Author: Gorka Oteiza, Innovation Architect, Lantik
Hundreds of millions of citizens across Europe entrust their most sensitive data to the governments of their countries, but… is this data really secure?
Terms like SSL, digital certificates, HTTPS, RSA or PKI, are commonly used nowadays, and are key to allowing us to either store information securely or transmit it between different systems with the guarantee that it will not be spied on.
The first mechanisms for data security
However, information encryption systems, those systems that alter the content of the information but allow the original message to be recovered, are not new. One of the best-known cases dates back to the times of ancient Rome with the famous Caesar's Cipher, where a simple displacement of characters made the message hidden from the view of inappropriate or even malicious eyes. A message/messenger intercepted by the enemy, could change the course of a battle during the wars of the empire.
Today, information and data are still some of the most valuable assets that people and governments possess, and their control offers a great deal of power. That is why, as computers and automated information processing has advanced, it has become a priority to find mechanisms to ensure data security.
Since the beginning of computing, one of the main tasks of machines has been to execute mathematical functions, and it is through these mathematical functions that the first algorithms for encrypting and decrypting information were implemented: algorithms based on symmetric cryptography first (the same key for encrypting and decrypting) and asymmetric cryptography next (different keys for encrypting and decrypting), the latter using complex mathematical functions that perform calculations with prime numbers.
Over time, computers evolved, the original transistors gave way to chips, and these chips had an increasingly larger scale of integration, thus incrementing computing and execution power, making information encryption/decryption functions, which were initially reserved for very specific niches, expand to all areas.
But, let's not forget that the basis on which these computers operate has not changed since their inception. Traditional computing, based on transistors or chips, based on 0/1 states, and thus, based on bits, has been the way to treat and process data for many decades. And the encryption algorithms used and their updates have been considered secure, since brute-force attacks (those attacks that try all possible combinations to find the right cypher key), required years or centuries of execution, depending on the speed of the machine where they were executed, and despite the continuous increase in computing power.
The advent of Quantum Computing
But a new contender is rising slowly in this scene: Quantum Computing. Using innovative technological features, and based on the properties of Quantum Mechanics and Quantum Physics, Quantum Computers, currently in an advanced experimental phase, work with atoms and their characteristics. Quantum Computers’ unitary piece of information is the Qubit - Quantum bit, allowing simultaneously both “basic” states, and taking advantage of Quantum Mechanics properties such as entanglement and superposition.
These Quantum Computers, through new algorithms designed specifically for them, are able to perform some traditional computation tasks millions of times faster, if not instantaneously on some occasions, making them virtually unbeatable while performing certain mathematical operations.
And, as previously stated, the security of information we share/store today is closely tied to the difficulty of breaking, by brute-forcing, the cypher key and the cryptography algorithm used, which is based on mathematical operations. This is something that Quantum Computing is easily able to do in certain cases, and will easily be able to do in probably all cases in the near future.
To prevent this scenario, which technologically speaking might be just a few years ahead, we need to start using Quantum Safe algorithms right now: algorithms that can be run on traditional computers, but that use advanced and complex mathematical functions and treatments, that can stand Quantum Computing attacks. This scenario is usually called Post-Quantum cryptography.
GovTech4All seeks to secure information in cross-border data spaces
GovTech4All is addressing innovation in this field through one of its pilots: “Secure Information in cross-border data spaces”. The pilot proposes two use cases: the first one dedicated to the skills & education sector, and the second one dedicated to the health sector, where Quantum Safe algorithms will be used to cypher sensitive information.
Additionally, an extra layer of security is being considered in the pilot: Fully Homomorphic Encryption - FHE. This family of encryption algorithms, allow it to work directly with the encrypted information without having to decipher it first. The kind of operations allowed with the cyphered information are simple: additions, subtractions, basic searches… and once the right information has been found or has been treated, it can either stay cyphered, be deciphered if additional treatments are needed, or just work with it as it is to generate statistics and obtain metrics, without revealing its content.
While Fully Homomorphic Algorithms have been around for a while, Quantum Safe algorithms are still in an experimental & solution-proposal phase, with final versions expected in 2024. The GovTech4All pilot “Secure Information in cross-border dataspaces” is keeping track of this evolution, to properly select the way to implement security in both use cases through Quantum Safe & FHE algorithms.
Exciting times to address data security through innovation, with GovTech4All!