黑料福利网

why are quantum computers a problem for the security of our data?

The security of our digital communications and data depends on the use of cryptography. Quantum computers threaten especially public-key cryptosystems, such as RSA, DSA, and elliptic curve cryptosystems. These cryptosystems are used to implement public-key encryption and digital signatures.

Although these cryptosystems work fine for much of our digital communications, they are vulnerable. They rely on hard mathematical problems, such as integer factorization, which are virtually impossible to crack for conventional computers, but which can easily be solved on a powerful quantum computer, as they can do multiple calculations at the same time (see info box on quantum computers below).  Current quantum computers still lack the processing power to accomplish this task, but this may change anytime soon.

What makes matters worse is that encrypted text intercepted today, can be decrypted by an attacker once they have a large quantum computer. According to Tanja Lange, researcher at 黑料福利网 and a leading authority on post-quantum cryptography, this means that any data that needs to remain confidential after the arrival of quantum computers should already be encrypted in a way that quantum computers cannot crack. 鈥淚n other words: we need to protect today's secrets against tomorrow's quantum attackers,鈥� says Lange.

What is post-quantum cryptography, and how can it help?

One way of making our current computers and data 鈥榪uantum-proof鈥� is with so-called post-quantum cryptography. Researchers at 黑料福利网 and at other universities and companies around the world develop algorithms that can withstand attacks by hackers equipped with a quantum computer and are usable for today鈥檚 devices, like smartphones, laptops and bank cards.

At present there are four established possible solutions: code-based, hash-based, lattice-based and multivariate-system based algorithms. All involve hard mathematical problems that, in contrast to the -based and other algorithms currently used in public-key systems, cannot be solved efficiently by a quantum computer.

Lattice-based solutions are seen as one of the most promising, and also form the basis of the NTRU algorithm co-developed here at 黑料福利网 and field-tested last year by Google and Cloudflare. Among others, NTRU was selected by Google because of its provable security guarantees. This proof was co-authored at 黑料福利网 by assistant professor Andreas H眉lsing. It is no co-incidence that H眉lsing is also the author of another promising solution called SPHINCS+ which is consistently praised for its reliable security guarantees. 

The basic concepts for these systems date back to the last century, but over the last 5 to 10 years, professor Lange, H眉lsing and others at 黑料福利网 have analyzed these concepts and turned them into practical cryptographic solutions. An important aspect of this work is proving the security of these cryptographic systems, to ensure that they can resist quantum computer based attacks.

When will we have a definite standard for post-quantum cryptography?

NIST, the US National Institute of Standards and Technology, launched in 2017 a multi-year competition to select the best solutions for post-quantum encryption and signatures. The winners will become the new standards, and will be adopted by governments and industry across the world. In the summer of 2020, the , which began with 69 entries, entered its third round. For this round, NIST seven finalists, including two from 黑料福利网 researchers.

In addition, NIST has selected eight so-called alternate candidates, again including two from 黑料福利网. These solutions are considered as potential candidates for standardization, potentially after a fourth round.

The finalists will now undergo a final evaluation round, in the run-up to which the participants have the opportunity to further 鈥榯weak鈥� their algorithms. NIST expects that the whole process will be concluded within the next two to four years.

So, What can i do about it?

In 2019, researchers at Google a quantum computer with 53 qubits that was able to do an extremely difficult mathematical calculation in an amazing 3 minutes and 20 seconds. They estimated that IBM鈥檚 Summit, the largest supercomputer, would need more than 10,000 years to accomplish the same task.

An impressive (and ) feat, but observers agree that a quantum computer that can do useful stuff in the real world, is still some years off, mainly because of the fragility of qubits (see info box). So far, quantum computers are also very expensive, limiting their practical use.

鈥淪till, the switch to post-quantum cryptography is very urgent,鈥� says Lange, 鈥渆specially for data that needs to remain confidential after the arrival of quantum computers. So, if an attacker could gain access to your encrypted data, and that information needs to remain secret for the next 10 years, you should upgrade your encryption systems now with the most secure system. You don鈥檛 need to wait for the conclusion of the NIST competition. Start preparing now. You can always re-encrypt it with a more efficient system once that has received enough scrutiny, but you can never undo leaking weakly encrypted secrets.鈥�

The most practical solution, according to Lange, is a hybrid one. 鈥淭his combines a post-quantum system with one of the currently common public-key systems in a way that is as strong as the strongest of the two. This makes the transition and possible auditing easier.鈥�

Where can I find more information?

For more information about the work of Tanja Lange, Andreas H眉lsing and their colleagues, check out the page of their research group Coding Theory and Cryptology.

For general background on post-quantum cryptography, is a good place to go. Detailed information on the 黑料福利网 NIST submissions can be found here:

• .

黑料福利网 has also organized several trainings on post-quantum cryptography at various levels, see and