Post-Quantum Cryptography – why now?
Quantum computing, poised as the fifth industrial revolution, is still quite abstract for many. In 2018, during the Microsoft Experiences days, I remember attending a conference on the challenges of quantum computing. A photo of a quantum computer was shown to the audience. It took up an entire room and its temperature had to be kept close to absolute zero, i.e. ‑273.15 °C.
Suffice it to say that feasible commercial use still seemed very far off! Let’s try to understand why, four years later, quantum computing no longer seems so far-fetched and, more importantly, is prompting many governments and vendors to publish strategies for migration and transformation for the quantum era.
Quantum computing: the next computer revolution
The so-called Moore’s law—named after Intel’s renowned co-founder Gordon Moore—has dominated computer development for decades. But as he had predicted, transistor miniaturization is nearing its limit, i.e. the physical size of an atom.
This is precisely where quantum computing comes in.
In broad terms, quantum physics provides the means to calculate and transmit information using “qubits” based on the principle of superposition, a property specific to quantum mechanics. This property—which is difficult to fathom even for scientific minds—consists in particles being able to exist in several different states at the same time. Thus, unlike a conventional computer bit, a quantum bit—or qubit—does not have to choose between the values 0 and 1. It can be both at once! This explains the exponentially increased computation power. These very promising prospects generally raise two major questions about mastering this new technology: when will it be sufficiently advanced to be industrialized and, above all, what will it be used for?
The quantum computing craze
The Boston Consulting Group has observed growing equity investments in quantum computing, as well as ramped-up investments from research centers and governments, since 2018. In France, the government released 1.8 billion euros in 2021 to develop quantum technologies.
These investments appear to be bearing fruit, as the technology has seemingly reached a milestone: the supremacy of quantum computing over classical computing. In an article published in the journal Nature on October 23, 2019, Google announced that it had achieved quantum supremacy. Its quantum computer is said to have solved an extremely complex calculation in just 3 minutes and 20 seconds, when the world’s fastest conventional supercomputer would have taken about 10,000 years to do the same. Naysayers will claim that the problem to be solved was tailor-made for the quantum computer, but progress has indeed been made! Other players, such as IBM, Microsoft, Amazon, and even Chinese universities, are not left behind and likewise claim similar achievements.
Clear use cases are also beginning to emerge. The following are four main areas in which the computation power of quantum computing could contribute to major advances:
- Simulation: The chemical and pharmaceutical industries have high hopes for complex physical and molecular simulations. These could allow for the development of new materials, new chemical compounds, such as fertilizers, or even new drugs, without resorting to laboratory experimentation.
- Optimization: In this case, the promise of quantum computing consists in optimizing complex systems, such as logistics planning (modeling maritime routing), energy management (combining renewable energies and fossil fuels), improving financial performance, optimizing telecommunication networks, meteorological systems, and many more.
- Machine learning: The very high processing capacity of quantum computing can also help to speed up machine learning workflows. Translation and sentiment analysis systems would move to a new level.
- Cryptography: This area obviously is the one that is of most interest to cybersecurity professionals, since the unleashed computational power would enable a cyber attacker to solve–in a reasonable amount of time–the mathematical calculations inherent in cryptography and in most common hash algorithms.
A threat to cryptography?
While it is considered an opportunity in other areas, quantum computing is perceived foremost as a threat to cryptography. With the advances mentioned above, this threat is beginning to take shape. So much so that many government agencies are developing and publishing quantum strategies and roadmaps to encourage businesses to take it into consideration.
As the ANSSI points out, the “security of the majority of digital infrastructures relies on public key cryptography”, which in turn “are essentially based on two mathematical problems: the factorization of large numbers and the discrete logarithm computation”. While a large-sized quantum computer could be used to execute the algorithm that the researcher Peter Shor introduced in 1994 and which is able to “solve these problems quite efficiently”, no such computer is available yet.
However, the ANSSI recommends beginning to address the issue now for information that requires long-term protection (beyond 2030). As the threat of retroactive attacks cannot be ruled out, it points to “store now, decrypt later attacks”. They consist in recording encrypted communications today with the intention to decipher them when quantum technology will allow it.
ANSSI advocates “defense in depth”
To anticipate and defend against such attacks, organizations need to look at post-quantum cryptography (PQC) as an effective response. In other words, they should start to integrate algorithms that are resistant to post-quantum computing in their security architectures.
In 2017, the NIST initiated a process to select and standardize the most robust and efficient algorithms. Sixty-nine candidate algorithms were submitted in the first round. Fifteen were still in competition in the third round, which has just ended. At the outcome of the fourth and final round some time between 2022 and 2024, the agency plans to issue a recommendation regarding two or three algorithms that can be used for both encryption and digital signatures.
In its technical position paper dated March 14, 2022, the ANSSI advocates a post-quantum transition phase based on hybridization. In other words, it vows for the implementation of a hybrid key‑establishment or signature mechanism that combines the calculations of a recognized pre‑quantum public‑key algorithm and an additional post‑quantum algorithm. Hybridization will thus provide “defense-in-depth” protection during this transition phase, which is to start now and should last until after 2030.
As a pioneer in VPN and encryption technologies, TheGreenBow has been providing secure connections to its customers for more than 20 years. Averting the quantum threat is a new challenge that TheGreenBow must set out to tackle. That is why we are redoubling our efforts to integrate post‑quantum cryptography methods into our VPN Clients, so they are robust enough to withstand attacks from a quantum computer. We will naturally keep you up to date on the advances we make in this area together with our spearheading partners.
Get in touch
If you have a question or would like some more information, contact us today.