects
comparing the performance of quantum-safe standardization candidates to
classical signature encryption.
“We found that certain candidates were not appropriate for IoT-based
devices due to limited computing power and storage that prevented a much
longer than usual signature and public/private key from being stored on
the device,” said Tobias Dyrba, senior software engineer for the SAP ASE
Platform. “Without that capability, you cannot encrypt or sign your
information, making the algorithm useless. In other experiments, we
found performance was comparable to classical encryption models.”
Encryption Secures Customer Trust
When it comes to data security and privacy, the stakes are high in every
industry. With the help of quantum computers, criminals could trigger
false orders within automated systems. Manufacturers could waste
resources trying to manage vast unused inventories or shipments routed
to the wrong locations. Robot-intensive factories could face production
line disruption when attacked by criminals using quantum
computer-directed programming, not to mention the untold damage that
fraudulent, sensor-based data could inflict on farms, power plants, and
secure cryptography translates to customer trust. The latest IDC survey
of CEOs worldwide found that building digital trust programs was the No.
1 new agenda item for growth in the next five years. Some analysts view
trustworthiness as a competitive advantage. Gartner researchers
predicted that in 2020, digitally trustworthy companies would generate
20 percent more online profit than those who were not.
“Organizations using quantum-safe cryptography can better protect
citizens against voting and tax fraud,” Dyrba said. “It will also
prevent businesses from accepting and deploying fraudulent software
updates from seemingly valid resources, heading off catastrophic system
While there is no definitive time frame for quantum computers to emerge,
they are certain to usher in the next generation of quantum-safe
cryptography. And that is a data protection promise that customers
expect every organization to keep.