Post-Quantum Cryptography For Battery Security (BatSec 7/6)
The Tanktwo Battery Operating System (TBOS) uses software to solve battery challenges that stump traditional battery technologies and industry veterans. But with software comes cybersecurity and access control issues, so we developed a robust battery security architecture to protect high-value assets and support the electrification of critical infrastructure.
Here comes the plot twist: Can quantum computers crack our security architecture?
TL; DR: Yes, quantum computers can crack our current algorithms. No, we aren’t panicking — not even the slightest. Let’s start from the beginning:
First thing first: What exactly is quantum computing, and what is the big deal?
Quantum computers are essentially super fast computers using the principles of quantum mechanics to perform tasks at speeds unachievable by today’s computers.
So what contributes to the super speed? Classical computers use binary bits (i.e., 0s and 1s) and follow a sequential execution model. On the other hand, quantum computers use qubits, which can simultaneously exist in multiple states to perform numerous calculations in parallel.
As such, quantum computers are best for factoring large numbers, searching unsorted databases, and simulating quantum systems. One with enough computing power can easily crack today's encryption algorithms thanks to the unprecedented speed — posing a looming threat to data security and access control.
Classical cryptography will become vulnerable
Quantum computing is no longer science fiction. Some security experts project that quantum computers may become powerful enough to break today’s cryptographic algorithms (e.g., RSA, DSA, ECC) in just 10 to 15 years. Security experts and organizations are racing to develop and adopt post-quantum cryptography (PQC) that can withstand attacks from quantum computers.
What is post-quantum cryptography?
PQC addresses classical cryptography's vulnerabilities with new cryptographic techniques and algorithms. It protects the security and privacy of digital communications and data exchange when quantum computers become powerful enough to break classical cryptographic schemes.
The National Institute of Standards and Technology (NIST) held a public competition to select and standardize a new set of cryptographic “primitives.” They use fundamentally different mathematical techniques than what underlies RSA and ECC to protect sensitive data in a quantum-threatened environment.
There are four winning algorithms: The CRYSTALS-Kyber algorithm provides general encryption (e.g., for securing data exchange between browsers and web servers.) CRYSTALS-Dilithium, FALCON, and SPHINCS+ support digital signature or remote document signing.
So, the good news is that we have the technical solutions to address security threats posed by quantum computing. The challenge is for organizations globally to implement the new encryption standards while keeping everything chugging along.
Back to batter security and why we aren’t panicking about PQC
At Tanktwo, we pride ourselves on being thoroughly paranoid. We thrive on preventing battery fires, supporting national security, and enabling water-tight energy accounting.
We use state-of-the-art cryptographic methods for authentication and authorization to protect data in flight and at rest. We’re obsessed with keeping batteries — an expensive asset — in the hands of the right people and ensuring everyone stays honest.
We create an airtight system with best practices from multiple adjacent industries, like information technology, finance, defense, and more. We even have some of the best white-hat hackers on the payroll to keep ourselves honest.
But why aren’t we scrambling to implement quantum-safe cryptography?
Security through agility, not obscurity
The truth is any software architecture has vulnerabilities, and new techniques are developed every day to find and exploit loopholes. The best security model isn’t to build an impenetrable fortress (that’s a losing battle). A long-term solution is achieving security through agility. In our case, it works in a few dimensions. Let’s put the pieces together.
The foundation
We built TBOS by combining various tried-and-true, best-in-class technologies widely deployed in multiple industries, including those requiring the highest level of security. We leverage a global network of security experts and the aggregated intellect of cybersecurity professionals in adjacent fields to watch for vulnerabilities and devise solutions.
For example, we monitor the Common Vulnerabilities and Exposures (CVE) database lists. If any technology we use has a suspected vulnerability, we’ll immediately analyze its relevance and address the issues.
The timeline
Today’s quantum computers aren’t powerful enough to break classical cryptography. We have quite a long way to go, and the PQC field is still nascent.
Organizations that coordinate and store data from multiple sources and/or share data with numerous parties may need to start planning their data migration processes now to avoid getting caught with their pants down.
But for our relatively self-contained ecosystem that doesn’t require extensive coordination with external parties, moving too fast before the dust has settled could lock us into the wrong technology or cause us to miss out on the latest development. Who starts cooking their Thanksgiving turkey on Labor Day?
The urgency
Imagine one day Dr. Evil has his fingers on a quantum computer that can handle 1,000-digit numbers. They’ll take on the juicy, obvious candidates first: Banking data, malevolent mass surveillance, massive-scale identity theft, and, of course, cryptocurrencies (which will be dead the moment quantum computers become a thing.)
Batteries, while valuable assets, will very unlikely make it to the top of that list.
Since our system uses best-in-class, widely implemented technologies, we can promptly leverage solutions from the global security community to address the issue. (Franky, if they can’t solve it immediately, we have a bigger problem.)
The agility
Our architecture's ability to quickly adapt to changes in the underlying technologies allows us to integrate the latest security updates in a heartbeat. We’ll push out a global software upgrade to replace the suddenly frowned-upon non-quantum-safe crypto with one of the many readily available quantum-safe algorithms — and we'll plug along like nothing has happened.
