Malicious attackers are said to be leveraging quantum computing and are reportedly a real threat to the concept of digital identity security. This, according to a report from Juniper Research which noted that estimates for how long it could take for quantum computing to develop to the point of actually threatening current encryption standards are “widely varied, with sources predicting anywhere between a few years to a few decades.”
Juniper Research also mentioned that organisations such as the NIST are currently working on methods in order to combat this; developing various strategies to transition from the use of Public Key Cryptography (PKC) to Postquantum Cryptography (PQC), and aiming to more seamlessly move from one to the other in existing as well as newer systems, hopefully with a smooth enough change that “many users are unaware of the switch.”
According to the report from Juniper Research, this involves the development of new cryptographic algorithms that “were published last year by NIST, including Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), Module-Lattice-Based Digital Signature Algorithm (ML-DSA), and Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).”
DID controller: The DID controller is the entity “that has the ability to make changes to the DID document.”
Juniper Research further noted that this capability is typically asserted by the control of a set of cryptographic keys “used by software acting on behalf of the controller, but can be asserted by other mechanisms.”
• DID: The DID is a Universal Resource Identifier (URI) “made up of the schema, a method identifier, and a unique method-specific identifier.”
• DID URL: The DID URL extends the syntax of a basic DID “to incorporate other standard URI components, such as s path, query, and fragment, in order to locate a particular resource.”
An example of this is a “cryptographic public key inside a DID document.”
DID document: The DID document contains information “associated with a DID.” It typically expresses verification methods such “as cryptographic keys, and services relevant to interactions with the DID subject.”
As stated in the report, quantum computing is still a developing area of research that could potentially threaten the cryptographic systems that many digital identity solutions depend on to encrypt critical data.
The report further explained that as these cryptographic keys are primarily or mostly based on creating problems most (current) computers find challenging to solve, when quantum computing does actually develop further to become more powerful, “cryptography may not be enough to prevent keys from being decrypted.”
At present, most accounts that become compromised are “due to human error, rather than any weakness in the encryption method.”