A year ago today, the National Institute of Standard and Technology (NIST) published the first ever official standard for post-quantum cryptography (PQC) algorithms. The standard was a result of a 2022 memorandum from the Biden administration that requires federal agencies to transition to PQC-based security by 2035.
Cryptography relies on math problems that are nearly impossible to solve, but easy to check if a solution is correct. Armed with such math problems, only the holder of a secret key can check their solution and get access to the secret data. Today, most online cryptography relies on one of two such algorithms: either RSA or elliptic curve cryptography.
The cause for concern is that quantum computers, if a large enough one is ever built, would make easy work of the “hard” problems underlying current cryptographic methods. Luckily, there are other math problems that appear to be equally hard for quantum computers and their existing classical counterparts. That’s the basis of post-quantum cryptography: cryptography that’s secure against hypothetical quantum computers.
With the mathematics behind PQC ironed out, and standards in hand, the work of adoption is now underway. This is no easy feat: every computer, laptop, smartphone, self-driving car, or IoT device will have to fundamentally change the way they run cryptography.
Ali El Kaafarani is a research fellow at the Oxford Mathematical Institute who contributed to the development of NIST’s PQC standards. He also founded a company, PQShield, to help bring post-quantum cryptography into the real world by assisting original equipment manufacturers in implementing the new protocols. He spoke with IEEE Spectrum about how adoption is going and whether the new standards will be implemented in time to beat the looming threat of quantum computers.
What has changed in the industry since the NIST PQC standards came out?
Ali El KaafaraniPQShield
Ali El Kaafarani: Before the standards came out, a lot of people were not talking about it at all, in the spirit of “If it’s working, don’t touch it.” Once the standards were published, the whole story changed, because now it’s not hypothetical quantum hype, it’s a compliance issue. There are standards published by the U.S. government. There are deadlines for the adoption. And the 2035 [deadline] came together with the publication from [the National Security Agency], and was adopted in formal legislation that passed Congress and therefore there is no way around it. Now it’s a compliance issue.
Before, people used to ask us, “When do you think we’re going to have a quantum computer?” I don’t know when we’re going to have a quantum computer. But that’s the issue, because we’re talking about a risk that can materialize any time. Some other, more intelligent people who have access to a wider range of information decided in 2015 to categorize quantum computing as a real threat. So this year was a transformational year, because the question went from “Why do we need it?” to “How are we going to use it?” And the whole supply chain started looking into who’s going to do what, from chip design to the network security layer, to the critical national infrastructure, to build up a post-quantum-enabled network security kit.
Challenges in PQC Implementation
What are some of the difficulties of implementing the NIST standards?
El Kaafarani: You have the beautiful math, you have the algorithms from NIST, but you also have the wild west of cybersecurity. That infrastructure goes from the smallest sensors and car keys, etc., to the largest server sitting there and trying to crunch hundreds of thousands of transactions per second, each with different security requirements, each with different energy consumption requirements. Now that is a different problem. That’s not a mathematical problem, that’s an implementation problem. This is where you need a company like PQShield, where we gather hardware engineers, and firmware engineers, and software engineers, and mathematicians, and everyone else around them to actually say, “What can we do with this particular use case?”
Cryptography is the backbone of cybersecurity infrastructure, and worse than that, it’s the invisible piece that nobody cares about until it breaks. If it’s working, nobody touches it. They only talk about it when there’s a breach, and then they try to fix things. In the end, they usually put bandaids on it. That’s normal, because enterprises can’t sell the security feature to the customers. They were just using it when governments force them, like when there’s a compliance issue. And now it’s a much bigger problem, as someone is telling them, “You know what, all the cryptography that you’ve been using for the past 15 years, 20 years, you need to change it, actually.”
Are there security concerns for the PQC algorithm implementations?
El Kaafarani: Well, we haven’t done it before. It hasn’t been battle-tested. And now what we’re saying is, “Hey, AMD and the rest of the hardware or semiconductor world go and put all those new algorithms in hardware, and trust us, they’re going to work fine, and then nobody’s going to be able to hack them and extract the key.” That’s not easy, right? Nobody has the guts to say this.
That’s why, at PQShield, we have vulnerability teams that are trying to break our own designs, separately from those teams who are designing things. You have to do this. You need to be one step ahead of attackers. That’s all you need to do, and that’s all you can do, because you can’t say, “Okay, I’ve got something that is secure. Nobody can break it.” If you say that, you’re going eat a humble pie in 10 years’ time, because maybe someone will come up with a way to break it. You need to just do this continuous innovation and continuous security testing for your products.
Because PQC is new, we still haven’t seen all the creativity of attackers trying to bypass the beautiful mathematics, and come up with those creative and nasty side-channel attacks that just laugh at the mathematics. For example, some attacks look at the energy consumption the algorithm is taking on your laptop, and they extract the key from the differences in energy consumption. Or there are timing attacks that look at how long it takes for you to encrypt the same message 100 times and how that’s changing, and they can actually extract the key. So there are different ways to attack algorithms there, and that’s not new. We just don’t have billions of these devices in in our hands now that have post-quantum cryptography that people have tested.
Progress in PQC Adoption
How would you say adoption has been going so far?
El Kaafarani: The fact that a lot of companies only started when the standards were published, it puts us in a position where there are some that are well advanced in their thoughts and their processes and their adoption, and there are others that are totally new to it because they were not paying attention, and they were just kicking the can down the road. The majority of those who were kicking the can down the road are the ones that don’t sit high up in the supply chain, because they felt like it’s someone else’s responsibility. But they didn’t understand that they have they had to influence their suppliers when it comes to their requirements and timelines and integration and so many things that they have to prepare. This is what’s going on now: A lot of them are doing a lot of work.
Now, those who sit high up in the supply chain, quite a few of them have made great progress and started embedding post-quantum cryptography designs into new products, and are trying to work out a way to upgrade products that are already on the ground.
I don’t think that we’re in in a great place, where everyone is doing what they’re supposed to be doing. That’s not the case. But I think that from last year, when many people were asking “When do you think we’re going to have a quantum computer?” and are now asking “How can I be compliant? Where do you think I should start? And how can I evaluate where the infrastructure to understand where the most valuable assets are, and how can I protect them? What influence can I exercise on my suppliers?” I think huge progress has been made.
Is it enough? It’s never enough in security. Security is damn difficult. It’s a multi-disciplinary topic. There are two types of people: Those who love to build security products, and those who would love to break them. We’re trying to get most of those who love to break them into the right side of history so that they can make products stronger rather than actually making existing ones vulnerable for exploitation.
Do you think we’re going to make it by 2035?
El Kaafarani: I think that the majority of our infrastructure should be post quantum secure by 2035, and that’s a good thing. That’s a good thought to have. Now, what happens if quantum computers happen to become reality before that? That’s a good topic for a TV series or for a movie. What happens when most secrets are readable? People are not thinking hard enough about it. I don’t think that anyone has an answer for that.
From Your Site Articles
Related Articles Around the Web