As cybersecurity continues to evolve, the rise of quantum computing has cast a threat on the conventional cryptographic methods that have safeguarded our digital interactions for decades. As quantum computers move closer to practical realisation, the algorithms that protect our sensitive information are on the verge of vulnerability. This is where post-quantum cryptography (PQC) comes in, a transformative field designed to counter the cryptographic challenges posed by quantum computers.
PQC aims to redefine the security paradigm by developing algorithms resistant to the immense computational power of quantum machines. In this blog we tell you everything you need to know about post-quantum cryptography, how it works, algorithms under development and what the digital landscape looks like in this new era.
What is post-quantum cryptography (PQC)?
Post-quantum cryptography (PQC) is a field in the field of cybersecurity, born out of the imminent threat posed by quantum computers to traditional cryptographic systems. As quantum computers advance, the algorithms that currently protect our sensitive information, such as RSA and ECC, are at risk of effectively breaking down. PQC seeks to develop cryptographic methods that are resilient to the computing power of quantum computers, ensuring the security and privacy of digital communications.
How does it work?
PQC aims to design cryptographic algorithms that exploit mathematical problems that are believed to be difficult even for quantum computers to solve. Unlike classical cryptography, PQC relies on mathematical constructs that quantum computers find difficult to crack due to the principles of quantum mechanics. The aim is to try to find certain mathematical problems where quantum computation and its special properties are not useful to solve those problems, and therefore do not pose a threat.
Current status
PQC is currently characterised by rigorous research, testing and standardisation efforts. Cryptographers and researchers are collaborating on a global scale to evaluate the resilience and performance of various PQC algorithms. Although quantum computers capable of breaking existing cryptographic systems are not yet a reality, the urgency to adopt PQC is evident. Organisations and governments are paying close attention to PQC developments, preparing for a future in which quantum threats could compromise the security of current systems.
Future of post-quantum cryptography
The future of PQC is marked by both challenges and opportunities. As quantum computers continue to evolve, the need for PQC becomes more pressing. Standards bodies are actively working to establish a set of secure, standardised PQC algorithms that can seamlessly replace existing cryptographic systems. The transition to PQC is expected to be gradual, ensuring smooth integration into existing infrastructure and minimising disruption. The future
of PQC promises a secure digital environment, protected against the imminent threat of quantum attacks.
On the other hand, one of the big “mistakes” made with quantum computing is to believe that in the future we will all have quantum computers at home that will replace the current ones, because they are more powerful. But this is not the case, quantum computers are good at solving certain types of problems, but for current applications, i.e. internet access, office automation, video games, etc., classical computing is sufficient and quantum computing brings no benefits.
One of our engineers’ views on post-quantum cryptography
At TechTeamz, we believe in fostering a culture where the experience and passion of each team member contributes to the collective knowledge. This is why we spoke with Francisco Javier Molinero- Senior Software Engineer who is not only an example of technical prowess but is also passionate about post-quantum cryptography. Here he tells us more about this topic:
How would you explain Post-Quantum Cryptography to someone with a non-technical background?
F: PQC is a new set of algorithms that plan to replace the old algorithms (ECC, RSA) to pose certain problems that are as complex to solve for classical computing as they are for quantum computing, and therefore prepares us to ensure that in the future, when quantum computers are sufficiently advanced, we will be protected against possible attacks by quantum computers.
What challenges do software engineers face when implementing post-quantum cryptographic algorithms in real-world applications?
F: This is a good question. Although the creators of these algorithms have designed them to be in use as similar as possible to the classic algorithms (ECC, RSA), they require a study by engineers on the new properties of these algorithms, such as a conceptual understanding of their mathematical properties to use them properly, the new key lengths, etc…
It should also be emphasized that these algorithms are currently in draft form, so, even though they are already being implemented, it is necessary to keep an eye on their continuous evolution to integrate the changes that appear.
How do you think the transition from classical to post-quantum cryptographic systems could be managed smoothly without disrupting the existing infrastructure?
F: As we mentioned, PQC algorithms are designed to be a replacement for the previous ones, so in many cases, it is not a disruptive change but simply a replacement of classical algorithms by PQC algorithms. As in any update of a SW system, such a change is a challenge in itself for that system because it tests how that system was designed to be able to be updated in a modular way.
Regarding it’s integration, the idea is to do it gradually, as we have been doing it in the past. At the beginning they will have to coexist to continue supporting the classic systems (ECC, RSA), but once a certification system starts to support PQC, the “new” certificates (once the systems are updated) should be generated with PQC and thus gradually “deprecate” the classic algorithms.
In your opinion, how far are we from witnessing quantum computers capable of breaking current cryptographic systems?
F: It’s a question that even the experts themselves don’t know for sure, i.e. let’s say quantum computing is in its infancy, and it could take decades for that to happen.
How do you keep abreast of the latest developments in quantum computing and their potential implications for post-quantum cryptography?
F: Fortunately the world of cryptography is very standardized and there are organizations such as NIST that publish standards, hold seminars, etc. that allow us engineers to keep abreast of the latest developments and the “state of the art” of current algorithms. See more
What are some practical applications or scenarios where post-quantum cryptography is particularly crucial?
F: It seems like an easy answer but it is practically EVERYTHING. That is, from our digital certificate (DNIe) that allows us to make all kinds of transactions, through our conversations on WhatsApp, banking transactions, etc… All digital communication that requires security relies on classical computing algorithms, so a crack in these algorithms would mean not being able to trust anything we currently do digitally in a secure way. So it is easy to understand how important it is to migrate to PQC as soon as possible.
As a software engineer, how would you guide an organization in preparing for the post-quantum era in terms of cybersecurity?
F: This is a complex question since said company should be prepared for possible attacks today. If it is, has good security management, and knows how to use classic cryptography, the migration should be relatively manageable.
Also, it would be a perfect opportunity to analyze the current situation of the company and conduct a vulnerability study to take advantage and start including PQC protection in your systems. As always, I would recommend doing it gradually, using less critical systems to start testing, etc. …. It should be borne in mind that we don’t even have definitive PQC systems at the moment, they are still under development.
What role does R&D play in ensuring the adaptability of cryptographic systems to new quantum threats?
F: It plays a crucial role. In this case, I would also say that what is important is the work that is done in “open source”. In other words, the algorithms that are created are completely open to the cryptographic community, so they can be analyzed by a large number of experts and are continually put under “attack” by them, who try to test whether they are secure under real circumstances.