June 14, 2023

Post-Quantum Cryptography: The Complete Guide

QNu Labs

Data sent over public communication channels are secured using cryptography. It protects all kinds of electronic communications as well as passwords, digital signatures, and health records. The advent of quantum computers has put cybersecurity under a state of alarm. Large-scale quantum computers have the power to break public key encryption.

Encryption - Explained

There are two main types of encryption. Symmetric encryption requires a sender and a receiver to have identical digital keys to encrypt and decrypt data; asymmetric, or public-key, encryption uses a publicly available key to let people encrypt messages for a recipient who is the sole holder of the private key needed to unscramble them.

Sometimes these two approaches are used together. For instance, web browsers use public-key cryptography to check websites’ validity and then establish a symmetric key to encrypt communications.

The RSA cryptography uses long key pairs to prevent hackers from breaking the code. RSA 2,048-bit implementation renders a key that is 617 decimal digits long. Running through all the possible permutations to derive the private keys could take thousands, if not millions, of years on conventional computers.

Quantum computers use the principles of quantum physics, such as superposition, to compute data much faster than conventional computers. Without ‘quantum-safe’ cryptography defences in place, applications ranging from autonomous vehicles to military hardware, online financial transactions, and communications could be targeted by hackers with access to quantum computers.

Any business or government planning to store data for decades needs to evaluate the risks of this technology because the encryption could be compromised later. Robust defences on historical data take many years, so it would be better to apply these now. A big push to develop post-quantum cryptography is warranted.

Post-Quantum Cryptography

A new cryptography method has to integrate with existing protocols. A new cryptosystem must weigh:

  • The size of encryption keys and signatures
  • The time required to encrypt and decrypt on each end of a communication channel
  • The amount of traffic sent over the wire to complete encryption or decryption

The proposed cryptosystems also require careful cryptanalysis to determine the weaknesses that an adversary could exploit.

It is vital to ensure that the new standards are vetted by the community of experts and there is international support.

The National Institute of Standards and Technology (NIST), an American agency, prepared a cybersecurity framework laying out the ground rules for PQC.

In July 2020, NIST proposed eight alternate algorithms for PQC. Of them, lattice-based algorithms were robust for PQC.

The algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.

For general encryption, used to access secure websites, NIST selected the CRYSTALS-Kyber algorithm. The advantages are comparatively small encryption keys that two parties can exchange easily, as well as the speed of operation.

For digital signatures, often used to verify identities during a digital transaction or to sign a document remotely, NIST selected three algorithms.

Three of the selected algorithms are based on a family of maths problems called structured lattices, and one uses a hash function.

Hodos-PQC

The experienced team at QNu Labs developed a flagship PQC product called Hodos.

  • Generation of quantum-resistant keys
  • Quantum-resistant encryption of existing cryptosystems using NIST guidelines
  • With other QNu solutions, it scales up the security capability

Hodos Augments Quantum Security Systems

hodos-post-quantum-cryptography

Sources:

MIT

Microsoft Research

NIST