GDPR

Adatvédelem mindenkinek / Data protection for everyone

Preparation for the post-quantum era

2021. február 10. 13:00 - poklaszlo

The potential ability of quantum computing devices and their impact on current data protection practices, especially regarding the applicable data security measures (e.g. encryption) is a topic that needs to be addressed in a timely manner even if we are still far from the everyday and widespread application of the technology.

The European Union Agency for Cybersecurity (ENISA) published a study that "[...] provides an overview of the current state of affairs on the standardization process of Post-Quantum Cryptography (PQC)." As the study notes, "[p]ost-quantum cryptography is an area of cryptography in which systems are studied under the security assumption that the attacker has a quantum computer." (Study, p. 7)

The study introduces 5 main group of post-quantum algorithms that may be used in the era of quantum computing:

  • code-based,
  • isogeny-based,
  • hash-based,
  • lattice-based and
  • multivariate-based.

The study presents Round 3 candidates of the submissions to the United States National Institute for Standards and Technology (NIST) that were submitted to NIST as "[...] potential public key encryption and signature algorithms that would be secure in a world in which quantum computer existed." (Study, p. 6) The study details the design, the implementation, the cryptanalysis as well as the advantages and disadvantages of each Round 3 candidates. (In addition to this, some alternate candidates are also presented.)

It is also important that the last chapter of the study offers proposals that can be implemented now to protect the confidentiality of data against a potential quantum capable attacker. 

As the data controllers shall take the state of the art into account in designing the technical and organisational measures and data controllers shall be able to apply adequate measures both at the time of the determination of the means for processing and at the time of the processing itself, new standardized solutions shall be ready for application when we step into the post-quantum era, especially where the processing requires a long retention of personal data. The study also highlights that  

[i]f you encrypt data that needs to be kept confidential for more than 10 years and an attacker could gain access to the ciphertext you need to take action now to protect your data. (Study, p. 23)

Szólj hozzá!

A bejegyzés trackback címe:

https://gdpr.blog.hu/api/trackback/id/tr9116422392

Kommentek:

A hozzászólások a vonatkozó jogszabályok  értelmében felhasználói tartalomnak minősülnek, értük a szolgáltatás technikai  üzemeltetője semmilyen felelősséget nem vállal, azokat nem ellenőrzi. Kifogás esetén forduljon a blog szerkesztőjéhez. Részletek a  Felhasználási feltételekben és az adatvédelmi tájékoztatóban.

Nincsenek hozzászólások.
süti beállítások módosítása