Quantum Computing and Existing Encryption
In May 2019, we explored how the advent of practical quantum computing will lead to all current encryption algorithms being rendered obsolete. Since these algorithms are the base for all current internet and cyber security, the prospect of this has resulted in a rapidly growing focus on the practical means of implementing quantum-proof encryption algorithms.
[When was the last time you thought about your cyber security?]
The Strive Towards Cryptography Standardisation
The cryptography community – which comprises academics, private sector companies and government agencies – is collaborating on reaching the goal of post-quantum cryptography standardisation. This standardisation will be central to ensuring future cryptographic systems will be resistant to quantum computing, particularly important to enterprise cyber security. The lead in this is the US National Institute of Standards and Technology, otherwise known as NIST.
One of the paradoxes of the cryptography community is, while the essence of cryptography is keeping secrets secret, the algorithms used for post-quantum encryption are well-known and largely in the public domain as open-source.
For widespread acceptance, leading to standardisation, there needs to be unequivocal and unanimous trust in both the integrity and effectiveness of the algorithms used. In keeping with this idea, the homepage to the Microsoft Post-Quantum Cryptography website says:
“Our work is open, open-source, and conducted in collaboration with academic and industry partners. The goal is robust, trusted, tested and standardised post-quantum crypto systems”.
There are a large number of post-quantum algorithms available as open-source – the original long list for the NIST standardisation project totalled 69 proposals, but this was narrowed down to 26 in January 2019 to what NIST calls the Post-Quantum Semi-Finals.
What are the NIST looking for?
A colossal amount of work – in some cases over many years –has gone into the semi-final algorithms from some of the world’s leading mathematicians. There is little doubt that these algorithms are technically capable of resisting hacking by a quantum computer no matter how many qubits are applied to the task.
However, in the world of quantum mechanics, where Schrödinger's cat can be alive and dead at the same time, nothing is certain. Indeed, the fundamental basis for quantum computing is quantum error correction. The correction enables calculation with certainty by using the effects of uncertainty.
It is therefore not surprising that NIST will be hedging its bets in reaching its standardisation goal. NIST mathematician, Dustin Moody, is quoted in the NIST semi-finals announcement as saying:
"A wide range of mathematical ideas are represented by these 26 algorithms. Most fall into three large families– lattice, code-based and multivariate – together with a few miscellaneous types. That's to hedge against the possibility that if someone breaks one, we could still use another"
It’s interesting that he says “someone” rather than referring to a quantum computer, a reminder that people are working towards the antagonistic goal of undermining all current cyber security. Challenging the underlying basis of post-quantum algorithms is a major preoccupation of many mathematicians working in this area.
Which Algorithms will Win Out?
The deciding factor of which algorithm (or perhaps, algorithms) wins the NIST Post-Quantum Cup Final will almost certainly, therefore, be practicality. As a result, the semi-final will be focused primarily on performance. Dustin Moody explains: “We want to look at how these algorithms work not only in big computers and smartphones but also in devices that have limited processor power. Smart cards, tiny devices for use in the Internet of Things, and individual microchips all need protection too. We want quantum-resistant algorithms that can perform this sort of lightweight cryptography.”
It is becoming increasingly clear therefore that it's not the raw maths of the algorithms that will be the decider in the NIST standardisation final but the winner’s ease of deployment and efficiency in use. What is certain, even in the uncertain world of quantum mechanics, is the necessary migration away from the encryption algorithms that have served us since almost the birth of the internet. We need to begin using post-quantum encryption methodologies well before the dawn of practical quantum computing.
We will keep you posted!
But don’t forget there are current cyber security threats which pose a risk to your business. Learn more about 4D’s cyber security solutions here, or for cyber security advice talk to one of our experts.