Quantum computers: the opportunity and cyber security threats for the legal profession
Secure Chorus Chairman Elisabetta Zaccaria (pictured) discusses how quantum computers will create huge innovation for the legal profession. But, with opportunities come information security threats, which means today’s encryption methods need to be upgraded with ‘quantum-safe’ equivalents.
Quantum-related technologies have the potential to massively disrupt the legal services industry, opening up exciting new capabilities. Quantum computers will be able to perform complex tasks and improve efficiencies at a speed and scale human lawyers could not hope to achieve, such as accessing archived data and data processing. While many of these tasks will be of an administrative nature, such as eDiscovery and automated contract drafting, quantum computers will also be able to undertake far more sophisticated tasks. These will include the design of legal positions from precedents, drawing analogies between cases, principles, policies and negotiating in dynamic legal environments.
At the same time, the arrival of quantum computers creates a problem in the field of data security due to their ability to solve complex mathematical problems better and faster than the computers we use today. These mathematical problems are at the core of public key cryptography methods currently used to protect legal firms – indeed all governments, public and private sectors – to securely store and communicate sensitive data.
The main difference between currently deployed (so-called ‘classic’) computers and quantum computers is the advantage of ‘superposition’ and ‘entanglement’. Due to these two features, quantum computers will be able to factorise large numbers and search through large volumes of unstructured data. The security of public key cryptography fundamentally relies on the difficulty in factorising large numbers, or on the difficulty in calculating discrete logarithms. This means that quantum computers will be able to break the cryptographic keys quickly, and will, as a result, place a legal firm’s most valued asset – the data it holds – at risk.
One method of developing quantum-safe cryptography is to deploy a new set of public key cryptosystems for classic computers. These cryptosystems are called ‘quantum-safe’ or ‘post-quantum cryptography’. The principle behind them is the use of mathematical problems of a complexity beyond quantum computing’s ability to solve them. The information security industry currently recognises five types of cryptosystems as promising replacement candidates for current cryptography. These are: hash-based, code-based, lattice-based, multivariate-based and supersingular isogeny-based. International standards bodies, including the National Institute of Standards and Technology (NIST) in the USA, are currently in the process of conducting more analysis and research before they can go forward on determining which of these to adopt.
Secure Chorus is following the development of quantum-safe cryptography closely and engaging with governments, industry and academic institutions globally to evaluate outcomes as they become available so that we can identify a long-term strategy for adopting quantum-safe cryptography into the Secure Chorus cryptography standard of choice: MIKEY-SAKKE.
MIKEY-SAKKE is a method of key exchange that uses Identity-based Public Key Cryptography (IDPKC) to establish a shared secret value and certificateless signatures to provide source authentication. It has been developed by the UK government’s National Technical Authority for Information Assurance (CESG), which advises on how to protect information and information systems against today’s threats. CESG is now part of the National Cyber Security Centre (NCSC) which is a government member of Secure Chorus. MIKEY-SAKKE was standardised by the Internet Engineering Task Force (IEFT) and has recently been approved by the 3rd Generation Partnership Project (3GPP), the body responsible for standardising mobile communications for use in mission-critical applications.
MIKEY-SAKKE has several desirable features for the IT systems of legal firms. These include end-to-end encryption centralised management, giving organisations full control of IT system’s security, as well as the ability to comply with any data auditing requirements through a managed and logged process. Additional benefits include scale and flexibility.
Secure Chorus’ members develop interoperability standards for MIKEY-SAKKE-based information security products. Interoperability is a critical feature for the IT systems of legal firms. The traditional approach that focused on protecting the security perimeter of a legal firm doesn’t fully address the issues arising from the interconnection and hyper-digitalisation, which pushes the security perimeter beyond organisational boundaries through a global network of interconnected technologies.
Secure Chorus recently collaborated with one of our partner members – ISARA Corporation – to produce a white paper on post-quantum cryptography. ISARA Corporation, a leader in the field, is committed to the collaborative development of quantum-safe standards at the European Telecommunications Standards Institute (ETSI). ISARA is also working with Secure Chorus to evolve MIKEY-SAKKE to become quantum-safe.
Entitled ‘The Quantum Revolution: Security Implications and Considerations’, the paper provides a framework for assessing if and when organisations need to start protecting themselves against the threat from quantum computers. It also addresses the key considerations an organisation needs to take into account when migrating to a new cryptography standard. The paper introduces the MIKEY-SAKKE identity-based public key open cryptography standard, and explains that this cryptography standard, if made quantum safe, would offer a unique combination of benefits to the legal sector.
While it will be a decade before quantum computing has any significant effect on the legal services industry, its potential impact on information security means that legal firms must begin to prepare for its arrival now. In security terms, this should be done through quantum risk assessments as well as investment in well-recognised and endorsed quantum-safe public key cryptography.
This article is based on a new white paper entitled ‘The Quantum Revolution: Security Implications and Considerations’ co-authored by Secure Chorus and the ISARA Corporation.
To download your free copy go to the Secure Chorus website www.securechorus.org