Encryption technology against quantum computer attacks identified
Due to their computing model that is entirely different from that of today’s binary computers, quantum computers will be able to break some of the encryption schemes today globally in use. Though quantum computers are not widely available today, it is necessary to be prepared for the situation in the probably not too far future that such quantum computers will be in widespread use, says professor Tim Güneysu who until very recently was performed research within the Post-Quantum Cryptography research project of the EU. Today, Mr. Güneysu is working at the Bremen university.
Cryptographic processes are in use in many devices and instruments with long life cycles, such as satellites. Also miniature devices that carry long-term relevant data such as health cards need strong protection that resists not only today’s attack techniques but also those of tomorrow – they need a protection that is “quantum computing safe”. Within the Post-Quantum Cryptography project, Güneysu and his colleagues identified classes of cryptographic processes that will be able to protect digital content even in the age of quantum computing. In addition, the experts proved that these processes can be implemented in miniature devices – embedded computers with relatively low-performance processors, smartcards and the like. The challenge in this context was the fact that the Post-Quantum cryptography typically requires very long cryptographic keys. Processors in use in the abovementioned category of devices however have problem to handle such keys.
The RUB researchers solved the problem through alternative representations of cryptographic protocols. For instance they structured these keys in a way that allowed them to reduce the key length. In addition, they tweaked the algorithms to meet the requirements. Depending on the respective process, the researchers were able to combine complex process steps with other calculations or even avoiding them completely without affecting the security of the overall process.
According to RUB, four classes of mathematical processes are worth considering: Code-based cryptography, lattice-based cryptography, cryptography based on multi-variate quadratic equations and hash-based cryptography. “In our research activities, we ignored hash-based cryptography because it is already very well explored,” said Güneysu. Also not in the focus of the research group was cryptography based on multi-variate quadratic equations. “In some of these systems the security situation is unclear. Therefore it is very difficult to evaluate their acceptance in real-world applications.” Many approaches within this class have been as quickly broken as they have been introduced, he added.
Against this background the researcher regarded lattice-based and code-based cryptography. Not only have these methods the potential to withstand attacks from quantum computers, but they also can in principle be implemented in embedded systems with very little computing resources. The challenge now is implementing the complex algorithms and still rather long encryption keys in a way that suits the cost and performance requirements of miniaturised embedded systems.
Encryption methods based on the approach developed by the RUB group could be expected for practical use within five to ten years, Güneysu said.