From threats to quantum-safe cryptography – how is digital trust built?

Blog post

Our society is digitalising at a rapid pace and the ability to trust the unknown is needed in a digital world. Our use of digital services is ever increasing. With our online banking, health and tax data being transferred from behind physical locks to digital storage mediums, we need to be able to trust that our data is protected even though safes are being replaced by cryptography.

For example, certain mistrust prevails in the trade policy on 5G networks as countries are making threat assessments on the new infrastructure. This has led to the full or partial exclusion of some businesses from the markets of certain countries. Another – partly justified – cause for concern is facial recognition technology, its purposes of use and the ways in which face recognition databases are being utilised. Various measures for restricting the use of facial recognition have already been implemented and new ones are constantly being considered both in the EU and the US.

Who or what can we trust in the digital world?

It is difficult to build functioning services and better communities for a digital environment without trust. Currently, trust is partly based on openness and, on the other hand, on familiar brands such as Google and F-Secure. It is not easy for individuals to ensure cyber security and the reliability of a digital environment. What is more, the selection of services and products to choose from is often limited. Even so, many of us trust passwords to protect information that we would not disclose even to our best friend. Also, it is often not possible to verify which data protection method has been used or to which parties our information is ultimately shared.

One of the key technologies for building trust is cryptography. To put is simply, cryptography refers to the creation of secure systems for the digital environment. One example is encrypting the content of messages, as done by messaging service Whatsapp. Cryptography also refers to numerous other information verification methods, such as digital signatures, and user identification solutions, such as password protection.

In an analogue world, the feeling of security is based on a combination of minor precautions: we lock our doors and windows, fasten the safety lock and, for even more security, we could install a surveillance camera in the corner of our plot. Also, in the digital world, trust is the sum of many things and cryptography cannot ensure security on its own. In addition to encryption methods, we need to have secure software and equipment implementations and understand how people behave in different situations. But with most digital services, attempting secure implementation without cryptographic techniques is futile. In other words, encryption methods are essential for the development of our digital society.

Security requires anticipating the future

This new decade will see us facing some key themes related to encryption methods. Quantum-safe cryptography is one area in which solutions are expected and needed soon. Set to boom in the near future, quantum computers will make it possible to efficiently decrypt the existing encryption methods used to make digital signatures and share encryption keys online. Although such computers do not exist yet, we need encryption to be able to secure our data in the long run and the existing methods may not be up to the task. Luckily, new methods have already been developed and their standardisation is underway. The new standards will be ready in the first half of the decade and introducing them will be a major push for the second half.

Another fascinating endeavour which has not attracted much attention is the development of cryptography for human senses. Currently cryptography is based on hard mathematical problems that humans cannot solve without machines. However, it would be important to include human capabilities to the building of trust and verification as well. In the future, new technologies could enable the building of digital trust on the basis of the personal experience and understanding of humans. It would eliminate the need to almost blindly trust various hardware, software and their manufacturers.

However, there is not much previous research on encryption methods accessible with human senses, such as visual cryptography understandable to the human eye, and the application of such methods is marginal. This is partly due to the failure to implement similar functionalities as performed by solutions designed for computers. For example, public key cryptography for human senses has hardly been researched at all and no solutions are available at the moment.

A functioning society is based on trust in its basic institutions and a digital infrastructure with its services is no exception. The building of digital trust requires continuous development of multidisciplinary technologies capable of anticipating the future, especially those related to encryption, but empathy and understanding of the human side of trust-building are also needed.