Since it will not be very long before quantum computers are commonplace, people are already working hard on the security for this new situation. After all, it is very easy for these supercomputers to crack complex encryptions. An answer to this problem must be found. That is why an international team of researchers is already working hard to guide the transition towards secure data communication in the quantum era.
Among those working on the standardization for this kind of post-quantum cryptography is Peter Schwabe, who is involved on behalf of Radboud University. Schwabe is also affiliated with the German Max Planck Institute and works together with Dutch researchers at the Eindhoven University of Technology (TU/e) and the CWI – the Netherlands national research institute for mathematics and computer science. Even though it still may seem like looking into a crystal ball, a world with these ‘supercomputers’ is coming ever closer. The possibility of this happening within a time span of fifteen years cannot be ruled out, Schwabe contends.
The challenge has to do with the algorithm created by the American mathematician Peter Shor, which is capable of destroying the security of present-day cryptography. This is based on so-called integer factorization and discrete algorithms. His quantum algorithm succeeded in cracking contemporary data security. However, a quantum computer is required in order to do this.
But once they become available, then the cryptography of today can be ruled out. Protocols for secure email, VPN, online banking, e-commerce, you name it, will all become worthless. In technical terms, it is therefore imperative that post-quantum schemes be developed with asymptotic cryptography designs that are (hopefully) impervious to attacks by quantum computers.
“A project has been underway since 2016 initiated by the American National Institute of Standards and Technology (NIST) that aims to develop a standard to keep digital communications secure. Four security algorithms haverecently been selected now that can withstand the computational power of quantum computers,” Schwabe goes on to explain.
Getting this far was a long road for the mathematicians. The work started six years ago with 69 proposals. So, out of those, four now remain. Three of them are focusing on an approach for digital signatures, one counts as a standard for encryption of public keys. Public-key cryptography, also sometimes called asymmetric cryptography, is a system that uses key pairs to encrypt and authenticate information.
A public key is one of two keys used in asymmetric cryptography. With this method of information encryption, two separate keys belong together: one for encrypting, and one for decrypting information. Unlike the secret key, the public key is intended to be exchanged with the person whom someone wants to communicate with.
A digital signature is a method for confirming the accuracy of digital information which uses, for example, asymmetric cryptography techniques.
Crystals-Kyber, Crystals-Dilithium and SPINCS+ are three security algorithms developed by an international team of researchers that includes Schwabe. The fourth algorithm is called Falcon. The four winning algorithms will become part of the standard for post-quantum cryptography developed by NIST. These are expected to be ready within two years.
Protection against attacks
According to Schwabe, more than one winner was chosen for reasons relating to flexibility. The selected algorithms were developed using a diverse set of underlying mathematical problems with varying levels of performance depending on what they are used for.
“The reason why post-quantum cryptography is so important? Because it concerns the future and the past. Think about governments or important services that need upgraded security to protect against future attacks.”
Nevertheless, Schwabe warns, today’s Internet traffic that is now being established is also vulnerable. What is considered secure now will no longer be so in the not-too-distant future. By then, digital communication from the past can be cracked with the help of quantum computers.
Which is why you have to worry now about something that won’t happen for several years. Since, for instance, the Internet traffic of today will not be secure in the near future. The transition to a good standard of security is going to take a long time. Standardization, implementation and adoption are all expected to take a substantial amount of time too.
What is special about the work of Schwabe and his colleagues is that they are carrying out fundamental research, with the aim of doing something that everyone will soon have to contend with in practice: secure digital communication in the quantum age. At present, sensitive information can already be encrypted with post-quantum cryptography to provide a higher level of protection so as to ensure that it is also secure in the future.
The mathematical brilliance required to do this quickly gets too complicated to explain to a lay audience. Although one of the obstacles that the researchers encounter along the way is how to keep the algorithms manageable in practice. Schwabe: “Security and bandwidth requirements, i.e., size and speed, have to be weighed up against each other. Those vary for the different approaches to post-qantum cryptography.”
All the same, that level of security needs to be in place. “There are more applications that people are not always aware of how important it is to have secure digital communications. In principle, all kinds of devices are developed with the assurance of updates throughout their life cycle. Just think of cars, which these days are basically becoming more and more like computers on wheels. This is another area where the configuration to keep a car up to date must remain secure.”