Open search

    Future cyber security and digital trust are based on quantum-safe cryptology

    The current cyber security is built on encryption methods. Quantum-safe algorithms are a prerequisite for effective digital security in the era of quantum computers. Preparations should start now, because large sums are being invested in quantum machines, and the technology is advancing quickly.

    Communications between people, companies and organizations increasingly take place through the internet. When meetings are not in person, data protection and authenticating the recipient’s identity must be done with cryptographic methods. This is the only way to protect the privacy of people and the confidentiality and integrity of the communications between different parties.

    Currently, the cryptographic algorithms that are used are based on a few mathematical problems that are impossible to break with the current computers. However, with the quantum computers currently in development, these algorithms will be easy to break.

    There are not yet enough quantum computers powerful enough to threaten the current cryptology, but the situation must not be greeted with a shrug. Even if breaking the encryptions is impossible, the encrypted traffic can be recorded. In the future, it will be possible to unpack the recorded traffic once the capability is available with quantum computers. This means that adopting quantum-safe encryption methods is one of the most important changes that cyber security needs to make in the near future.

    Quantum-safe algorithms are to be standardized in the near future

    Because traditional cryptological algorithms are vulnerable with quantum computers, their functionality must be replaced with new methods. These are called quantum-safe algorithms (post quantum cryptography, PQC). The PQC algorithms are based on new and different mathematical problems that the currently known algorithms run on quantum computers cannot solve.

    Like the current public-key cryptography solutions, quantum-safe encryption will be based on commonly accepted standards. The international standards are based on the process of NIST (National Institute of Standards and Technology), during which one or more PQC algorithms are evaluated and standardized.

    Preserving cyber security requires the systems to be re-evaluated

    The transition to quantum-safe methods, for example, updating the protocols, devices and legacy programs, takes a long time, so it is good to prepare early. Preparing for the era of quantum computers begins with acknowledging the quantum threat and its impact on your own systems. It is worth monitoring the development of quantum calculations and cyber security regularly because, billions of dollars are currently being invested in the development of quantum machines, and significant development can happen very quickly. In addition, it is good to evaluate the quantum risks of your own organization and recognize the critical data assets and their existing protection.

    Once the international and national standards have been defined, it is time to begin the transfer to quantum-safe solutions. It requires the evaluation of all solutions, products and systems during the transition to PQC. Key lengths may grow significantly compared to the present, and the running times of algorithms may change, for example.

    Insta is involved in Business Finland’s Digital Trust program, funding the Post Quantum project. During the project, Insta has researched the use and suitability of PQC algorithms in its own products and created the quantum-safe Kyber and Dilithium algorithms that are part of the CRYSTALS product family and the Insta SafeLink VPN solution.

    Author

    Tatu Männistö