Preparing for the Era of Post-Quantum Cryptography

Originally published by HCLTech.

Written by Girish Kumar Vaideeswaran, Data Security Consultant, Data Security and Data Privacy, Cybersecurity, HCLTech

Computers! What an innovation it has been, incepting from the general-purpose ENIAC, which was approximately housed in a 2000 square foot space weighing around 30 tons, to the currently hand-held computing devices which are multifold powerful accomplishing tasks in a jiffy, which were considered herculean back then. They say history repeats itself, and we are back into the serious research phase for the past two decades on advancing the speed of these computing systems. And it’s a no-brainer we are talking about quantum systems analogously they, too, are enclosed in a 500-square-foot airtight glass structure.

Gone are the days, wherein, if one would have keenly noticed, earlier generation computers used to have a dedicated toggle switch called the “TURBO” control. This was to slow down the processing speed so that the software ran at the desired speed it was programmed for. Now, this whole scenario has changed, developer software languages and applications have evolved to such an extent that applications are hungry for more of those computing cycles to deliver faster, safer, and more robust applications. There are no limits to computing powers, and the usage of computing has improved the lives of people in the fields of e-commerce, medical and life science, analytics, space research and defense systems.

Those were all the good parts we have reaped until now, which were the outcome of the evolution of computers. On the contrary, it’s common and important to consider and plan safeguards to wean off the cons arising out of these advancements. Yes, we bring your attention to the post-quantum computing era, where bad actors are always on the edge, trying to slip in via loopholes to compromise systems and one of the key factors that might be assisting them in the near future, potentially, is the power of computing. With the evolution of quantum Computers and a view on the post-quantum cryptography world, where many speculate that quantum systems can break the current public key infrastructure that safely fuels the world of the internet.

Imagine those seamless banking transactions, hassle-free online grocery shopping or the awaiting list of e-commerce shopping carts, stripped bare! It’s unthinkable, right? That’s what these powerful quantum machines are envisaged to break through and decrypt the protected data stored and transmitted across the world, without the possession of the private keys.

Advancements in quantum computing

Researchers on quantum computing have already hit the 400-qubit mark and are heading toward the 10k-qubit mark by 2024. Added to this, major developments are expected to improve the qubit quality by transitioning from physical qubits to error-corrected logical qubits for real-life computing, mitigating the noise in the quantum circuit and bringing in modularity that will help to scale the performance.

Development of new cryptological standards

Post-quantum cryptography is all about quantum-proof cryptographic algorithms that are resistant to quantum attacks and fit in existing encryption standards, so both can coexist and operate in a hybrid manner. Initiatives such as the Open Quantum Safe Project and the NIST Post-quantum Project are deeply focused on developing these quantum-resilient algorithms and peer-reviewing them. The cryptanalysis phase, which may extend for years, helps determine whether the proposed algorithms are safe and secure for real-life purposes. Though we have seen significant research in the field of PQC, there are still no robust quantum-resistant algorithms. Also, quantum-resistant computes will require very large key sizes, typically twice the key size of current PKI, which in turn will lead to a visible performance overhead in terms of time required to perform cryptographic operations and increased usage of other hardware resources like memory, storage, and networks.

So, the following are the three key stands that every organization should enforce to stay vigilant in the forthcoming quantum era:

1. Being aware and agile of the latest developments in the post-quantum standards and building up a plan for adopting/transitioning to post-quantum cryptographic standards and practices.
2. Ensure to have a view on the crown jewels and critical data stores out of the inventory which must be guarded from the “harvest now, decrypt later” attacks.
3. Ensure systems that are using public key cryptography, have additional guardrails to detect, protect and deter from quantum-based cyber-attacks.

Presently, there are no quantum computers of large scale, enough to break current public key encryption standards. Though the crypto era seems delayed, the buzz around advancements and developments cannot be ignored. It is always better to stay vigilant and operate strategically to be quantum-resilient rather than to time the occurrence of cyber-attacks arising out of evolution in quantum computing.