March 27, 2019
The Race Is on for ‘Post-Quantum Crypto’
We’re 10 to 15 years from the arrival of immensely powerful quantum computers; cryptography needs to be future-proofed starting now.
Y2Q. Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve.
PQC. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.
Put another way, future-proofing encryption is crucial to avoiding chaos. Imagine waiting for a quantum computer or two to wreak havoc before companies commence a mad scramble to strengthen encryption that protects sensitive systems and data; the longer we wait, the bigger the threat gets.
The tech security community gets this. One recent report estimates that the nascent market for PQC technology will climb from around $200 million today to $3.8 billion by 2028 as the quantum threat takes center stage.
I had the chance to visit at RSA 2019 with Avesta Hojjati, head of research and development at DigiCert. The world’s leading provider of digital certificates is working alongside other leading companies, including Microsoft Research and ISARA, to gain endorsement from the National Institute of Standards for breakthrough PQC algorithms, including Microsoft’s “Picnic”and ISARA’s qTESLA.
See also: Cybersecurity for the Insurance Industry
Hojjati outlined the challenge of perfecting an algorithm that can make classical computers resistant to quantum hacking — without requiring enterprises to rip-and-replace their classical encryption infrastructure. For a full drill down of our discussion, give a listen to the accompanying podcast. Below are excerpts edited for clarity and length.
LW: What makes quantum computing so different than what we have today?
Hojjati: The main difference is that a classical computer is able to digest a single value (single bit) at a time, either a zero or a one. But quantum computers are storing information in quantum bits or “qubit.” Quantum computers are able to digest 0, 1 and superposition state of both 0 and 1 to represent information. And that’s where their performance excels.
Just how fast a quantum computer can perform is based on the number of qubits. However, whenever you’re increasing the number of qubits, you introduce the possibility of error, so what you actually need is stable qubits. Another problem is that quantum computing produces a lot of heat. So the problems of errors and heat still need to be solved.
LW: How close are we to a quantum computer than can break classical encryption?
Hojatti: To break a 400-bit RSA key, you would need to have a 1,000-qubit quantum computer, and the closest one that I have seen today is Google’s, which has around 70 qubits. That’s not enough to break RSA at this point. That being said, we’re in a transition period, and we shouldn’t wait around for quantum computers to be available to transition to post-quantum crypto.
LW: What’s the argument for doing this now?
Hojjati: It takes some forward thinking from the customer side. Do you really want to wait for quantum computers to be available to change to post-quantum crypto? For example, are you willing to distribute 10,000 IoT sensors today and then pay the cost down the line when a quantum computer is there to break the algorithm? Or are you willing to push out hybrid (digital) certificates into those devices, at the time of production, knowing they’re going to be safe 20 or 30 or 40 years from now?
LW: Can you explain “hybrid” certificate?
Hojjati: A hybrid solution is a digital certificate that features a classical crypto algorithm, like RSA or ECC, alongside a post-quantum crypto algorithm — both at the same time. It’s a single certificate that, by itself, carries two algorithms, one that allows you to communicate securely today; and the other algorithm will be one that the NIST currently has under review.
Picnic, for instance, was submitted by Microsoft Research and is one of the post-quantum crypto algorithms under NIST review; the other is qTESLA, which was submitted by ISARA Corp. A hybrid digital certificate provides the opportunity for customers to be able to see how a post-quantum crypto algorithm can work, without changing any of their infrastructure.
See also: Global Trend Map No. 12: Cybersecurity
LW: So you take one big worry off the table as numerous other complexities of digital transformation fire off?
Hojjati: Absolutely. This is one of the elements of security-by-design. When you’re designing a device, are you thinking about the threats that are going to happen tomorrow? Or are you considering the threats that are going to happen 10 or 20 years from now? Solving this problem is actually doable today, without changing any current infrastructure, and you can keep costs down, while keeping the security level as high as possible.