Cryptography for quantum computers is taking a serious step forward, thanks to the launch of the OpenQuantumSafe Software Project.
Speaking at Black Hat Europe, Jennifer Fernick, researcher at the Centre for Applied Cryptographic Research at the University of Waterloo (Canada), said that the collaborative project – funded by Canadian Cryptoworks21 – is taking a step towards secure communications for quantum computing.
She said: “What would it mean if all public key crypto was broken? You could no longer authenticate users, no longer keep private information confidential and the financial system would come to a halt.
“Everything would be public information and revealed by absence of activities, as participating as a democracy requires technology.” In regard to quantum cryptography, Fernick displayed a slide which claimed that ‘everything that ever has been – or will be – sent over the internet using a quantum vulnerable algorithm could be subject to later adversarial decryption once a large-scale quantum computer becomes available’.
She said that often with developments in quantum crypto and computing, there is little fanfare and the ability to build a machine is not publicly announced. They are known about if they are built within ‘our borders, or those friendly to us’, but what is deemed to be quantum-safe is if it is resistant to two to two common quantum-algorithmic attacks.
Fernick said that there is a need for standardization of algorithms, and pointed at the NIST post quantum competition as being of key interest. She pointed at five problems to creating a quantum resistant internet:
- There are few reference implementations of PQ algorithms [as it is] not cross-comparable
- Unsure of comparative performance of different post-quantum algorithms
- Upgrading protocol ciphersuites is rarely a simple drop-in substitution
- Emerging use cases may further constrain choices of algorithms, due to performance
- ‘The next RSA’ is still unknown, standards are unfinished and cryptanalysis is a work in progress
Fernick said she became involved in the open project two years ago, and that the project is still on-going "with moving parts and questions about benchmarking, and we have algorithms and we don’t know what works best or how they perform’.
Therefore, the project had the ambitious idea to implement them all and look at the contenders to replace RSA on what works in future, what works with IoT, and what works with anything we use on the internet - IPsec, TOR, SSH.
For the future, the main part of the library is in place and there is a plan to expand to digital signatures, and she said that it is now it is coming to a critical juncture with technology, open source, and learning about the health of ‘democracy and the tech ecosystem’, as often projects are disputed and world is left waiting.
"When thinking about the development of quantum-resistant cryptography, it is bigger than the availability of an improved technology product, and the issues to consider are far more substantial and consequential than mere sales of software products. Rather, it reflects a critical issue of the future protection of private information, and this is of tremendous geopolitical importance.
"The arrival of a quantum computer will not necessarily be front page news, so we must make and intensive and ongoing effort to improve the security of all of our systems. The best way to do this is with transparency, openness, and diverse critiques of the resulting algorithms, software, and standards.
"While quantum computers have the potential to weaken the security of the world's citizens, corporations, and governments, post quantum cryptography serves as an ethical response to maintain the security of information for everyone. It is then that we can be free to enjoy the tremendous social and scientific good that quantum computers can provide."
She concluded by saying that quantum computers seem inevitable and allowing them to do good things will protect from the bad things.