<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2826169&amp;fmt=gif">
Start  trial

    Start trial

      roundel-computer-chip-with-atom-rutherford-model-01

      The rapid advancements in quantum computing are revolutionizing technology, but they also pose a significant challenge to our data security.

       

      Classical encryption methods as we know them have safeguarded sensitive data for decades, now they are vulnerable to the computational power of quantum computers. This is where being mindful of a quantum-safe Postgres database can ensure that our digital infrastructure remains secure in a post-quantum world.

      Discover why quantum-safe PostgreSQL is essential in today's rapidly advancing technological landscape, and learn how to secure your data against future quantum threats.

      In this blog post, I will explore the concept of quantum-safe cryptography, why it is important to not only Postgres but any database, and how organizations can prepare for the challenges and opportunities it will present.

      The current state of encryption

      At the most basic level, encryption is the process of protecting information or data by using mathematical models to scramble it in such a way that only the parties/key holders can unscramble and access it.

      There are three stages of encryption, which come to mind if you consider from the moment of a keystroke until the data reaches its destination.

      • Data in use – The entry point of data collected.
      • Data in transit – Traffic between two nodes (traveling data).
      • Data at rest – Storage destination for data (typically on disk).

      Along with encryption, our focus on cyber security is understanding what best practices and compliance standards must be in place. When using an open-source database such as PostgreSQL, it is critical to research and increase knowledge on the secure features available and what may be missing, based on the needs on the workloads. We can then use these areas to reduce the risk of cyber attacks.

      Key focus areas

      • Access control
      • Authentication
      • Encryption
      • Auditing

      Best practice areas (beyond the database)

      • Operating system
      • Key management
      • Backups

      The goal is to use the best level of encryption that meets your needs of a particular workload, knowing that each workload may have different requirements. The encryption algorithms have multiple levels of configuration, not available by default, and may require an integration from vendor tools or enterprise versions of the open-source database to implement.

      This should include creating digital signatures and encrypting/decrypting using the pgcrypto extension or LUKS from the OS filesystem level. Both are the most common types you run into in the PostgreSQL world, but to truly protect data moving into the quantum realm, a more secure option for protecting data stored on a device will be needed.

      • Symmetric – AES, DES, 3DES
      • Asymmetric – RSA, ECC

      Deciding to implement something more secure requires you research best practices. You can find guidance on FIPS 140, implementing a cryptographic module, 256-bit key lengths/formats, and algorithms such as AES located in the best practices document provided by the U.S. National Institute of Standards and Technology (NIST).

      Understanding the criticalness of encryption and quantum provides enough proof to know it is not just a new buzzword that will fade away - especially with historic events offering a foundation for the future. Events of the year 1936 with the breaking of the enigma ciphers during World War II, led by none other than Alan Turing. Both the movie and book show insights to the idea of using the power of compute to break code.

      Check the book that tells how Alan Turing helped break the German Enigma ciphers during World War II — Alan Turing: The Enigma

      We can all agree that the age of Enigma was a log time ago, yet understanding Nevin’s law will tell us that the capability to break encryption is not that far off, especially with quantum computing power experiencing double exponential growth. With Moore’s law telling us that computing power doubles every two years, and we are a long way from 1936.

      Estimating the time it will take in seconds or years to break your key may be a mythical fact, but the time it could potentially take is relative to the power of compute.

      Size of key Hack crack attack time
      56-bit 399 seconds
      128-bit 1.02 × 1018 years
      192-bit 1.872 × 1037 years
      256-bit 3.31 × 1056 years

      Looking at the numbers can bring hesitation to the whole quantum concept of calculations. To explain the numbering system, we must first know the foundation for calculating. Quantum Bit or Qubit is the unit of information that can be stored, 10 - qubits equal 1024 combinations it can encode simultaneously.

      Year Quantum computer Qubits
      2020 Hummingbird 65
      2021 Eagle 127
      2022 Osprey 433
      2023 Condor 1,121
      2024 Flamingo 1,386
      2025 Kookabura 4,158

      But hang on – quantum is not just bad news

      Quantum compute applications have unique use cases that we all can benefit from.

      • Cyber securityroundel-circles-01

        Quantum random number generation, quantum key distribution, and post quantum cryptography are pivotal advancements in the realm of cybersecurity

      • Drug development/material scienceroundel-lab-flask-and-test-tube-01

        More efficient simulation or molecular interactions accelerates discovery and development of new drugs

      • Logistics/supply chain optimizationroundel-box-on-roller-as-supply-chain-02

        Optimization of complex logistics networks leads to more efficient transportation, warehousing, and delivery systems

      • Financial modelingroundel-graph-pie-chart-01

        Optimization of complex models for better investment strategies by leveraging advanced computational algorithms to analyze vast amounts of financial data

      • Artificial intelligenceroundel-brain-01

        Enhanced machine learning and data pattern recognition to achieve more accurate predictions and insights

      • Weather forecastingroundel-sun-and-cloud-01

        Improved accuracy of forecast/climate models

      How vulnerable are we?

      Of course, we are all vulnerable by not making any changes or at least setting a plan to secure our environments. We are safe with AES256 until 2050; yet also vulnerable, and should investigate algorithms like SIKE (Supersingular Isogeny Key Encapsulation) and other standards by NIST for post-quantum cryptography.

      Quantum-resistant encryption is a true possibility, taking advantage of techniques designed to withstand quantum attacks, ensuring long-term data security. Tasks such as quantum key distribution theoretically offers a solution to the key exchange problem. Sophistication of cyberattacks and computing will keep developing and leave you no choice.

      Quantum is moving faster than the speed of light or faster than we can keep up with. This means Postgres users should prepare for PQC or post-quantum cryptography today. Current cryptographic primitives like RSA and ECC will need to be replaced. Integrating PQC may require changes to the database schema and application code and implementing a strategy for enhanced key management and security updates. Postgres is known for both extensibility and flexibility, which can also lead you into trouble if you are not researching or consulting with experts.

      As I always say, you don’t just need encryption, you need the right encryption

      How to achieve quantum-safe Postgres

      I was at the PASS Data Community Summit last year, where I had the opportunity to talk about quantum-safe Postgres to an audience of Postgres and cyber security enthusiasts. You can check my session recording below.

      You can also view the material at your own pace in our dedicated webpage showing the content in slider format – here.

       

      Topics: PostgreSQL, Database security, PostgreSQL development, Encryption, NIST Cybersecurity Framework, Quantum computing, Quantum-safe encryption

      Receive our blog

      Search by topic

      see all >
      Tim Steward
      Principal Data Enterprise Architect, Fujitsu
      Tim has more than 20 years of experience in the industry with significant expertise in RDBMS, including but not limited to Postgres and Oracle, helping customers understand their architectural landscape and how they can leverage open-source database technology.
      Acknowledged as an experienced Technical Leader, Tim has spoken frequently in conferences and written numerous papers and blogs.
      Our Migration Portal helps you assess the effort required to move to the enterprise-built version of Postgres - Fujitsu Enterprise Postgres.
      We also have a series of technical articles for PostgreSQL enthusiasts of all stripes, with tips and how-to's.

       

      Explore PostgreSQL Insider >
      Subscribe to be notified of future blog posts
      If you would like to be notified of my next blog posts and other PostgreSQL-related articles, fill the form here.

      Read our latest blogs

      Read our most recent articles regarding all aspects of PostgreSQL and Fujitsu Enterprise Postgres.

      Receive our blog

      Fill the form to receive notifications of future posts

      Search by topic

      see all >