What Comes After Quantum Cryptography?
By Binu Panicker
Quantum computing is still very much in development and it is expanding rapidly as it impacts the field of safety, amongst others. Today’s computers use bits as units of information, logically a 1 or 0, or “on” or “off” state for a transistor. Quantum computers use transistors that can exist in multiple conditions at once; in other words, they can be both 1 and 0. There are mind-blowing amounts of qubits, or quantum bits, units of quantum information, on quantum computers. This leads to exponential increases in computing speed, which depends on the number of qubits in a device. Due to the massive increase in computing power, cryptographic methods that once required many computers to attack can be easily cracked by a quantum computer in just hours.
What is Post-Quantum Cryptography?
The term post-quantum encryption is a misnomer. While quantum cryptography adequately explains quantum processes, post-quantum cryptography (sometimes called quantum evidence, quantum confirmation, or quantum documentation), refers to cryptographical algorithms that are protected from quantum computer attacks. The aim of cryptography is to brace itself for the quantum era by updating established mathematical algorithms and specifications.
Post-quantum cryptography focuses on the architectures built to encrypt information inside and outside the quantum realm. Special hardware encryption engines are needed for this encryption, only because for some high-throughput network infrastructures executing certain techniques in software may be too sluggish. The optimization technologies will be much better than current methods, like RSA and ECC (elliptic curve cryptography), if they were to be secured from side-channel threats. It may take two decades to introduce new public key encryption systems to support post-quantum cryptography. If we could somehow guess the exact timing of the introduction of the era of quantum computing, we can then start planning our information security system to survive quantum computing.
One defensive line is to expand digital keys to increase the number of combinations to be scanned with forceful programming, i.e., changing from 128-bit to 256-bit keys which doubles the amount of iteration to be done by a quota device using Grover’s algorithms. Another solution requires making more complicated secret door features, which will be difficult to break for a very efficient quantum computer with an algorithm such as Shor’s. Researchers can focus on a variety of methods using unusual strategies such as cryptography based on grid and super-singular key sharing isogenies. This will be challenging, only because cryptographic solutions are heavily integrated into several current programs, so it can take quite some time to dismantle and introduce new implementations. The National Academies report last year observed that a widely used cryptographic solution needed over a decade to retire entirely. Given the speed of quantity computation, this current security risk could not yet be tackled in the real world. Designers suggest integrating protection into the device’s hardware with a protected trusted third party and other integrated technology solutions to thwart computer viruses. Apps will also use secure system integration and cloud-based system key-management tools to protect their information from threats.
Post-quantum Cryptographic Algorithms
The National Institute of Standards and Technology (NIST) is scheduled to issue the first draft documents before 2024, implementing stateless quantum sensitive signatures, public key encrypting, and strong authentication algorithms. After that, the latest structured algorithms are supposed to be applied to encryption protocols such as X.509, IKEv2, TLS, and JOSE. The Internet Engineering Task Force (IETF) study on cryptography platforms also completed a centralization of two state-of-the-art hash algorithms, XMSS and LMS, which are now planned to be implemented by NIST as well. XMSS and LMS are the only cryptographic algorithms for production processes (such as firmware upgrades) presently available. Typically, the US uses the Commercial National Security Algorithm Suite to encrypt its networks. The federal government has already confirmed that after completion of the optimization by 2024, it will initiate a move to post-quantum cryptographic architectures. The assumption that the government is preparing to complete the transformation to post-quantum encryption by 2030 seems to suggest that it is likely that quantum computers, which break down P-384 and RSA 3072 will be secure for several decades. Top secret knowledge is also secured for 50 to 75 years.
What can we expect next?
For some sectors, quantum computers are likely to present no realistic danger to asymmetric cryptography for several years and are unlikely to present a serious challenge to symmetric cryptography. Corporations that would for a very long-time secure information or exposure should begin worrying about cryptographing. Currently, the US government is safeguarding details using the elliptical and RSA deformation which may be sufficient for civilian usages. Most corporations have gone completely digital over the past few years and markets are fully open via the Internet. Trust in the digital world is driven by the protection offered by advanced cryptographic algorithms. These approaches allow us to ensure that our knowledge is protected and that the user identity is safely preserved. Cryptographic vulnerabilities in this digital ecosystem would be nothing short of a challenge to any company.
A greater challenge on the horizon is the appearance of quantum processors that can tear down existing cryptographic techniques. Experts claim that the potential of quantum processors will undermine current encryption within the next eight years. Companies face the daunting challenge of defining, assessing, and evaluating the remediation process to secure their information against cryptanalysis abuses and compromises. The technology must be updated and replacing cryptographic approaches in the corporate world requires a combined infrastructure and business change campaign. Companies will have to start planning for this future transition to ensure they are protected against the rise of quantum technology.
About the author:
Binu is an experienced cybersecurity expert, consultant, and blogger who writes about information security and data privacy. Connect with Binu: @letsaskbinu on Twitter.