The Quantum Threat to Encryption: Preparing for a Post-Quantum World

As quantum computing continues to advance, experts are concerned about its potential to break today’s encryption algorithms. Public key cryptography (PKC) is the foundation of secure digital communications and transactions, but if a quantum computer were to be developed, it could easily solve the mathematical problems that PKC relies on within a matter of days or even hours. Shor’s algorithm, a quantum algorithm developed by Peter Shor in 1994, is particularly significant as it has the capability to solve complex mathematical problems, including factoring large numbers.

While current quantum computer prototypes are far from having the capacity and stability required to break encryption, it is crucial to prepare for the arrival of true quantum computers. These “Cryptographically Relevant Quantum Computers” (CRQCs) could pose a significant threat if used to launch retroactive attacks, in which encrypted communications captured now can be decrypted later. To mitigate this risk, researchers are working on developing post-quantum cryptography algorithms, which offer security against quantum attacks and can be deployed on existing infrastructure.

The National Institute of Standards and Technology (NIST) in the United States initiated the “Post-Quantum Cryptography Standardization” call in 2016 to select encryption algorithms capable of withstanding attacks from CRQCs. Several algorithms were shortlisted, and in the third round, only four post-quantum algorithms remained. French researchers are actively involved in this work, with the CRYSTALS-Kyber algorithm selected for public key encryption and key establishment. Another algorithm, CRYSTALS-Dilithium, will be used for generating electronic signatures.

Post-quantum cryptography is seen as the most promising approach to protect against the quantum threat. These algorithms provide security against quantum attacks while being deployable on existing devices and infrastructure. However, the maturity of post-quantum algorithms needs further evaluation, as there is still a lack of cryptanalytical insight and secure implementations. Despite this, efforts are underway to replace RSA keys with modern public keys that can withstand quantum computing.

As ANSSI (the French National Cybersecurity Agency) advises, it is essential to prepare for a post-quantum world and be proactive in implementing post-quantum cryptography to safeguard digital communications and transactions against the quantum threat.

– ANSSI (the French National Cybersecurity Agency)
– Olivier Ezratty, quantum computing expert and author