What is post quantum cryptography?
Quantum technology is becoming more likely due to massive government and industry investment, coupled with rapid advances in hardware and software, quantum products will begin to hit the market.
At the Davos World Economic Forum (WEF) 2023, IBM Chairman and CEO Arvind Krishna urged people to start using quantum proof encryption today if they are worried that someone might decrypt their stored files 10 years from now. On the topic of quantum computing, Krishna said that IBM's latest quantum processors currently operate at over 400 qubits, and he estimated that the ability to break today's cryptography would be in the range of 400 to 1000 qubits.
IBM Qubit Roadmap
It’s important to note that post-quantum cryptographic algorithms do not require quantum computers to create or decrypt information between authorised parties. They protect “brute force” attacks using quantum computers against encrypted data. Not all current cryptography is vulnerable to attack using quantum computers. Symmetric cryptography, such as the AES security commonly used to encrypt files at rest, is not known to be at risk.
Our research and engineering work focuses on how private information and communications will be protected when more powerful computers, such as quantum computers, which can break that cryptography are available.
Our work is conducted in collaboration with academic and industry partners. The goal is robust, trusted, tested and standardized post-quantum cryptosystems.
Our experience with existing protocols and techniques for new cryptography takes into account:
- how frequently public keys are sent, relative to ciphertexts or signed messages using them
- how important computation speed is relative to bandwidth
The proposed cipher system also requires careful cipher analysis to determine if there are any weaknesses that an adversary can exploit.
You need to do all this quickly because you never know when today's classic encryption will be broken. Taking and replacing existing encryption in production software is difficult and time consuming. Add to this the fact that someone can store existing encrypted data and later unlock it once they have a quantum computer, and our task becomes even more urgent.
In the age of quantum security, organizations can integrate both traditional and quantum-enabled solutions in a hybrid mode. The benefit of this is having the security of existing solutions layered with new post-quantum technologies. This means that organizations are protected from quantum threats without completely relying on new algorithms that have not yet been standardized. In this regard, a quantum-resistant cryptographic provider who is familiar with various experiences and conditions of the field is required.
Image by European Union Agency for Cybersecurity (ENISA), 2022