Solving The Cyber Security Crisis: Why Symmetric Encryption Is The Way To Go
Encryption keys are critical for modern cryptography. Without them, we’d have to depend on the algorithm itself being a secret, which, as you can imagine, is incredibly hard to manage and monitor. A much easier and safer route is to use keys, which means that the algorithm can be fully known to an attacker without the worry of a breach - provided the keys remain secret.
That’s why solutions that are developed around symmetric keys rather than asymmetric ones - otherwise known as Public Key Infrastructure (PKI) encryption - are better, and for several reasons, which I’ll go into in this blog.
What is symmetric encryption?
Before we delve into what makes symmetric encryption a better route for cyber and quantum security, let’s look at how it actually works. As the name suggests, symmetric key encryption is a method of scrambling data by pressing the same key to both encrypt and decrypt it. To gain access to the protected data, symmetric encryption must exchange keys which are then used to decrypt the data. This is contrary to asymmetric encryption, which relies on a pair of different keys (one public and one private) used to encrypt and decrypt messages separately.
Why use symmetric encryption?
Put simply, symmetric encryption is far more secure than its asymmetric counterpart, and that’s a fact. Using symmetric encryption algorithms converts data into a form that can’t be understood by any system or person who does not possess the secret key to decrypt it. The most secure key lengths available would take the most powerful and sophisticated computers billions of years to guess through a brute-force attack. That’s why it’s the security method of choice for many banks and governments, as it’s particularly good at securing large amounts of data. Against the cybersecurity threats we face today, symmetric encryption is far superior to legacy PKI encryption, and it will also be able to withstand the quantum attacks of tomorrow.
Symmetric key encryption is also fast. Like, really fast. With symmetric keys, encryption and decryption are relatively easy to do. In contrast, speed is not PKI encryption’s strong point. PKI relies on relatively complicated mathematics to work, which takes an immense amount of computational processing power. When faced with processing large amounts of data, PKI encryption falls short.
And how does it stand up against Post-Quantum Algorithms?
Heavily discussed as an alternative to legacy PKIs, Post-Quantum Algorithms fall short when considered an effective security solution against cyber attacks, let alone quantum cyber attacks. As a cybersecurity tool, PQAs are just not mature enough to be reliable. For starters, they are much slower, requiring 1,488 times more processing cycles than symmetric key encryption. Nowadays, organisations need to be able to securely handle vast amounts of data daily. However, the longer the data takes to be processed, the more vulnerable it is to attack. Introducing PQAs as a security solution would slow down current systems by 1,488 times, putting any data it’s there to protect at risk. Quite simply, PQAs can never be described as “quantum-safe.”
If symmetric key encryption is the best option out there, why isn’t everyone using it?
This is a very good question. Symmetric keys are provably secure against any attack, including those from quantum computers. Using symmetric key encryption at scale demands a safe way to distribute the key to the party you’re sharing the data with. But until now, there has been no safe and efficient way to do this. Enter Arqit, a London-based start-up taking the quantum space by storm.
According to Arqit, its Platform-as-a-Service solution, QuantumCloud, is symmetric encryption, reborn for the cloud. It provides a method to create those keys at scale, providing stronger, simpler encryption to any device in the world. Its software creates an unlimited number of symmetric keys with partner devices that are computationally secure, zero-trust, and one-time. The process is very simple and fast. It is powered by quantum satellites in the cloud, which use a revolutionary new quantum protocol to solve all the previously known problems of quantum key distribution. Plus - as a PaaS, it can be used via the cloud by anyone, anywhere and on any device. Pretty neat ,if you ask me.
The next stage?
Last year Arqit announced a partnership with the California-based responsive launch company Virgin Orbit, to conduct two launches to Low Earth Orbit at the start of 2023 - which is just around the corner! The new satellites will use Arqit’s quantum protocol to create a backbone of secure keys within its customers’ data centres globally. They’ll also get a quantum-safe boundary that will protect those data centres against the cyber threats of today, as well as the quantum threats of tomorrow.
More recently, Arqit partnered with AUCloud and announced the launch of Australia’s first Sovereign Quantum Safe Encryption Service, bringing quantum-safe encryption to the region! This means that the Australian government and other businesses will be able to effectively protect themselves against the rising quantum threat, and avoid “harvest now, decrypt later” attacks. And that’s on top of improving overall cyber security for IoT, defence and financial services, which you can’t do with other post-quantum cryptography methods - once again, symmetric keys come out on top!