In the world of quantum computers, the need for an advanced approach to cybersecurity is more necessary than ever. As a result, thought leaders in the post-quantum cryptography (PQC) space are looking for ways to utilize artificial intelligence to enhance and harden their cryptographic systems. Together, PQC and AI have the potential to increase the security of our digital systems in numerous ways. More specifically, these two fields combined can augment threat detection, strengthen anomaly detection, provide dynamic algorithm changing, and optimize cryptographic key rotation algorithms.
First, it is critical to understand the quantum threat. It refers to the potential risk posed by quantum computers, which could compromise the security of the world’s encrypted information by breaking the cryptographic algorithms currently used to protect it. Quantum computers are computing machines that leverage the principles of quantum mechanics to perform specific computational tasks exponentially faster than classical computers. Importantly, using Shor’s algorithm, quantum computers can efficiently factor integers and solve the discrete logarithmic problem, which is assumed to be computationally infeasible today and therefore is the foundation of many cryptographic algorithms. In academia, it is believed that there is a high possibility a quantum computer will be able to break classic encryption within 10 years or less. When fully developed, it would allow for an adversary to have complete access to sensitive information such as bank account details, medical records and classified government data.
As the capabilities of quantum computers are ramping up, the world must act now. It is well known that adversaries and governments are currently storing data with the intention of using a quantum computer to decrypt and potentially exploit it. In the cryptography field, this is called Store Now, Decrypt Later (SNDL) and is a primary motivator as to why we need large-scale adoption of post-quantum cryptography now. The companies and governments who wait to implement PQC run the risk of adversaries obtaining even more sensitive data than they already have. It is not a matter of “if” our data will be decrypted, it’s a matter of “when” and “how much.”
As stated above, quantum computers threaten the security of many industries such as financial, medical and other areas where sensitive data must remain private. The quantum age is inevitable and coming fast. At the lowest level, the difference between an encryption algorithm for classical computing and a post-quantum algorithm is that a post-quantum algorithm is just a more complex math problem. However, at the highest level we have the potential to make fundamental alterations to the standard of our encryption solutions. As the world transitions, we have an opportunity to adopt a more modern cryptographic solution that utilizes a subset of artificial intelligence-machine learning to be anticipatory and adaptive to different threats based on different models of risk scores and policy evaluations.
Threat detection is one of the key ways we can enhance the security of a cyber system with ML. Threat detection refers to the ability to identify and respond to cybersecurity threats in real-time. Just as ML can expand the capabilities of PQC solutions, AI when coupled with quantum computers has the potential to create new complex and modern cybersecurity threats. Therefore, threat detection has become an essential component of any cybersecurity strategy. ML can assist in threat detection by analyzing large volumes of data from various internal sources in real-time. By leveraging machine learning algorithms, a model can identify patterns in the network traffic or data that may indicate a potential threat.
Similar to threat detection, cyber anomaly detection refers to the ability to identify unusual or unexpected events that may indicate a potential threat. Traditional cybersecurity systems rely on predefined rules to detect anomalies, but these rules may not be effective against the new and emerging cybersecurity risks that quantum computers are bringing to the cyber field. It is imperative for cybersecurity systems to become faster and smarter as the threats are getting faster and smarter. Both anomaly and threat detection are imperative for a healthy cryptographic system as they will be the first line of defense against the unprecedented threats posed by quantum computing.
Furthermore, ML can play a significant role in enhancing post-quantum cryptography solutions by enabling cryptographic algorithm swapping. Post-quantum cryptography is designed to be resistant to quantum attacks, using mathematical problems that are believed to be quantum resilient. There are currently multiple different algorithms going through the National Institute of Standards and Technology’s screening process, including KYBER, Falcon and BIKE. However, with the advancement of technology, it is possible that these algorithms will also become vulnerable to quantum attacks in the future. This points to the critical importance of having a cryptographic system that is agnostic to which algorithm it uses. ML can help identify the best algorithm to use for a given situation, optimize it for efficiency and security, and automatically swap the key algorithm. By integrating ML into PQC solutions, we can enhance the security of our data and ensure that our systems are resilient to the ever-evolving threat landscape.
Additionally, cryptographic key rotation is a technique used to secure data by replacing the original key with a new one. However, choosing the appropriate key and determining when to swap it on the fly can be a complex task. This is where an ML model comes in. By analyzing network traffic, ML algorithms can identify anomalous behavior and recommend the appropriate cryptographic key to use. For example, if there is a risk of a brute force attack, the ML model can recommend the use of longer and more complex keys. By automating this process, ML can improve the efficiency and accuracy of cryptographic key swapping, ultimately enhancing the security of sensitive data.
There is a plethora of other avenues for how ML can integrate with PQC. This being said, there are important requirements to allow for the implementation of ML into a cryptographic ecosystem. On a large scale, the currently utilized cybersecurity ecosystem is insufficient to support an advanced cybersecurity system that is required for accepting and implementing ML. To face smarter, modern cyber attackers, our defenses must be able to be proactive and reactive based on attack patterns. More specifically, an advanced cybersecurity system is dependent on a more advanced software-based infrastructure. Likewise, a solution with proper key rotation cannot be implemented without having a system that is agnostic to which cryptographic key or algorithm it utilizes.
At the highest level, quantum computers are vast computational hardware improvements, while AI/ML provides seemingly limitless software potential. Combined, it is unimaginable what utility they can provide to an attacker. However, we can bolster the security of our devices by leveraging ML into our end-to-end encryption solutions. The thought leaders in the cybersecurity space are aware of the limitations of current encryption architecture and so are the attackers. If we want our cyber solutions to be smarter and protect our data from bad actors, we must implement a sophisticated, cutting-edge PQC system that leverages ML for good.