What Is Post-Quantum Cryptography & Why Is It Important?

Encryption keeps us safe online, but post-quantum cryptography could change all of that.

Most people often think about secret organizations or deep installations underground when we talk about cryptography. In essence, cryptography is simply a means of protecting and encrypting information.

For instance, if you look to the left of this website's URL (in the address bar), you'll see a tiny padlock symbol. The padlock indicates that the site uses the HTTPS protocol to encrypt information sent to and from the site, protecting sensitive information such as personal details and credit card information.

Quantum cryptography, however, is significantly more advanced, and will change online security forever.

What Is Post-Quantum Cryptography?

To understand post-quantum cryptography better, it's important to first know what quantum computers are. Quantum computers are extremely powerful machines that use quantum physics to store information and perform calculations at unbelievably fast speeds.

The conventional computer stores information in binary, which is just a bunch of 0s and 1s. In quantum computing, information is stored in "qubits." These leverage the properties of quantum physics, such as the movement of an electron or perhaps the way a photo is oriented.

By arranging these in different arrangements, quantum computers can store and access information extremely quickly. In essence, an arrangement of qubits could store more numbers than the atoms in our universe.

So, if you use a quantum computer to break a cipher from a binary computer, it won't take long for it to crack. While quantum computers are incredibly powerful, their binary counterparts still have an edge in some cases.

Heat or electromagnetic fields can affect the computer's quantum properties, for starters. Thus, their use is generally limited and must be governed very carefully. It's easy to say that quantum computing is changing the world.

Now, while quantum computers do pose a significant threat to encryption, there are still appropriate defenses. Post-quantum cryptography refers to the development of new ciphers or cryptographic techniques that protect against cryptanalytic attacks from quantum computers.

This allows binary computers to protect their data, making it impervious to attacks from quantum computers. Post-quantum cryptography is becoming increasingly important as we move towards a more secure, more robust digital future.

Quantum machines have already broken many asymmetric encryption techniques, primarily relying on Shor's algorithm.

The Importance of Post-Quantum Cryptography

Back in 2016, researchers from the University of Innsbruck and MIT determined that quantum computers could easily break through any cipher developed by conventional computers. They are more powerful than supercomputers, of course.

Within the same year, the National Institute of Standards and Technology (NIST) started accepting submissions for new ciphers that could replace public encryption. As a result, several defenses were developed.

For instance, a simple way is to double the size of digital keys so that the number of permutations required increases significantly, especially in case of a brute force attack.

Just doubling the key size from 128 to 256 bits would square the number of permutations for a quantum computer that uses Grover's algorithm, which is the most commonly used algorithm for searching through unstructured databases.

Currently, NIST is testing and analyzing several techniques with the aim of selecting one for adoption and standardization. From the original 69 proposals received, the Institute has already narrowed it down to 15.

Is There a Post-Quantum Algorithm? Is AES-256 Encryption Post-Quantum Secure?

There is now a significant focus on the development of "quantum-resistant" algorithms.

For instance, AES-256 encryption, widely used nowadays, is commonly considered to be quantum-resistant. Its symmetric encryption is still incredibly secure. For instance, a quantum computer that uses Grover's algorithm to decrypt an AES-128 cipher can reduce the attack time to 2^64, which is relatively insecure.

In the case of AES-256 encryption, that would be 2^128, which is still incredibly robust. NIST states that post-quantum algorithms generally fall into one of three categories:

• Lattice-based ciphers—such as Kyber or Dilithium.
• Code-based ciphers—such as the McEliece public-key cryptosystem that uses Goppa codes.
• Hash-based functions—such as the Lamport Diffie one-time signature system.

Furthermore, many blockchain developers are focusing on creating cryptocurrency resistant to quantum cryptanalytic attacks.

Is RSA Post-Quantum Secure?

RSA is an asymmetric algorithm that was once considered incredibly secure. The Scientific American published a research paper in 1977, claiming that it would take 40 quadrillion years to crack the RSA-129 encryption.

In 1994, Peter Shor, a mathematician working for Bell Labs, created an algorithm that effectively doomed the RSA encryption to failure. A couple of years later, a team of cryptographers cracked it within six months.

Today, the recommended RSA encryption is RSA-3072, which offers 112 bits of security. RSA-2048 hasn't been cracked yet, but it's only a matter of time.

Currently, more than 90% of all encrypted connections on the web, including SSL handshakes, rely on RSA-2048. RSA is also used for authenticating digital signatures, which is used for pushing firmware updates, or mundane tasks like authenticating emails.

The problem is that the increase in key size doesn't boost security proportionally. For starters, RSA 2048 is four billion times stronger than its predecessor. But, RSA 3072 is only around 65k times stronger. Effectively, we'll reach RSA encryption limits at 4,096.

Cryptographic analysts have even released a series of different methods for attacking RSA and outlined just how effective they can be. The thing is, RSA is now a technological dinosaur.

It's even older than the advent of the World Wide Web as we know it. Now, it's also pertinent to mention that we haven't yet achieved quantum supremacy, which means a quantum computer will be able to perform a function that a normal computer can't.

However, that's expected within the next 10-15 years. Companies such as Google and IBM are already knocking at the door.

Why Do We Need Post-Quantum Cryptography?

Sometimes, the best way to innovate is to present a more powerful problem. The concept behind post-quantum cryptography is to change the way computers solve mathematical problems.

There's also the necessity for developing more secure communication protocols and systems that can leverage the power of quantum computing and even protect against them. Many companies, including VPN providers, are even working on releasing VPNs that are now quantum-safe!