NEWS: Logpoint Acquires Muninn
Why is post-quantum cryptography (PQC) important? Well, it's all about safeguarding your sensitive data in the face of future quantum computing advancements. As traditional encryption methods might become vulnerable – and quite frankly redundant -, post-quantum cryptography steps in to make sure your data remains secure.
Simply put, quantum computing's immense potential to revolutionize speed and processing power of computers also poses a serious threat to existing cybersecurity. Many experts and scientists now believe it to be merely a significant engineering challenge and that it could unravel our current encryption methods, leaving our sensitive data exposed.
Post-quantum cryptography is a part of the efforts to ensure we will have quantum-secured technologies before ‘Q-Day’ – the point at which quantum computers are able to break existing cryptographic algorithms. These efforts include various evolving techniques aimed at keeping data private, from personal passwords to bank details or crucial access to sensitive facilities. Without this safeguard, the world as we know it, reliant on secure information and access, would be at risk of functioning.
The challenge humanity faces lies in our reliance on pre-quantum cybersecurity built on public-key technology.
Public-key encryption is a cryptographic method that uses two keys, a public key and a private key, to secure communication over insecure channels. Each user has a pair of keys: the public key, which is freely distributed and used to encrypt messages, and the private key, which is kept secret and used for decryption. Messages encrypted with a recipient's public key can only be decrypted using their corresponding private key, ensuring confidentiality and authenticity in digital communication. This technology is the backbone of secure online transactions, data transmission, and confidentiality in any online space.
Essentially it is like twenty linked Rubik's cubes: altering one affects all, yet each starts with a different configuration. Solving these puzzles collectively demands significant computational skills and time—time crucial for security teams to detect and thwart potential hackers while alarms blare. This works well when everyone uses similar computers, maintaining a balanced playing field.
However, the impending speed of quantum computing arises from its ability to handle enormous computations and numbers simultaneously. Unlike traditional systems, quantum computing's unparalleled capacity threatens to decode these encrypted data sets before you can even start a countdown, making passwords basically irrelevant.
That's the theory, at least. We can't know for sure if quantum computing will indeed achieve that. If the apocalyptic scenario of quantum computing decrypting everything secured by public-key encryption becomes a reality, we'll feel quite foolish for a hot minute right before the world plunges into chaos and a primitive, non-computer dystopia.
Besides public-key encryption; there's also the individual-specific private-key. In short, private-key encryption employs a single key for both encrypting and decrypting messages. This shared secret key is used by both the sender and recipient to encode and decode information. It's efficient for secure communication between trusted parties but requires the key to be securely exchanged beforehand. Private-key encryption is commonly used for secure data storage, in VPNs, and for securing sensitive information within closed systems.
However, widespread belief suggests that if quantum computers crack public-key cryptography, the private-key encryption will likely be a simple warm-up before moving onto the more complex challenges.
It is urgent that we counter-develop to prepare for the quantum computing era by adopting post-quantum cryptography. But what exactly is the purpose of post-quantum cryptography? What does it entail and how can we implement it?
The functioning of post-quantum cryptography depends on understanding its possible purpose and guessing right what quantum computers will be capable of.
Basically, pre-quantum public-key cryptography typically relies on three mathematical problems: the integer factorization problem, the discrete logarithm problem, and the elliptic-curve discrete logarithm problem. A more in-depth explanation on this can be found online.
Post-quantum cryptography will most likely still revolve around public-key methods at its core. However, the aim is to only focus on a selection of alternative techniques. This shift arises from the anticipation that quantum computers will easily overcome existing security challenges using algorithms like Shor’s algorithm, which is used to solve the three above mentioned mathematical problems.
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure, which means transitioning from current cryptographic standards to quantum-safe alternatives won't happen overnight. So, if we were to establish a new system, we had better start the process already. Hence why, in 2016 the National Institute of Standards and Technology (NIST) launched a competition aimed at identifying and establishing the most robust post-quantum cryptographic algorithms. Picture it as a showdown where encryption techniques vie against quantum adversaries to showcase their efficacy. These algorithms undergo meticulous examination and trials to eliminate the ones not being able to withstand the decryption-attacks.
There is a range of public-key algorithms that promise to offer post-quantum cryptography:
Lattice-based cryptography
Lattice-based cryptography stands out in this domain. Specifically, NTRU lattice-based cryptography, a public key cryptosystem, has gotten some attention due to its extensive testing on current computers, and its resilience against years of decryption attempts. Particularly a variant known as the Stehle–Steinfeld version, is being called a potential frontrunner for post-quantum cryptographic standards by the Post Quantum Cryptography Study Group and the European Commission
Hash-based cryptography
Hash-based cryptography has existed since the 1970s, leading some to believe it might be inadequate against future quantum computer threats in the 2020s or 2030s. However, their inherent nature as substitutes for numerical digital signatures could have a significant relevance in post-quantum cryptography. While it currently receives less attention compared to lattice-based cryptography, there's potential for evolved versions of signatures like Lamport or Merkle to contribute significantly to the post-quantum era.
Supersingular elliptic curve isogeny cryptography
This tongue twister, supersingular elliptic curve isogeny cryptography, could indeed offer advantages in terms of forward secrecy, particularly in evading mass surveillance by hostile governments. It essentially presents a quantum-resistant adaptation of the already extensively used public-key cryptography version, the elliptic curve Diffie-Hellman key. This makes it a promising and minimal-effort upgrade.
Symmetric key quantum resistance
An existing alternative that's already in practice: symmetric keys. While public-key cryptography differs from symmetric key cryptography, the latter is currently in use and anticipated to resist quantum intrusion. Consequently, numerous organizations propose a complete substitution of public-key cryptography with symmetric key cryptography.
But this will stay a theory only until we are able to determine whether this shift will offer a lasting solution until post-quantum cryptographic algorithms undergo testing with quantum computers in practical settings.
Code-based cryptography
Another prospect endorsed by the European Commission; code-based cryptographic algorithms often depend on error-correcting codes. Interestingly, the McEliece signature algorithm has defied decryption attempts for over four decades, leveraging random codes. Attempts by researchers to impose more structure on the McEliece signature consistently led to reduced strength and stability, implying that valuable randomness might have a significant role in post-quantum cryptography.
Multivariate cryptography
Considered a bit of a gamble in the current group of solutions, multivariate cryptography operates precisely as its name suggests—using cryptography founded on solving multivariate equations. However, its current iteration hasn't demonstrated notable effectiveness in testing. The principle of making public-key cryptography slightly more intricate might not endure beyond a few iterations in the face of fully operational quantum computers, at least in its current form.
In July 2022 and after several rounds of selection, NIST announced the four encryption algorithms, three of them being Lattice-Based and one being Hash-Based, that would form its PQC standard. The CRYSTALS-Kyber algorithm was chosen for general encryption (access to secure websites) and CRYSTALS-Dilithium, FALCON and SPHINCS+ were selected for digital signatures. NIST then requested the industry’s feedback on the draft documents before November 2023 and we are expecting that the standards will become the global benchmark for quantum-resistant cybersecurity across the world in 2024.
Currently the concept of employing more intricate mathematical approaches has its appeal. Even if, for instance, the apocalyptic scenario of quantum cryptography doesn't unfold as dramatically as some of us predict, post-quantum cryptography might still carve out a future with stronger cybersecurity.
But regardless of the algorithms that best withstand the power of new quantum computing, they will undeniably shape the trajectory of corporate, governmental, and personal cybersecurity for at least a generation. As identifying these options remains somewhat of a speculation for now, Muninn will keep a close eye on the development as it certainly will have a major impact on future-cybersecurity.
