Quantum-safe cryptography, also known as post-quantum or quantum-resistant, refers to cryptographic algorithms that are known to be resilient to quantum computer-enabled attacks. Current public-key algorithms, such as RSA and ECC, depend on the difficulty of solving the discrete log problem and factoring large prime numbers. In 1994, Peter Shor, an American mathematician, invented a quantum algorithm that efficiently solves the integer factorization problem yet it requires an adequately powerful quantum computer to do so.
Industry experts agree that within 7-10 years, a large-scale quantum computer may exist that can run Shor’s algorithm and break current public-key cryptography causing widespread vulnerabilities. Quantum-safe cryptography utilizes five different areas of math considered quantum-safe: multivariate-based, code-based, hash-based, supersingular isogeny-based and lattice-based.
Quantum-safe cryptography is implemented mostly in the same way current public-key cryptography is, however, there will no longer be a “one-size-fits-all” algorithm similar to RSA or ECC because different algorithms provide different advantages.
The NIST Post-Quantum Cryptography (PQC) Standardization Process will result in draft standards available by 2022-2024. NIST will likely standardize multiple algorithms for digital signatures to replace the signatures specified in FIPS 186-4 (such as RSA, DSA and ECDSA), as well as multiple key-encapsulation mechanisms (KEMs) algorithms to replace the key-establishment algorithms specified in NIST SP 800-56 A/B (such as DH, ECDH, MQV, and RSA OAEP.)
However, quantum-safe roots of trust using stateful hash-based signatures are trusted, mature, and available today. They're undergoing standardization by NIST and recommended for applications such as code-signing. A NIST draft standard already exists for stateful hash-based signature schemes (SP 800-208), and the final standard is expected well before the availability of the NIST PQC draft standards in 2022-2024.
Algorithms based on different areas of math have distinct advantages. For example, it is generally thought that hash-based cryptography provides the most secure algorithms for digital signatures. On the other hand, lattice-based key exchanges are the fastest, while isogeny-based key exchanges have the shortest key sizes.
Another reason for developing algorithms from multiple areas of math is that if a vulnerability is found in one type of algorithm, then this does not doom all of post-quantum cryptography. Developers can even use a combination of two algorithms from two different areas to create even stronger public-keys using hybrid cryptographic approaches.
Our trust in the security of current and quantum-safe public-key cryptography is rooted in the fact that they’ve stood the test of time against decades of cryptanalysis, deployment, and continual improvement.
NIST defines cryptanalysis as “the study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.”
Confidence in quantum-safe cryptography grows with the volume of study or cryptanalysis each algorithm undergoes as part of the NIST PQC Standardization Process. While some of the algorithms utilize areas of math that are mature and trusted, such as hash-based cryptography, which is over 40 years old, other areas of math are relatively new. For example, supersingular isogenies were invented about a decade ago.
ISARA believes it is vital to take a diversified and agile approach to quantum-safe cryptography. Our strategy is to support as many post-quantum algorithms in the ISARA Radiate™ Quantum-safe Toolkit so that in the unlikely event that a future theoretical breakthrough leads to an attack on one, others — based on different hard math problems—will be available to not only replace the broken scheme but to do so with as small of a switching cost as possible.