Post-Quantum Cryptography and the Quantum Computing Cybersecurity Preparedness Act
Quantum computing has long been a theoretical idea with limited practical application. The only usable quantum computers were only available to cutting-edge researchers supported by massive corporations or government-funded universities.
As time has passed, however, these researchers have begun to make massive strides in making quantum computing realizable in a way that could impact modern technology. While these developments have been met with significant excitement… but this excitement is somewhat muted. Instead, many security experts are worried that they will fundamentally undermine the foundation of cybersecurity–encryption.
To address this potential threat, Congress and the President have passed the Quantum Computing Cybersecurity Readiness Act, which dictates that agencies must consider adopting post-quantum encryption to maintain compliance.
What Is Quantum Computing and How Does it Threaten Cryptography?
Quantum computing is a field of computer science that introduces quantum behaviors of particles to enable certain types of computation far beyond the capabilities of classical computers.
While classical computers use bits to represent information, quantum computers use quantum bits or “qubits.” Qubits have unique properties derived from quantum mechanics, such as superposition and entanglement:
- Superposition: Unlike classical bits, qubits can exist in a superposition of states. A qubit can represent any linear combination of two-bit states (0 or 1). This allows a quantum computer to process many combinations simultaneously, potentially leading to much faster computation.
- Entanglement: When qubits become entangled, their states become linked so that the state of one qubit cannot be described independently of the other qubits. This property can create strong correlations between qubits, enabling more efficient communication and computation in a quantum computer.
Quantum computers exploit these properties to perform complex or infeasible calculations for classical computers.
On the surface, this sounds great. However, this dramatically impacts the security of encryption algorithms, particularly how hackers can crack encrypted data.
How Does Quantum Computing Impact Cryptography?
Quantum computing threatens encryption algorithms due to the unique and complex calculations that they perform, which are significantly faster than classical computers.
Two key encryption techniques are particularly vulnerable to quantum computing:
- Asymmetric Cryptography: Public-key cryptography, also known as asymmetric cryptography, relies on using a public key for encryption and a private key for decryption. RSA and elliptic curve cryptography (ECC) are popular public-key cryptosystems that rely on mathematical complexity to ensure data protection by making key cracking unfeasible. Quantum computers, however, can efficiently solve these problems by reducing the inefficiency of such attacks, reducing cracking time exponentially into the realm of feasibility.
- Symmetric-Key Cryptography: Symmetric-key cryptography, also known as secret-key cryptography, uses the same key for both encryption and decryption. Popular symmetric-key algorithms include Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES). Quantum computers can also affect symmetric-key cryptography by brute-forcing a symmetric key. In the case of symmetric keys, larger key sizes can mitigate such threats.
Quantum computing threatens encryption algorithms by offering efficient solutions to the mathematical problems that underpin their security. As a result, there is a growing interest in developing post-quantum cryptographic algorithms resistant to classical and quantum computing attacks.
What Is Post-Quantum Cryptography?
Post-quantum cryptography, also known as quantum-resistant cryptography, refers to developing cryptographic algorithms and systems that are secure against classical and quantum computing attacks. The need for post-quantum cryptography arises from the potential threat of quantum computers to cryptographic systems that rely on mathematical problems that are currently hard to solve with digital technology
Quantum computers, when fully realized, will be able to process information in ways that are fundamentally different from classical computers. In particular, quantum computers are expected to efficiently execute Shor’s algorithm, which can factorize large numbers into their prime factors. This threatens widely used public-key cryptosystems like RSA and elliptic curve cryptography (ECC) that rely on factoring large numbers or solving the discrete logarithm problem.
Post-quantum cryptography aims to develop new algorithms resistant to classical and quantum attacks. These new algorithms typically rely on mathematical problems that are believed to be hard for both classical and quantum computers, such as lattice-based cryptography, code-based cryptography, multivariate cryptography, and hash-based cryptography.
Currently, the primary guide for such encryption is defined by NIST through its Post-Quantum Cryptography Standardization Project. These four tools include:
- General Encryption: The CRYSTALS-Kyber algorithm
- Digital Signatures: The CRYSTALS-DILITHIUM, FALCON, and SPHINCS+ algorithms
What Is the Quantum Computing Cybersecurity Preparedness Act?
In December 2022, the President signed the Quantum Computing Cybersecurity Preparedness Act to promote adopting technology in federal spaces that can protect against attacks enabled by quantum computers.
On its surface, this act seems a little presumptuous. Quantum computers are not a widespread reality, and promoting security for a technology that isn’t in the wild seems like putting the cart before the horse.
However, the reality is much more worrisome. While quantum computers aren’t widely used yet, that isn’t due to a lack of trying. Many countries are pushing heavy resources, with budgets in the tens of billions, into quantum computing to leverage the economic, technical, and security advantages of such technologies.
Now, consider that some of the most widespread threats in the cybersecurity landscape are state-sponsored hacking groups, and the picture becomes clearer. While individuals will wait to launch quantum attacks, a group of state-sponsored hackers could end up with the technology if provided by a government.
What Does the Future Hold for Encryption?
As newer encryption standards, including post-quantum requirements, move into practice in government and industrial applications, it sometimes takes time for businesses to stay ahead of the curve. That’s why our partners trust us to keep them informed on the latest developments in security, including how to implement and audit them regularly.
Are you ready to take control of your cybersecurity? Contact Lazarus Alliance.