The Future of Cybersecurity: Post-Quantum Cryptography (PQC)
FIBK
SandboxAQ’s Marc Manzano: the impact of quantum computing on cybersecurity and the urgent transition to new cryptographic standards
Quantum computing is one of the most promising technologies for the future, although we still do not have solutions that are sufficiently robust, reliable and scalable. Many research centers and companies are devoting titanic efforts and heavy investments to accelerate marketing, as revealed in our Future Trends Forum Quantum and Artificial Intelligence: The Silent Revolution. In this think tank, which brought together more than forty experts, including scientists, researchers, entrepreneurs and industry leaders, included Marc Manzano, protagonist of our last webinar on post-quantum cryptography, a topic of great relevance in the world of technology and cybersecurity.
Could quantum computers break current cryptographic algorithms? What dangers are lurking in this case? When could it happen? What kind of measures can be taken in the face of this new cybersecurity threat? Are there already robust algorithms against quantum computers? Is it necessary to do something now? Marc Manzano answers these and other questions in this webinar, which you can watch here:
Marc Manzano is the leader of SandboxAQ’s quantum security group. Previously, he has led the development of numerous secure cryptographic libraries and protocols. He has been a senior software engineer at Google and vice president of the cryptography research center at the Institute of Technology Innovation in the United Arab Emirates. He holds a PhD in computer network security and began his research career in the UK, where he completed his degree in computer engineering. Undoubtedly, his experience and knowledge position him as an authoritative voice on the topic we are discussing today.
Here is a summary of this interesting webinar, which discusses, among other things, how companies can prepare for the quantum era from a cybersecurity perspective:
SandboxAQ: Innovation at the intersection of quantum physics and AI
SandboxAQ is a company that emerged from within Alphabet by the hand of innovator and entrepreneur Jack Hidary, its current CEO and tech expert extraordinaire. After years of working within Google, he spun off in 2022. SandboxAQ is chaired by Eric Schmidt, former CEO and chairman of Google, and it is dedicated to solving problems at the intersection of quantum physics and artificial intelligence. Their areas of work include simulation and optimization, where they collaborate with pharmaceutical companies in drug development; the development of quantum sensors for health and navigation; and, of course, the quantum security department, led by Marc Manzano.
Introduction to quantum computing
Quantum computing represents a revolution in computing. It holds the promise to transform the way we process and manage information. Unlike classical computers, which use bits to store and process information in defined states of 0 or 1, quantum computers use qubits. These qubits have the peculiarity of being able to exist superposed, which means that they can simultaneously represent both 0 and 1. This characteristic is commonly visualized through the Bloch sphere. In this representation, a qubit is shown as a vector within the sphere, and its position indicates the probability that the qubit, when measured, will result in either a 0 or a 1. During quantum calculations, the qubit can move around the Bloch sphere, existing in a superposition of states. However, at the end of the calculation, when the qubit is measured, it collapses to a defined state of 0 or 1, depending on its position and probability.
What makes quantum computing so powerful is precisely this superposition capability. It allows a quantum computer to perform multiple computations simultaneously, offering exponentially faster processing potential on certain tasks compared to classical computers.
An illustrative example of the difference between classical and quantum computing is the representation of the caffeine molecule. This molecule, composed of 24 atoms, would require 1048 bits to be represented by a classical computer and only 160 qubits to be represented by a quantum computer.
Security against quantum computers
This capability of quantum computers has profound implications in the field of cryptography. Some cryptographic algorithms that are widely used today, such as RSA (from the initials of its creators: Rivest, Shamir and Adleman) and DH (Diffie-Hellman)could be vulnerable to attacks by quantum computers. For example, Shor’s algorithm could break RSA and DH cryptography. However, other current algorithms such as AES y SHA-3 are not affected by Shor’s algorithm because they do not have a defined mathematical structure. In these cases, it is Grover’s algorithm that could speed up the decryption process, although not lethally.
Given this situation, it is clear that asymmetric cryptography is greatly affected by Shor’s algorithm, while symmetric cryptography could be affected by Grover’s algorithm. One solution adopted by the cryptographic community has been to double the key size in symmetric cryptography to counter the effect of Grover’s algorithm.
But when will the threat of quantum computers become a reality? Although companies such as IBM and Google are investing significantly in the development of powerful and stable quantum computers, it is generally estimated that these devices could arrive within 10 to 30 years. However, it is crucial to start preparing now, especially considering phenomena such as SNDL (Store Now Decrypt Later). In this scenario, an attacker could be storing encrypted information today in the hope of decrypting it in the future when quantum computers become available.
In short, security in the face of quantum computers is a vitally important issue that requires immediate attention. It is essential to understand the potential threats and start working on robust solutions to ensure the integrity and confidentiality of information in the quantum era.
Post-quantum cryptography
Post-quantum cryptography (PQC) refers to cryptographic systems designed to be secure against the potential threat of quantum computers. These systems seek to replace or complement traditional cryptographic systems, such as RSA, which are considered vulnerable to quantum attacks. The following are the types of algorithms being developed in the field of PQC, along with a brief description and their pros and cons:
Lattice-based cryptography (LBC):
It is based on the difficulty of solving a shortest vector problem. The mathematical problem is to try to find which are the two shortest vectors that end up generating the same grid as two other given vectors.
Advantages: They are very fast and use relatively small keys.
Cons: Although promising, they have only been released for a short time, which means that they have not been thoroughly tested by the community for robustness.
Code-based cryptography:
Based on the difficulty of decoding a linear code.
Advantages: They can encrypt extremely fast.
Disadvantages: The keys required for this type of encryption are enormous, which has been an obstacle to its wide-scale adoption since its introduction in the 1970s.
Cryptography based on isogenies:
Based on the difficulty of finding an isogeny (mapping) between elliptic curves.
Advantages: The key size is very small, making it efficient in terms of storage and transmission.
Disadvantages: Despite its efficiency, it has only been published for a short time, which means that it still needs to be subjected to further testing and analysis by the community.
Cryptography based on multivariate equations:
Based on the difficulty of solving systems of polynomial equations with multiple variables.
Advantages: Private keys are short, making them easy to manage and store.
Disadvantages: Public keys are very large, which can be challenging in terms of transmission and storage.
Cryptography based on Hash functions:
It is based on the security properties of one-way functions, such as SHA-3. The construction of a digital signature algorithm is performed using a Merkle tree structure.
Advantages: It has very small keys and are very secure schemes.
Disadvantages: It is very slow, and the resulting digital signatures are very large compared to current digital signatures.
It is important to note that while these algorithms offer promising solutions for the post-quantum era, they are still under development and more research is required to determine which will be the standard in the future. In addition, each algorithm has its own strengths and weaknesses, which means that we are likely to see a combination of these algorithms in use rather than a single “winner.“
Towards new standards in cryptography
Cryptography is constantly evolving, and with the advent of quantum computing, it is essential that new standards be established to ensure information security. Standardization bodies such as NIST, ISO, ANSI among others, play a crucial role in this process.
In the current context, NIST has two main standards: FIPS-186 for digital signatures and SP 800-56A and SP 800-56B for key exchanges. These standards, although robust in the context of classical cryptography, are vulnerable to attacks with quantum computers. Therefore, it is imperative to replace or adapt them to address quantum threats.
The process of standardizing post-quantum cryptography began in earnest after an announcement by the NSA in 2015, which urged the community to prepare for a transition to cryptographic post-quantum algorithms. In response, NIST initiated a standardization process and solicited submissions from the community. This process led to the submission of 82 proposals for key exchange and digital signatures. After several rounds of review and years of analysis, several algorithms were selected for standardization. Among them, CRYSTALS-KYBER for key exchange, to be called ML-KEM, and three algorithms for digital signatures: CRYSTALS-Dilithium (ML-DSA), SPHINCS+ (SLH-DSA) and Falcon.
In addition, there are other algorithms that are still under consideration and could be selected in the future, such as BIKE, HQC, SIKE and Classical McElience. It is important to note that although SIKE was proposed as a standard, it was very recently compromised and is no longer considered secure.
The standardization process is complex and time-consuming. However, it is essential to ensure that cryptographic systems of the future are secure and resistant to quantum threats. A combination of several algorithms used in different contexts, rather than a single “winner”, as we discussed earlier, is likely going forward. Adapting to these new standards will be a challenge for organizations, but it is a necessary step to ensure security in the quantum era.
Migration to Post-Quantum Cryptography
The migration to post-quantum cryptography is not simply a software upgrade. It is a complex, multifaceted process that will take several years and require meticulous planning and execution. Cryptographic migrations, in general, are not straightforward processes. For example, the migration from SHA-2 to SHA-3 in major Internet browsers has taken more than a decade.
It is essential to start this process as soon as possible, as there are many factors to consider. In the United States, for example, proactive steps are being taken. Aside from the NIST competition, the government has issued executive orders and mandates that are encouraging federal and government entities to prioritize the transition to post-quantum cryptography. As of this year, all U.S. federal entities must create a cryptography inventory and submit it to a central government entity.
In addressing migration, it is essential to consider several key aspects:
Cryptography Inventory: Organizations should identify and catalog all systems and applications that use cryptography. This inventory will help determine which systems need to be updated and which may require a complete overhaul.
Regulatory compliance: Organizations must ensure that any changes or updates comply with relevant regulations and standards.
Governance: It is crucial to maintain adequate control and oversight over migration systems and processes.
Agility: Organizations must be able to make changes without disrupting services. This requires careful planning and thorough testing.
Protection against quantum attacks: The main objective of the migration is to ensure that systems and data are protected against potential quantum threats.
While building complete, functional quantum computers may still be on the horizon, the migration to post-quantum cryptography is a proactive step. If, as a result, organizations manage to improve their management of cryptography and strengthen their cybersecurity, they will be better prepared to meet any future challenges, quantum or otherwise.
Post-quantum cryptography and geopolitics
The interest of quantum computing and post-quantum cryptography goes beyond the purely technical or scholarly, as it has significant impact on the international geopolitical scene. Different nations are investing and advancing at different rates in these areas, and this could have implications for national security, trade, diplomacy and other areas.
US vs. China: In the quantum race, China has taken the lead in terms of investment. With more than $10 billion invested in quantum computing, China has demonstrated a serious commitment to this emerging technology. However, in the field of post-quantum cryptography, the United States is leading the way. The NIST standardization process is a clear example of this leadership. On the other hand, China initiated a post-quantum cryptography standardization process in 2019 too. However, this process was much faster, lasting only 12 months. One of the winning algorithms was compromised shortly after being selected, indicating the challenges associated with rapid standardization.
Global implications: The adoption and standardization of post-quantum cryptography will have implications beyond cyber security. Nations that lead in these areas will have competitive advantages in terms of national security, trade and diplomacy. In addition, companies and organizations in these leading nations will also benefit from early adoption and being at the forefront of this technological revolution.
