Far from the attention and resources concentrated on research to develop an operational quantum computer, some are already anticipating the consequences of this announced revolution. This is the case of CryptoNext Security, a startup founded in 2019 by French researchers from INRIA, CNRS and Sorbonne University. Although quantum technology will only be a reality in a few years’ time, it is already a threat, and CryptoNext Security is developing an arsenal of solutions to protect against it.
What threats does quantum computing pose to public key cryptography?
Public key cryptography, or asymmetric cryptography, is one of the cornerstones of the Internet as we know it. To guarantee the confidentiality, integrity and authenticity of exchanges, the https protocol, payment systems, secure messaging, electronic signatures, VPNs and the blockchain all rely on public key encryption, which is currently invulnerable. In the current state of technology, it would take several million years of calculation to break an RSA encryption algorithm with a key size of 2048 bits (RSA-2048). In theory, however, a 4 000-qubit quantum computer would only need a few days to do this.
Why worry about a future quantum risk now?
The near certainty that quantum machines will one day be able to break through data encrypted with a public key algorithm is a real time bomb. Indeed, some data will be no less valuable in ten or fifteen years’ time: banking data, health data, biometric characteristics, patents, property and identity titles, etc. Cybercriminals simply need to collect them now, store them, and wait patiently until they have sufficient computing capacity to decrypt them. This threat, known as “harvest now, decrypt later”, is all the more serious as the hackers are often at the cutting edge of technology and have considerable resources. This will probably allow them to be among the first to be equipped with quantum machines.
Whether these machines see the light of day as early as 2023 or whether we have to wait a little longer is not really important: the risk is already there. And the institutions have not failed to identify it. As early as 2016, the US National Institute of Standards and Technology (NIST) warned: “The quantum risk is simply too great to be ignored any longer.” In France, “for use cases requiring long-term protection of information (more than 20 years), it is recommended to start taking the quantum threat into account”, suggested the ANSSI in 2018.
Are there ways around the post-quantum threat?
Theoretically, yes, and that’s the good news. The weakness of public key cryptography is that it is based on encryption methods that are certainly beyond the reach of classical machines, but not of quantum computers, for which specific algorithms, such as the Shor algorithm, have been developed that are capable of breaking them in a reasonable amount of time.
However, there are mathematical problems that can also defeat quantum threats. This is why NIST launched a programme in 2016 to develop a post-quantum cryptography standard by 2024. To date, four cryptographic approaches are being considered, based respectively on multivariate polynomials, Euclidean networks, error-correcting codes and the search for isogenies between supersingular curves. NIST is exploring these four paths to determine which one will offer the best compromise in terms of security, performance and resources consumed. The process is currently in its final stages: in July 2022, NIST published a list of candidate algorithms still in the running, and publication of the final standard is scheduled for 2023 or 2024.
How does CryptoNext Security prepare?
CryptoNext Security develops a library of post-quantum cryptographic algorithms, The CryptoNext Quantum-Safe Library. Based on a selection of approaches considered by the NIST, this library is written in C and can therefore be easily integrated into protocols and technologies that use public key cryptography today. Thanks to a hybrid approach, combining classical and post-quantum encryption algorithms, it allows signatures and key exchanges to be protected now against both conventional threats and quantum computers. Based on this solution, CryptoNext Security has developed an ultra-secure instant messaging application tested by the French Army and a post-quantum blockchain for R3’s Corda platform.
Private companies and public organisations alike must now become aware of the risk of “harvest now, decrypt later” and act methodically to protect themselves. They must first identify the scope of the data concerned, i.e. the data that will remain sensitive for a long time. Then they must evaluate the existing protection systems, on the one hand, to reinforce them if necessary against possible data leaks or theft, and, on the other hand, to develop a migration strategy towards post-quantum encryption solutions such as those offered by CryptoNext Security. Hybrid encryption is the first step in a process that will gradually move towards 100% post-quantum encryption once the algorithms have been definitively validated.