Several recent studies have claimed to demonstrate that quantum-resistant encryption is possible. This includes the use of a symmetric-key algorithm with enough strength to withstand anticipated quantum computing attacks. These algorithms include the NTRU and SIDH algorithms, which can produce a key in less than one. Other schemes include Rainbow and the Goppa-based McEliece.
CNSA Suite mandates symmetric algorithms with sufficient strength to resist anticipated quantum computing threats
Using quantum computing to answer complex questions has become a growing concern. It is important to consider if the asymmetric cryptography algorithms that you use are sufficiently strong to protect your confidential data.
Elliptic curve cryptography is a popular asymmetric encryption system. The underlying hardware must include a mechanism to verify digital signatures.
Many asymmetric encryption algorithms are relatively safe today. Using Quantum resistant encryption to break an asymmetric algorithm is an effective attack vector. Cybercriminals will likely target these algorithms first.
However, these algorithms are not as efficient as the algorithms employed in quantum computing. Quantum computers use complex mathematical equations to compute a single answer. In contrast, a classical computer performs a series of individual equations. Therefore, calculations to break an asymmetric encryption algorithm take a very long time.
Asymmetric cryptography methods are often used to secure the distribution of software updates over a network. They can be used for applications that require the secrecy of large volumes of information. However, these techniques are likely to be more costly than other forms of encryption. RSA encryption techniques are expected to be used in applications where sensitive data is at stake.
The best asymmetric cryptography algorithms are the one-time pad encryption algorithm and the elliptic curve algorithm. While these methods are not broken, they require a unique key for every message. In addition, they are more expensive to run than other methods.
Other algorithms are worth considering. These include the Advanced Encryption Standard (AES), the Advanced Encryption Algorithm (AED), the Advanced Encryption Modifier (AEM), and the AES-encrypted data (AES-ED) algorithm. The AES algorithm is arguably the most effective, although it has some performance issues.
Ring-LWE, NTRU, and SIDH algorithms provide key sizes in under 1KB
Several different cryptographic algorithms provide key sizes of under 1KB, including Ring-LWE, NTRU, and SIDH. These algorithms offer strong security with a small number of bits, which can be useful for applications in messaging security.
For example, the fractal Merkle tree algorithm requires public and private key sizes of 36,000 bits, but its ciphertexts are only about half that size. On the other hand, a hash-signature algorithm uses public keys under 5KB. Both algorithms have been tested by HSM vendors.
Another algorithm, called Learning with Rounding (LWE), uses a derandomized version of the ring-LWE algorithm. It eliminates small errors from the Gaussian-like distribution, which improves bandwidth and speedup. The proof size is reduced by 75%.
These algorithms also provide provable security reductions, which mmakesthem practical. However, implementing them is a challenge. In particular, the hardness of the s is dependent on the size of the ||x||. This is a problem known to be NP-hard.
These algorithms have been used in the design of quantum secure digital signatures. Researchers have created two different quantum secure digital signatures based on supersingular elliptic curve isogenies. However, these are not patentable.
A design for authenticated key exchange with provable forward security was presented at Eurocrypt in 2015. It is an extension of HMQV construction in Crypto2005. Unlike the original design, which required 5800 parties per shard, the new design requires just 1713 parties in the worst case with maximal corruption.
Dual Pairing Vector Spaces exploit the Product-Preserving Lemma and provide strong privacy properties. In addition, they provide security proofs under the SXDH assumption.
Another important aspect of multi-party computation is parallel computation. This is important for a wide class of secure computations, including secure graph analysis. It is also important for scalable E2E secure applications.
Thales Post-Quantum Crypto-Agility Risk Assessment Tool
Considering that the post-quantum era is just a few years away, it is essential to start planning today for how to protect your organization’s sensitive data. A free risk assessment tool is available to help you determine if your organization is at risk from quantum-based security threats.
The first step is to assess your organization’s current crypto maturity. This involves evaluating your organization’s use of vulnerable cryptography and determining your cryptographic assets.
Among other things, you will need to assess the expiry date of your encrypted data and the crypto-agility of your IT infrastructure equipment. The joint DHS-NIST roadmap also suggests a detailed risk assessment that prioritizes the systems that will be most vulnerable to quantum-based threats.
Quantum computing has already started to impact many industries and areas. It will likely impact defense, medical research, e-commerce, urban planning, and weather prediction. In addition to those industries, government agencies will be at risk as well.
A recent survey conducted by Thales revealed that 73% of respondents recognize quantum computing as a significant cybersecurity threat. However, the general public is more inclined towards the benefits of quantum technology. This means that it is less obvious to the general public that quantum computing poses a threat to public key infrastructure.
Crypto-agility is a measure of a system’s ability to adapt cryptographic algorithms. This includes the ability to change key size and algorithm without compromising security. It also enables the rollout of cryptography throughout an entire organization’s environment.
Among other things, quantum computing will break many current encryption algorithms. Therefore, organizations will need to prepare for the post-quantum era by designing algorithms that can withstand quantum computers.
To do this, you will need to incorporate crypto-agility into your system design methodology. It is important to remember that all algorithms will fail with time.
Grover’s algorithm is the best quantum attack against QKD
ANSSI (the French national cybersecurity agency) has weighed in on the quantum key distribution debate. Specifically, the group has produced several guidelines and recommendations on cryptographic key management. Among these, one of the more interesting is that of the aforementioned bounded-quantum-storage model. This model essentially restricts the ability of an adversary to store a large quantum set. In this way, it is secure against adversaries who are unable to store a set of qubits.
The ANSSI is also involved in several other related endeavors. The organization has been one of the most prolific movers and shakers in post-quantum cryptography. The agency is working on several key areas of interest, including quantum key distribution, key establishment, and digital signatures. These areas are crucial to a secure quantum internet, and the organization is resolute in its mission to protect national security.
The most important part of the equation is that ANSSI is not the only authority to take a long hard look at the quantum cryptography game. There are several governments with a stake in the game, and a number of position papers have been produced. The ANSSI has compiled its own set of guidelines and recommendations addressing a wide range of topics from quantum key distribution to encryption schemes. It has also published several other technical papers on the topic. These include a comprehensive survey of quantum cryptography and a survey of the aforementioned bounded-quantum-storage method. The organization plans to keep up its good work in the post-quantum arena.
Conclusion
The aforementioned bounded-quantum-storage technique is just the tip of the iceberg, and there are many more studies to be done. Some of these are less abrasve, and focus on developing more practical device-independent QKD schemes.