Written by Securing the Future: Unraveling the Enigma of Post-Quantum Cryptography
.
In a world where technology is advancing at a breathtaking pace, the rise of quantum computing poses both a thrilling opportunity and a looming threat to our digital security. As quantum computers inch closer to reality, traditional cryptographic methods that have safeguarded our data for decades are now at risk of being compromised. Enter post-quantum cryptography, the key to fortifying our digital world against quantum attacks.
In this eye-opening blog post, we bring you a captivating video interview that seeks to unravel the mysteries of post-quantum cryptography, exploring how this cutting-edge technology promises to secure the future and protect our sensitive information from the ever-advancing forces of quantum computing. Join us on this journey of discovery as we demystify the world of post-quantum cryptography and glimpse into the next era of digital protection.
The following is a transcript of the interview with Robert Bach, Infineon Technologies
.
Robert Bach comes along with a vast experience in the semiconductor industry for chip card IC ́s since joining the Chip Card & Security IC group of Siemens AG, Germany in 1996. Mr. Bach has held various marketing and strategic marketing positions at Siemens and subsequently at Infineon Technologies AG. Currently, he is responsible for the semiconductor product marketing in the Product Line “Identity Solutions” within the Connected Secure Systems (CSS) division at Infineon.
.
“So everybody asks, what is a quantum computer? Let me try to elaborate a little bit more on that. What is a quantum computer? A quantum computer, compared to classical computer, is a computer which is working with so called qubits, not with classical bits. You have a one, you have a zero, and you calculate.
These things have been known for years. A quantum computer that’s based on principles of quantum physics, invented almost 50, 60, 70, 80 years ago, is calculating with qubits, but not in a state like one and zero. It’s using physical problems or physical things like superposition and entanglement to calculate things differently. Quantum computer can very good work on optimization problems. You can run algorithms for optimization of chemistry, chemical processes.
For example, quantum computers are already used today to find ways through cities, incorporating the traffic jams inside of a city, but also on a quantum computer, and this is something you cannot so easily do, you can do crypt analysis. What is crypt analysis? Basically, crypt analysis is where you try to figure out the secrets of an algorithm, of a cryptographic algorithm like an RSA or elliptic curve, and out of the public information of the public key. You try to retrieve by mathematical operations, the secret key. A classical computer cannot do that very easily.
It takes a lot of times. But a quantum computer, once it’s powerful enough, a so-called universal quantum computer, might affect and will affect classic cryptography like RSA and elliptic curves. So, in short, a quantum computer which is in place already from some big guys like Microsoft, Google, IBM, they’re all working on quantum computers. And you can already rent space and computing time on quantum computers. A quantum computer can do a lot of good things, like I said, the optimization of processes.
But on the other hand, it can be used for things like crypt analysis, which could be used in the end, ultimately by hackers to attack cryptography in all kinds of forms. All kind of forms? What does that mean? Well, that would not only affect, for example, the communication, cryptographic communication in the internet, but it would affect as well all kind of ID documents, because all electronic ID documents rely on cryptographic schemes and crypto logical algorithms. And with a quantum computer, it’s quite easy to attack those kind of algorithms.
Introducing Cryptanalysis
So, quantum computer, what can you do against this kind of cryptanalysis? Well, basically in 2017, there was a big competition started by the American Institute for Standardisation for finding new ways of cryptography which are safe and resistance against a quantum computer, which will ultimately replace CosIng cryptography like RSA and Olympic curves. These so called post quantum algorithms are algorithms which are supposed to run on a standard ID card, on a standard passport, on a standard healthcare card. And these algorithms are supposed to be safe against both quantum computer attacks, but they should of course, be safe against classical attacks. Classical fault attacks, classical side channel attacks, this post quantum cryptography, this process, takes quite a while to find the right algorithms, because they need to be performant, basically, they need to be safe against quantum computers and the rest.
And after roughly five years of competition and analysis, now in 2022, the first candidates have been selected as the most promising candidates. There were algorithms amongst those like XMS, like Kyber, like Dilithiumand the NIST, and the institutions working with that organisation as well. And there is industry, there are all kind of security institutions, there’s the target to finalise all of the algorithms until end of next year, end of 2024, and to having a set of cryptographic algorithms safe against quantum computers.
What’s the difference between PQ and QC?
One important thing is because that’s always confused people; the difference between post quantum and quantum cryptography. Quantum cryptography, that means you use a quantum computer to run cryptography, which is good, you can secure communication over the ocean or in the internet or whatever, but that’s not really suited because a quantum computer currently takes size of a building, actually a quite large building, you cannot put that into a passport.
Post quantum cryptography is not supposed to run on a cryptography, on a quantum computer, but it’s supposed to be safe against attacks by a quantum computer. It’s supposed to run on a standard security controller fitting into a small ID card into a passport. So that’s post quantum cryptography. What is Infineon’srole inside of that? Infineon was not only actively contributing into the competition, we are continued since more than five years working on these algorithms. Because finally, even if the algorithms are chosen, there’s a lot of work to do in terms of standardisation, in terms of implementation, efforts to be integrated into products, that ultimately that in the end, the products are safe again as well. For that, Infineon is heavily investigating, especially in security, security attacks on the algorithms.
We’re working on all kind of standard attacks like side channel attacks, fault attacks, especially fault attacks on the new algorithms to speed up the process, to have them available in time. What does availability and time mean of those post quantum algorithms? Well, basically, as of today, a quantum computer which exists today as well is not powerful enough to really crack an ellipticov, to really crack an RSA. But if you ask the industry as of today, when will the quantum computer be powerful enough? You get the answers might be next year, might be in five years, might be in ten years.
What does this all mean for ID Documents?
But still for an ID document. Even if the quantum computer is powerful enough in eight years, then with the documents you bring out to the field today, which are valid for ten years, then you still have a problem. Because it’s not so easy to withdraw documents out of the field which are in the field for ten years. So even if the quantum computer is there in eight years, you need to incorporate as of today already countermeasures to be quantum safe. That’s the reason why Infineon is heavily invested into those topics.
And we didn’t start this year, we already started, I think, it was prior 2015 working on the topics because these really take time. Standardisation of algorithms take time. Secure implementation take time. And what will take time as well is the standardisation in overall infrastructure, like the Ikea infrastructure worldwide, like how to define a specific infrastructure in the country for a healthcare card where you have local specialities, so to speak. And in the end, to really start project trials and to really start ramp up of those kind of products, quantum safe products which are safe against a quantum computer.
We expect the transition times will take quite some years. That’s mainly the reason why Infineon is always giving its consultancy to governments to start investigating now, to start preparation right now for transition phase, how to integrate that into local projects, how to integrate that into the infrastructure, because basically, once the Quantum computer is really powerful enough and there then it’s already too late because then the government still has documents for ten years in the field and then basically it’s too late. That’s the reason why Infineon has already started since years.”
For further information on Post Quantum Cryptography and Infineon’s part in this new technology, please visit: https://www.infineon.com/cms/en/product/promopages/post-quantum-cryptography/