Highlights

  • Intel has actively contributed to the joint efforts of the National Institute of Standards and Technology (NIST) "https://www.nist.gov", the International Organization for Standardization (ISO) and the Internet Engineering Task Force (IETF) "https://www.ietf.org" to develop post-quantum encryption standards.

  • Intel adopts a three-tiered research strategy to address threats posed by quantum computers.

  • Recent executive orders and memorandums from the White House concerning the future of quantum computing and its associated cybersecurity risks underscore the urgent need to protect data now.

author-image

By

Post-Quantum Cryptography:  Defending Against Future Adversaries

Quantum computing accelerates the computation of certain types of algorithms, giving it the potential to solve some of the world’s most intractable problems—in medical treatments, materials science, chemical engineering, pharmacology, and more. This grand potential, however, comes with an asterisk that cannot be ignored. Quantum computers will be able to break much of the cryptography that is currently used in our worldwide digital infrastructure for secure digital interactions, including everything from e-commerce to national security. 
Specifically, 
 

  • Quantum computers can weaken Symmetric cryptography, due to the fact that Grover’s algorithm (1996) enables acceleration of unordered searches. 
  • Quantum computers will break Public Key cryptography, as a result of Shor’s algorithm (1994) which solves integer factorization and discrete log. 

What Are the Threats?

Both symmetric and public key encryption types are used pervasively in our digital world. Symmetric key encryption, which uses a single key for encryption and decryption, is typically used for keeping data confidential. Public key encryption uses a public key for encryption and a private key to decrypt them. It is used for key exchange, encryption, and digital signatures.

The implications of quantum attacks on symmetric and public key crypto poses risks to the following:
 

  • Private Data – Personal health and financial records, trade secrets, etc. may be exposed.
  • Secure Software Updates – Public keys algorithms currently used to authenticate software updates will be broken, leaving cell phones, laptops and other connected devices vulnerable to malicious updates.
  • Secure Internet Transactions – Quantum computers can undermine the underlying protocols that ensure secure internet transactions such as banking transactions and online purchases.

Preparing for the Quantum Era

Although quantum computers may not be available for years or even decades, the threat to our current digital ecosystem demands immediate action for the following reasons:
 

  • Adversaries are most likely already harvesting encrypted data today with the intent of decrypting it when quantum computers are available.
  • The transition to a quantum-resistant crypto infrastructure may take several years or even decades, given the extensive standardization process, collaborative research, and deployment that must take place. The sooner we start, the better.
  • Long-lived platforms such as IoT and automotive platforms demand crypto-resistant protection that will sustain them for many years.

The good news is there are steps we can take to mitigate some of these threats today, while other longer-term strategies are underway.

Protect confidential data. The most imminent threat that enterprises face is the harvesting of encrypted data. To protect this data, we should increase key and digest sizes for symmetric crypto; for example, use AES-256 and SHA-384.

Secure code signing applications such as software updates with post-quantum cryptography, which have been standardized by IETF for these types of applications. Their security is based on harder mathematical problems and can be implemented in the current (non-quantum) infrastructure.

Intel is currently working on increasing the robustness of code signing applications, such as authentication of firmware and software, with quantum-resistant algorithms. This can defend against attacks that compromise current classical crypto to run malicious code.

Secure internet transactions with post-quantum cryptography once standards (currently imminent) are announced. Quantum computers can break the public key algorithms used for securing transactions over the internet. This includes both algorithms for digital signature and key encapsulation.

In addition to contributions to the NIST PQC competition, Intel is also investigating the candidates being considered for standardization.

Presidential Call for Urgency

While practical use of quantum technology may be years away, its inevitability behooves enterprises to act now to protect data from future attacks.

This urgency is underscored by the memorandum, ”Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems,” signed by President Biden and released in  January 2022. The memorandum requires governmental agencies to identify any instances of encryption that do not comply with NSA-approved Quantum Resistant Algorithms by the end of the second quarter.

A second Presidential memorandum, released in May 2022, outlines policies and initiatives related to quantum computing and identifies key steps for maintaining the Nation's competitive edge in quantum science, mitigating risks posed by quantum computers, and national security.

Intel is committed to these initiatives and is eager to partner with the industry and academia to accelerate the transition to quantum-resistant systems.

 

For More Information: 

Harvest Now, Decrypt Later

Today is World Quantum Day – What’s That?

Post-Quantum Cryptography NIST News and Updates

Efficient BIKE Hardware Design with Constant-Time Decoder