Quantum Untangled - A new VPN protocol hopes to fill quantum security gap
Protecting data in transit from future quantum hacking
Harvest Now, Decrypt Later (HNDL) is cybersecurity’s latest trending term. This particular piece of alphabet soup refers to the prospect of hackers stealing secure, valuable data today with the hope of cracking it in the future using a quantum computer. That day has yet to dawn, with quantum computers currently unable to muster enough logical qubits to even come close to breaking RSA encryption – but a new VPN protocol has been released designed to secure that data now, before much more of it falls into the hands of your Feynman-loving, Quantum Untangled-reading cybercriminal.
Approved by the Internet Engineering Taskforce (IETF), a not-for-profit organisation responsible for setting many of the security standards widely used across the internet, the new Hybrid PQ VPN is designed to be a feature of all future VPN software. Written by CJ Tjhai, CTO and co-founder of quantum security company Post Quantum, the protocol can allow connections to be secured using a range of classical or so-called ‘quantum secure’ algorithms, such as the US’s Kyber formulation or France’s Frodo standard. Those on either side of a given exchange taking place on the internet will be able to select the standard that best matches their security needs.
“The idea is that when you set up a VPN connection, both parties need to negotiate," says Tjhai. "As part of the negotiation process you could say, ‘I speak classical but not quantum,’ so you'd have to both use classical. Or, you both speak quantum and use quantum."
The aim of the VPN protocol is to allow companies holding highly sensitive data, such as financial payment information, military secrets or commercially sensitive material to secure their content against HNDL attacks. A million-plus qubit quantum computer capable of cracking RSA is unlikely to be available for a decade or more, but security experts warn of an urgent need to protect data today. Protection against HNDL is also a key tenet of the new US Quantum Computing Cybersecurity Preparedness Act.
The Hybrid PQ VPN has already been adopted by the Banque de France and Deutsche Bundesbank to secure payments messages, and by NATO to secure some of its communications, too. While Tjhai says it was initially an uphill battle to convince the IETF of the need for a quantum secure standard to be built into VPNs, he remains confident that taking a hybrid approach to the problem of HNDL attacks is a safer strategy than simply waiting until a fully quantum secure ecosystem is in place.
“Most quantum security threats come from the actual data in transport, not at rest,” explains Tjhai. “The IETF standard tells you how to upgrade from what we have now to the post-quantum world.”
The need for interoperability
Tjhai’s colleague, Post Quantum’s executive chairman Andersen Cheng – who, by the by, claims to have been the first to coin the term ‘Harvest Now, Decrypt Later’ – argues strongly for a renewed focus on interoperability across the post-quantum security landscape. “We are entering a period where different countries are now recommending different encryption algorithms,” says Cheng. As such, “engineering our communications infrastructure to be interoperable and backward compatible is absolutely crucial.”
Tjhai argues that the focus up to this point has been on the post-quantum encryption algorithms themselves, usually when they’re proposed as standards by NIST and developed by countries and companies around the world. This, however, won’t be enough to defend against HNDL attacks (some are even being broken using classical machines.) “NIST’s new algorithms are only useful if we have agreed standards for their use and mature products that can accommodate them,” he says.
Down the line there will be a need to create a fully quantum secure ecosystem, one where everything from personal identity to routers are secured against the immense, almost unknowable computational potential of a quantum computer. But, for now at least, this seems to be a viable solution to an immediate risk.
Partner content
Unlocking new possibilities in data centre operations - Tech Monitor
Defining a Kodak culture for the future - The New Statesman
Brands must seek digital fashion solutions - Tech Monitor
Green bonds and the urban energy transition - Capital Monitor