What is Quantum-safe Cryptography?

What is quantum-safe cryptography?

Quantum-safe cryptography, also known as post-quantum or quantum-resistant cryptography, refers to cryptographic algorithms that are believed to be resilient to quantum computer-enabled attacks. Current public-key algorithms, such as RSA and ECC, depend on the difficulty of computing the prime factors of large numbers and solving the discrete logarithm problem, respectively. In 1994, Peter Shor, an American mathematician, invented a quantum algorithm that efficiently solves these problems. However, doing so requires an adequately powerful quantum computer.

Industry experts agree that within 7-10 years, a large-scale quantum computer may exist that can run Shor’s algorithm and break current public-key cryptography causing widespread vulnerabilities. Quantum-safe cryptography utilizes five different areas of math considered quantum-safe: multivariate-based, code-based, hash-based, supersingular isogeny-based, and lattice-based.

What makes quantum-safe cryptography different from current public-key cryptography?

Quantum-safe cryptography is implemented mostly in the same way current public-key cryptography is, however, there will no longer be a “one-size-fits-all” algorithm similar to RSA or ECC because different algorithms provide different advantages.

The NIST Post-Quantum Cryptography (PQC) Standardization Process will result in draft standards for public comment available sometime in 2023, and final standards in 2024. NIST intends to standardize multiple algorithms for digital signatures to replace the signatures specified in FIPS 186-4 (such as RSA, DSA and ECDSA), as well as multiple key-encapsulation mechanisms (KEMs) algorithms to replace the key-establishment algorithms specified in NIST SP 800-56 A/B (such as DH, ECDH, MQV, and RSA OAEP.)

However, quantum-safe roots of trust using stateful hash-based signatures are trusted, mature, and available today. The algorithms have been standardized by NIST in SP 800-208 and are recommended for applications such as code-signing. Moreover, stateful hash-based signatures have been included in the NSA's Commercial National Security Algorithm 2.0 suite. The NSA recommends that National Security Systems adopt stateful hash-based signatures for firmware- and software-signing applications by as early as 2025, and requires their usage by 2030.

Why will several different quantum-safe algorithms be standardized?

Algorithms based on different areas of math have distinct advantages. For example, it is generally thought that hash-based cryptography can provide the most secure algorithms for digital signatures. On the other hand, lattice-based key exchanges can be the fastest, while code-based key exchanges can have the shortest chipertexts.

Another reason for developing algorithms from multiple areas of math is that if a vulnerability is found in one type of algorithm, then this does not doom all of post-quantum cryptography. Developers can even use a combination of two algorithms from two different areas to create even stronger public-keys through hybrid cryptographic approaches.

How can we be sure that a cryptosystem is quantum-safe?

Our trust in the security of current and quantum-safe public-key cryptography is rooted in the fact that they’ve stood the test of time against decades of cryptanalysis, deployment, and continual improvement.

NIST defines cryptanalysis as “the study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.”

Confidence in quantum-safe cryptography grows with the volume of study or cryptanalysis each algorithm undergoes as part of the NIST PQC Standardization Process. While some of the algorithms utilize areas of math that are mature and trusted, such as hash-based cryptography, which is over 40 years old, other areas of math are relatively new. For example, supersingular isogenies were invented about a decade ago.

ISARA believes it is vital to take a diversified and agile approach to quantum-safe cryptography. Our strategy is to support as many post-quantum algorithms in the ISARA Radiate™ Quantum-safe Toolkit so that in the unlikely event that a future theoretical breakthrough leads to an attack on one, others — based on different hard math problems—will be available to not only replace the broken scheme but to do so with as small of a switching cost as possible. 

Related Resources

  Webinar

Quantum Computing and its Threat to Cybersecurity

  Guide

Managing Cryptographic and Quantum Risk

  Blog Post

Quantum Computing Explained: Latest X9 Report Now Available

Ready to get started?

Request a meeting to learn more about crypto-agility and quantum-safe security.

Request Meeting