An Introduction to Post-Quantum Cryptography
By Louise E. Turner
For years, computer scientists have relied on the same few secure encryption algorithms that were thought to be uncrackable. “Classical” computers (like the one you’re using to read this) are simply not powerful enough to break the common encryption methods used today. On the other hand, Quantum computers (specialized computers that function using quantum physics) are on track to become powerful enough to break these heavily relied upon encryption methods! (NIST)
Photo by Towfiqu barbhuiya on Unsplash
How is this possible?
Quantum computers function very differently from the classical computers that have been used for decades. Classical computers use binary bits (1s and 0s) to perform their calculations, whereas quantum computers use quantum bits (Qubits) instead. These Qubits can represent 1,0, and any number in between. Quantum computers also use probability to make their calculations as opposed to the deterministic method of classical computing. Where classical computers must solve problems one step at a time in a linear fashion, quantum computers use the properties of Qubits to solve problems by trying every possible solution at the exact same time! This incredible quality of quantum computers gives them the ability to solve problems that classical computers simply can’t solve in a realistic human time frame.
Why does this matter?
Because widely used encryption methods are secure to classical computers, they are implemented into most systems used worldwide. Current encryption algorithms are used to encrypt all network traffic, communications, and private data. If this encryption is broken, then all of this is at risk of being compromised including data related to critical infrastructure, military communications, and classified government documents, not to mention the communications that regular people make every day online!
What is Post-Quantum Cryptography?
Research into post-quantum cryptography (PQC) is aiming to develop cryptographic methods that a quantum computer cannot crack. These new cryptographic methods include:
Lattice-Based cryptography: Uses the combinations of vectors in a multidimensional space, a problem that is extremely hard to crack.
Multivariate cryptography: Uses multivariate polynomials that are difficult to solve to encrypt data.
Code based cryptography: Uses error correcting code and large key sizes to create secure encryption.
Hash based cryptography: Uses digital signatures constructed with hash functions to encrypt data.
(NIST)
In 2016, the National Institute of Standards and Technology (NIST) began their post-quantum cryptography project which encouraged researchers to submit potential quantum resistant cryptography methods for review and development. In 2022, four algorithms were chosen for test runs and are still being actively tested and improved today. NIST is aiming to have their four algorithms standardized by summer 2024. As with all post-quantum cryptography initiatives, NIST started this project to get a head start on PQC as soon as possible. It is currently estimated that a quantum computer powerful enough to break standard encryption is 5-20 years away. Initially, this seems like a long time to prepare, but when considering that it took almost 20 years to fully implement the current encryption standards, the time frame starts to become a bit more intimidating. (NIST)
So, what can be done right now?
Many companies have already begun the slow migration over to hybrid post-quantum cryptography. Because the current PQC algorithms are still under active development, organizations are opting to use a combination of PQC and standard cryptography to secure their systems. Service providers like Amazon Web Services have begun offering these hybrid models to customers. Although there is still a long way to go, every effort counts in the race for effective PQC implementation.