Quantum Untangled: Why post-quantum encryption isn’t really about quantum
Theory will only take you so far.
Last week saw some of the brightest minds in the field of code-making and breaking gather at Oxford University’s Post-Quantum Cryptography Summit. The main topic of discussion, naturally, was the publication of the latest set of cryptography standards by the US National Institute of Standards and Technology (NIST) — cryptographic algorithms that, their creators ardently hope, will protect data from being exposed by the next generation of quantum computers.
What was especially surprising about the summit, though, was just how detached quantum computing is from the mainstream discussions taking place in cryptography. Yes, the latest NIST standards are intended to protect us in a post-quantum era where any nation-state or hacking group with access to a quantum computer will be able to crack open messages or websites protected by RSA encryption. However, the problem is that cryptographers do not have access to a quantum computer powerful enough to test any new algorithms they think are capable of resisting decryption by a quantum computer. Therefore, to paraphrase Cillian Murphy reciting lines by Christopher Nolan paraphrasing J. Robert Oppenheimer, theory will only take you so far.
Peter Schwabe agrees. A faculty member at the Max Planck Institute for Security and Privacy, Schwabe conceded that he’s not an expert per se in quantum computing. But, as he explained to me in one of Oxford University’s innumerable student canteens, his work has nonetheless featured heavily in many of the new NIST standards — and in some that didn’t quite make the final cut. “There were a few schemes that were really far out there,” Schwabe laughed. “They didn't build on anything that had been evaluated before.”
Then there was SIKE. Built by a mixed team of academics and engineers, the ‘Supersingular Isogeny Key Encapsulation’ standard was initially praised by NIST as “an attractive candidate for standardization because of its small key and ciphertext sizes.” Then it got cracked in half an hour by researchers using a nine-year-old Intel Xeon processor.
“It was expected that most of the early proposals would get broken quickly,” said Schwabe. But SIKE was different. Many in the cryptographic community assumed it would go on to become a new NIST standard — it had, after all, resisted decryption for at least a decade.
“Many people had tried to break it and failed,” says Schwabe. “Then, one group of researchers came up with the right approach at the right time.”
Quantum jitters
Meanwhile, the stakes are getting higher. The number of logical qubits capable of being harnessed by quantum computers increases with every passing year, pushing us ever closer to ‘Q Day’ and making Harvest Now, Decrypt Later attacks all the more enticing for the more enterprising hackers out there. Classical computers, too, are getting better at cracking encryption standards. “If you have messages in the past encrypted with RSA 512, they would be dead now,” Schwabe told me.
There are plenty of fresh ideas, though, about how to make cryptographic algorithms more resilient. My day in Oxford included, for example, a presentation by PQShield of their proprietary oscilloscopes, designed to listen for patterns in electrical current that might indicate if decryption is being attempted by an outside party – much like placing a microphone in a vault and listening for the telltale clicks of a dial being turned to open a metal safe.
Most experts believe that it won’t be until the early 2030s before truly transformative quantum computing makes its debut. In the meantime, the new versions of AES and the recently confirmed NIST standards will slowly replace those crypto algorithms currently built on RSA and elliptic curves. And as companies adapt – and they’re doing so already – post-quantum cryptography will become simply your common variety, vanilla, no-adjective-needed cryptography.
Partner Content
The security challenges of digitalising the energy grid - Tech Monitor
How do we restore trust in the public sector? - The New Statesman
Brands must seek digital fashion solutions - Tech Monitor
The new to direct capital deployment to decarbonise household electrification - Capital Monitor
What factors drive data centre vendor selection? - Tech Monitor