In recent days we started hearing a lot about Quantum Computing and how it will change the world the way it getting operated now. We also started seeing a discussion about how it will impact cybersecurity from both hacker’s point of view and organizational defence point of view.
When we think about security, the first line of defence is cryptography. This is most wildly used security major to protect data when it is moving across the network or it is stored for future use. When we see that green lock in front of any browsing link we rest assure our transactions, maybe it is e-commerce site purchase or checking e-mail, is protected from the prying eyes of hackers. The algorithm used for this kind of encryption is the public key algorithm.
Now imagine 20 years from now there is the big headline, all the public key cryptography controls used in government, banking industry and internet are broken by the power of quantum computers … how much panic this will create ..our confidence in using the internet will be stifled…
Quantum computing research is growing exponentially, sooner than later we will have commercially available quantum computers. We cannot wait for that headline …..We have to start identifying the ways to make sure, encryption algorithms will not be impacted by quantum computing.
In this article, we will discuss how quantum computing will impact cryptography, what is Post-Quantum Cryptography (PQC) and current challenge post-quantum cryptography will have to face.
Impact of Quantum Computing on Current Cryptography
“There is a 1 in 7 chance that some fundamental public-key crypto will be broken by quantum by 2026, and a 1 in 2 chance of the same by 2031.” – Dr. Michele Mosca, U. of Waterloo
The currently used, most popular cryptography algorithms security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem and/or the elliptic-curve discrete logarithm. With speed of quantum computing, these encryption keys can be broken down easily. Please refer my previous blog “How Quantum Computing Will Impact Cyber Security” for more on quantum proof encryption.
“For public key cryptography, the damage from the quantum computer will be catastrophic,” Lily Chen, mathematician, and leader of the National Institute of Standards and Technology’s Cryptographic Technology Group
This raises the obvious question, what cryptosystems to use after quantum computers are built?
What is Post-Quantum Cryptography (PQC)?
As per the Wikipedia, the definition is “Post-quantum cryptography refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer.”
Post-quantum cryptography is, remaining secure assuming that hackers are having quantum computers. The cryptosystems should be able to scramble and unscramble data in such a way that quantum computers will not able to break the algorithms. The challenge for post-quantum cryptography is not only withstanding the speed of quantum computing but it is usability and gaining the confidence of users.
Challenges – Quantum Proof Cryptography…
Confidence – In classical cryptography there are algorithms like Merkle’s hash-tree public signature key and McEliece’s hidden-Goppa code public key encryption, though much stronger than RSA or DSA were not used widely as these were not able to gain the confidence of cryptosystem vendors. To build the confidence crypto analyst needs to get time to build the systems and test the algorithms.Also, require significant public engagement to assure trust in the algorithms.
Time to standardize – The current public key cryptography took almost 20 years from the publishing of the paper on cryptography to make it standard and use it in daily life. Though the technologies are evolving fast it will still take time to evaluate all proposed algorithms for their use in the current environment as well as effectiveness in the post-quantum era. As a part of the first-round submission, NIST has received 69 proposals for the Quantum proof cryptography
Usability and interoperability – We need to adapt to the many new ways to implement and use the PQC as well face the uncertainty about the security for quite some till we start trusting the protection provided by new standard PQC. We also must pay attention to the problems such as decryption failure, key exchange and answer following questions from the usability and interoperability point of view.
Is it possible to implement Standardized post-quantum cryptography in “classical” platforms?
How to limit communication bandwidth for the extremely processing constrained devices and can respond to resource intensive PQC ?
Can we allowed and is it feasible to have parallel implementations? Keeping existing encryption and implement PQC?
To Sum it up …..
We are not foreseeing the impact of quantum computing in immediate future but we have a lot of homework to be done to prepare for PQC.
The encrypted data which required to preserve coz of the regulatory requirements need to be protected using quantum proof cryptography.
Organizations like NIST are working on standardizing the PQC algorithms. These algorithms need to be tested in the real-life environment to deal with the challenges mentioned above. To get the PQC algorithms accepted we cannot ignore the time and efforts required to generate the awareness.