What is Post Quantum Cryptography?
When large-scale quantum computers eventually move from the drawing board to the mainstream, they will be capable of breaking many of the public-key cryptosystems we rely on for our cyber security.
Leveraging principles like Shor’s algorithm that require next-level computing power to execute, an attacker could use quantum computing power to crack traditional encryption methods exponentially faster. Post quantum cryptography (PQC), also known as quantum-resistant cryptography, refers to the use of cryptographic algorithms designed to remain secure against these advanced computing capabilities.
Quantum computers garner their unprecedented speed and power by processing information in qubits. Unlike traditional binary processes that use only 0s and 1s, qubits can exist in multiple states simultaneously. The goal of PQC is to implement new cryptographic algorithms to prepare for the advent of quantum computing and thwart future quantum-based attacks. The U.S. government has mandated a migration to post quantum cryptography for all existing public-key cryptography systems. The National Institute of Standards and Technology (NIST) and other leading organizations are working to establish new quantum-resistant cryptosystems and algorithms.
Quantum computing is expected to reach a fully developed state as early as 2030, which means the time left to prepare is limited. After an algorithm has proven to be quantum-proof, it still takes time and resources to fully validate the algorithm and integrate it into network protocols and infrastructure. Along with the broader post quantum cryptography purpose of protecting network systems and data from quantum computing capabilities, PQC will provide additional benefits by:
- Maintaining continuity: New cryptographic protocols must be robust enough to remain quantum-resistant while continuing to provide protection from conventional security threats. This versatility will ensure data security remains intact against both current and future computational capabilities.
- Diversifying cryptographic primitives: Avoiding single points of failure is another key objective for the developers of post quantum cryptography. This can be accomplished by developing an array of encryption, digital signature, and key exchange methods based on complex mathematical models.
- Protecting sensitive data: PQC will ensure personal, corporate, and government information remains secure despite quantum technology advances. This will preserve public trust in digital infrastructure by protecting both stored data and data in transit from compromise.
Classical cryptography includes standard encryption algorithms like the Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA) that are used by enterprises and government entities today. These algorithms are based on encryption methods like large number factorization that are nearly impossible to decode without the encryption key. Quantum computers have the raw power to overcome these obstacles, especially when asymmetric cryptography allows the private key to be derived from the public key.
Understanding post quantum cryptography begins with symmetric encryption methods, where neither key is public, thereby denying this important clue to would-be quantum hackers. Quantum Key Distribution utilizes photons of light to transfer key information in a more secure way. In addition, PQC relies on extremely complex mathematical models that are believed to be unsolvable, even for quantum computers.
Different Types of Post Quantum Cryptographic Algorithms
After years of research by government agencies, large organizations, and academic institutions, several promising quantum cryptographic algorithm types have emerged. Each approach converts well-known mathematical laws and principles into encryption methods that are impervious to computing horsepower.
- Lattice-based cryptography: Lattice-based algorithms like NTRUEncrypt and Kyber rely on the mathematical complexity inherent to a large grid (or lattice) of individual points. The simplicity of this concept combined with its veracity against quantum attacks makes it a viable and well received option.
- Hash-based cryptography: Hash functions convert a variable number of characters into a fixed number of ciphertext characters. These functions are applied to cryptography through robust one-time signature schemes.
- Code-based cryptography: Random linear codes, including the McEliece cryptosystem, have garnered attention by withstanding decades of decoding attempts. Codewords are disguised by adding random errors to the ciphertext.
- Multivariate polynomial cryptography: As the name implies, this approach is based on multivariate polynomial equations with two or more undefined variables. Although it is not the strongest option, this model forms the basis of established techniques including Rainbow and MAYO.
Understanding Post Quantum Cryptography in Wireless Communication
Wireless communication networks must maintain high standards for data protection, privacy, and signaling security, especially with 5G networks supporting sensitive use cases like driverless transportation and connected health. Post quantum cryptography will be an important consideration for 5G and 6G networks, as well as the IoT, as the number of exposed endpoints continues to multiply.
- Encryption overhead: The level of security offered by cryptography methods tends to increase based on complexity, but this can also add additional time to authentication and encryption processes that impact performance and energy consumption. Balancing these considerations will be essential for post quantum cryptography in wireless communication.
- Wireless security and key exchanges: Wireless networks are more vulnerable to man-in-the middle attacks than ground-based communication methods. PQC algorithms and secure key management strengthen wireless authentication by enhancing digital signatures and key exchanges.
- Proposed architecture: The complexity of wireless networks calls for a multi-faceted approach to PQC implementation. User equipment (UEs), bases station elements, and 5G/6G cores will all need to incorporate quantum gateways to enhance security and communication capabilities.
Many of the obstacles associated with post quantum cryptography development and implementation are based on the additional complexity of the algorithms and the larger key sizes. While current algorithms use keys that are several thousand bits long, PQC keys can run up to a megabyte in length. This makes key storage, communication, and management more challenging. Additional implementation issues include:
- IoT protection: Most IoT devices have limited processing power. This will make it difficult to implement PQC-based endpoint protection at the device level without additional latency, complexity, and cost.
- PQC standardization: The NIST has been leading the charge towards standardization, after running a six-year competition to find the best set of options. Standardized algorithms are a must-have for implementation and integration with existing systems.
- Quantum timeline: An exact timeline for the onset of quantum computers capable of breaking current cryptographic systems remains uncertain, which makes it difficult to secure adequate government and industry resources based on projected capabilities and threats alone.
The introduction to post quantum cryptography also faces threats from store now, decrypt later (SNDL) schemes. In these scenarios, sensitive information is hacked or stolen now (or soon) and stored until such time when quantum computers become available to decrypt the data.
Post quantum cryptography is all about future-proofing network infrastructure to withstand new tactics and capabilities. PQC will become essential once quantum computers attain the ability to solve problems beyond the reach of classical computers, even if the quantum hardware remains cost prohibitive. IBM, Microsoft, and Intel have quantum computers in development, and Google is targeting million qubit capability by the end of the decade. Understanding the speed and direction of quantum technology is one of the keys to successful PQC deployment.
Wireless communication networks will continue to be a focus area for post quantum cryptography research and development in the years ahead since current cryptographic methods are susceptible to quantum attacks. The success of future 6G networks will depend on security and reliability. Testing the resistance and resilience of PQC standards adopted for wireless communication will help to ensure a smooth transition.
Post Quantum Cryptography Deployment Testing
Post quantum cryptography protocols in wireless networks will introduce additional network performance overhead that can impact the end-user experience. Testing is essential for developing and deploying all cryptographic systems, including newly established PQC-based systems. The scope of testing must include several key areas:
- Security assurance: Resistance testing verifies PQC algorithm resistance to cryptographic attacks. Algorithms must be assessed under different scenarios and conditions, including those that utilize both classical and quantum algorithms, to evaluate their resilience.
- Performance evaluation: Measuring and monitoring encryption/decryption speed and key generation efficiency helps to ensure overall system performance and safeguard PQC adoption for wireless network applications.
- Interoperability: New cryptographic systems will interact with established infrastructure and protocols. Testing is essential to avoid compatibility issues and guarantee the seamless integration of post quantum cryptography algorithms into diverse systems.
- Standards compliance: Testing is necessary to confirm PQC algorithm compliance with established cryptographic standards. This testing also verifies interoperability and consistent implementation across platforms.
VIAVI has leveraged decades of wireless network and security testing expertise to develop the first cloud-based test solution supporting NIST-mandated PQC algorithms. TeraVM Security Testing benchmarks the performance of content delivery networks and endpoints that initiate or terminate Internet Protocol Security (IPSec) traffic using post quantum cryptography. The TeraVM platform is widely used by network equipment manufacturers, network operators, and research institutes for security and performance testing applications.