Classical encryption methods as we know them have safeguarded sensitive data for decades, now they are vulnerable to the computational power of quantum computers. This is where being mindful of a quantum-safe Postgres database can ensure that our digital infrastructure remains secure in a post-quantum world.
In this blog post, I will explore the concept of quantum-safe cryptography, why it is important to not only Postgres but any database, and how organizations can prepare for the challenges and opportunities it will present.
The current state of encryption
At the most basic level, encryption is the process of protecting information or data by using mathematical models to scramble it in such a way that only the parties/key holders can unscramble and access it.
There are three stages of encryption, which come to mind if you consider from the moment of a keystroke until the data reaches its destination.
- Data in use – The entry point of data collected.
- Data in transit – Traffic between two nodes (traveling data).
- Data at rest – Storage destination for data (typically on disk).
Along with encryption, our focus on cyber security is understanding what best practices and compliance standards must be in place. When using an open-source database such as PostgreSQL, it is critical to research and increase knowledge on the secure features available and what may be missing, based on the needs on the workloads. We can then use these areas to reduce the risk of cyber attacks.
Key focus areas
- Access control
- Authentication
- Encryption
- Auditing
Best practice areas (beyond the database)
- Operating system
- Key management
- Backups
The goal is to use the best level of encryption that meets your needs of a particular workload, knowing that each workload may have different requirements. The encryption algorithms have multiple levels of configuration, not available by default, and may require an integration from vendor tools or enterprise versions of the open-source database to implement.
This should include creating digital signatures and encrypting/decrypting using the pgcrypto extension or LUKS from the OS filesystem level. Both are the most common types you run into in the PostgreSQL world, but to truly protect data moving into the quantum realm, a more secure option for protecting data stored on a device will be needed.
- Symmetric – AES, DES, 3DES
- Asymmetric – RSA, ECC
Deciding to implement something more secure requires you research best practices. You can find guidance on FIPS 140, implementing a cryptographic module, 256-bit key lengths/formats, and algorithms such as AES located in the best practices document provided by the U.S. National Institute of Standards and Technology (NIST).
Understanding the criticalness of encryption and quantum provides enough proof to know it is not just a new buzzword that will fade away - especially with historic events offering a foundation for the future. Events of the year 1936 with the breaking of the enigma ciphers during World War II, led by none other than Alan Turing. Both the movie and book show insights to the idea of using the power of compute to break code.
We can all agree that the age of Enigma was a log time ago, yet understanding Nevin’s law will tell us that the capability to break encryption is not that far off, especially with quantum computing power experiencing double exponential growth. With Moore’s law telling us that computing power doubles every two years, and we are a long way from 1936.
Estimating the time it will take in seconds or years to break your key may be a mythical fact, but the time it could potentially take is relative to the power of compute.
Size of key | Hack crack attack time |
56-bit | 399 seconds |
128-bit | 1.02 × 1018 years |
192-bit | 1.872 × 1037 years |
256-bit | 3.31 × 1056 years |
Looking at the numbers can bring hesitation to the whole quantum concept of calculations. To explain the numbering system, we must first know the foundation for calculating. Quantum Bit or Qubit is the unit of information that can be stored, 10 - qubits equal 1024 combinations it can encode simultaneously.
Year | Quantum computer | Qubits |
2020 | Hummingbird | 65 |
2021 | Eagle | 127 |
2022 | Osprey | 433 |
2023 | Condor | 1,121 |
2024 | Flamingo | 1,386 |
2025 | Kookabura | 4,158 |
But hang on – quantum is not just bad news
Quantum compute applications have unique use cases that we all can benefit from.
- Cyber security
Quantum random number generation, quantum key distribution, and post quantum cryptography are pivotal advancements in the realm of cybersecurity
- Drug development/material science
More efficient simulation or molecular interactions accelerates discovery and development of new drugs
- Logistics/supply chain optimization
Optimization of complex logistics networks leads to more efficient transportation, warehousing, and delivery systems
- Financial modeling
Optimization of complex models for better investment strategies by leveraging advanced computational algorithms to analyze vast amounts of financial data
- Artificial intelligence
Enhanced machine learning and data pattern recognition to achieve more accurate predictions and insights
- Weather forecasting
Improved accuracy of forecast/climate models
How vulnerable are we?
Of course, we are all vulnerable by not making any changes or at least setting a plan to secure our environments. We are safe with AES256 until 2050; yet also vulnerable, and should investigate algorithms like SIKE (Supersingular Isogeny Key Encapsulation) and other standards by NIST for post-quantum cryptography.
Quantum-resistant encryption is a true possibility, taking advantage of techniques designed to withstand quantum attacks, ensuring long-term data security. Tasks such as quantum key distribution theoretically offers a solution to the key exchange problem. Sophistication of cyberattacks and computing will keep developing and leave you no choice.
Quantum is moving faster than the speed of light or faster than we can keep up with. This means Postgres users should prepare for PQC or post-quantum cryptography today. Current cryptographic primitives like RSA and ECC will need to be replaced. Integrating PQC may require changes to the database schema and application code and implementing a strategy for enhanced key management and security updates. Postgres is known for both extensibility and flexibility, which can also lead you into trouble if you are not researching or consulting with experts.
As I always say, you don’t just need encryption, you need the right encryption.
How to achieve quantum-safe Postgres
I was at the PASS Data Community Summit last year, where I had the opportunity to talk about quantum-safe Postgres to an audience of Postgres and cyber security enthusiasts. You can check my session recording below.