by Bianca Gonzalez, Activist Post:
Digital identity and trust provider Trust Stamp has released a white paper explaining the threat of quantum computing to biometric systems and making recommendations to minimize the risks.
Quantum computers will open opportunities to solve problems in biometrics, drug synthesis, financial modeling, and weather forecasting, among other areas, according to Trust Stamp. But they will also be able to decrypt most of the encryption systems used to secure the internet and protect data today.
While experts expect quantum computers will not be able to scale to defeat such systems for at least another ten years, the white paper claims, entities should address “harvest now, decrypt later” (HNDL) attacks proactively.
TRUTH LIVES on at https://sgtreport.tv/
Through an HNDL approach, an attacker could capture encrypted data pending the availability of quantum computing-enabled decryption. It is worth noting that this cyber threat would be heavily resource-intensive to perform. Such an attack would most likely only be feasible by a nation-state and would target information that would remain extremely valuable for decades in the future.
Still, HDNL is an especially concerning threat for biometric PII, due to its relative permanence.
Certain data encryption methods are particularly vulnerable. Asymmetric, or public-key cryptography, uses a public and private key to encrypt and decrypt information. One of the keys can be stored in the public domain, which enables connections between “strangers” to be established quickly.
Because the keys are mathematically related, it is theoretically possible to calculate a private key from a public key. While conventional computers are not able to perform these calculations, quantum computers can solve problems such as factoring integers through Shor’s algorithm, rendering all public key cryptography (PKC) systems insecure.
Passkeys, digital signatures and digital certificates could potentially be decrypted after quantum computing scales, posing a risk to biometric systems that use them for verification.
Symmetric or secret key encryptions and hash functions will generally maintain their security, the white paper says. Symmetric encryptions use one key to encrypt and decrypt information and are often used between two parties with a well-established relationship, such as mobile communications and banking links.
Hash functions produce unique outputs from any given input. Changing the input at all will result in a completely different hash value. Hash functions are also irreversible. Hashes are often used to verify that data has not been altered or to check digital credentials. Wicket‘s biometric ticketing system, for instance, stores and compares hash functions taken from biometrics to authenticate attendees instead of the raw data itself. Other biometrics providers working with hashing include Keyless and ZeroBiometrics.
Specifically, AES symmetric encryption with larger keys and SHA-2 and SHA-3 hash functions with larger hashes will “generally remain secure,” the white paper reads.
