We had the opportunity to spend some time with and interview Mark Pecen, who is the leader in quantum-safe cryptographic (QSC) solutions for governments and original equipment manufacturers as well as Chairman and founding member of the ETSI QSC Working Group.
During our discussion, we realized while Quantum computing is much talked about, the cryptographic element of it is a necessary application in the world of blockchain, big data, IoT and other advents leading towards growing data. Below is the transcript of the interview.
Cyberprotection Magazine: What is quantum safe cryptography?
Mark Pecen: Quantum-safe cryptography comprises classes of cryptographic problems that are neither vulnerable to attack by a quantum computer nor a conventional computer.
Cyberprotection Magazine: From a technological point of view, how does QSC differ from today’s cryptography?
Mark Pecen: Quantum computing uses quantum mechanical effects to perform computations, which in some cases provides enormous performance gains over conventional super-computing environments. For example, for some classes of problems, a quantum computer may be literally trillions of times faster than a conventional computer. For other classes of problems, a quantum computer is no faster than conventional computation. The quantum computer can easily solve the integer factorization problem, which is used by RSA, and the discrete logarithm problem, used by ECC, but is unable to solve the quantum-safe algorithms such as lattice-based, code-based or isogeny-based cryptography and others. RSA and ECC are both public-key cryptographic algorithms that are used to secure the Internet and wireless networks today. In summary, quantum safe cryptography provides problems which are not easily solved by either a quantum computer or a conventional computer.
Cyberprotection Magazine: What are the difficulties in developing effective quantum safe cryptography solutions?
Mark Pecen: The primary difficulty is not on the cryptographic side, but rather the architecture and implementation of the new solutions that would enable government and industry users to migrate to quantum-safe cryptography in a controlled and cost-effective manner. For example, a government may have millions of users on their public-key infrastructure, and this is not an environment that can be easily upgraded in a weekend. Conventional upgrade and replace techniques would require years in such cases, which is why much of the work of ETSI Working Group QSC is directed toward the areas of security upgrade, migration and crypto-agility. A crypto-agile solution would allow fairly rapid upgrades to the portions of a network environment having the highest security requirements first, followed by all the others if the solution is backward compatible.
Cyberprotection Magazine: In 2019, Google announced that they have been able to built the first “real” quantum computer. Will we see quantum computer breaking current encryptions anytime soon? And if so, when do you think we’ll see the first quantum computer breaking current PKI cryptography?
Mark Pecen: It’s impossible to say, until someone shows a credible example of how their quantum computer has succeeded in the task. I would expect that the first successful attempt would make use of multiple small quantum computers coordinated by conventional computers. For all we know, this may have already been done, but if so, I don’t see why anyone would want to admit to it.
Cyberprotection Magazine: While quantum computing is still a thing of the future, what are current threats to cryptography?
Mark Pecen: The most widely-used public-key techniques are RSA and ECC, which are both aging cryptosystems – they’ve been hacked and attacked over years. Continuous improvement in conventional computing along with improvements in attack techniques threaten these methods more and more over time. For this reason, we can think of quantum-safe cryptography as “next-generation crypto”, because it addresses advanced conventional attacks as well.
Cyberprotection Magazine: Do you think between now and the age of quantum computing, some of the next generation cryptography will replace RSA and ECC?
Mark Pecen: Yes, they will have to, otherwise the risk will be too high. Even today there is a technique which has been around for years, stochastic prime. Rather than factoring prime numbers, they are generating numbers that have a high probability of being prime, but are not tested to being prime. What cryptographers do, they generate thousands of these numbers and are trying to make keys out of them, and some of them work.
Cyberprotection Magazine: Even though quantum computers might not be seen in the wild in the near future, what will the implications on current cybersecurity technologies be, once quantum computers effectively render current cryptography solutions useless?
Mark Pecen: Again, there are more modern attack vectors being discovered all the time. This is where crypto-agility becomes useful, which is the ability to quickly switch out of an unsafe cryptosystem and replace it with another cryptosystem, while helping to reduce the technology switching-costs. That was actually in place in the early generation of GSM, so operators could quickly switch to a more secure cryptosystem. If a network or authentication system using cryptographic certificates supports multiple cryptosystems, the user can rapidly switch out of the broken (or soon to be broken) cryptosystem rapidly and replace it with the next generation cryptosystem, whether the legacy cryptosystem was broken by a quantum computer or by any other type of attack. A crypto-agile implementation can be programmed to simply switch usable cryptosystems, whereas a non-agile solution would require the expense and time of complete replacement and integration of a new cryptosystem.
Cyberprotection Magazine: Are there specifics topics, systems and/or applications which are particularly vulnerable to quantum attacks?
Mark Pecen: Public-key infrastructure, or the PKI, is the most vulnerable. Symmetric-key techniques, like used over the wireless air interfaces for example, are less vulnerable for the time being. Also, quantum-based cryptography, which makes use of entangled light particles, is resistant to quantum computing attacks as well. You may want to refer to ETSI GR QSC004 “Quantum-Safe Threat Analysis” and ETSI GR QSC006 “Limits of Quantum Computing on Symmetric Key Cryptography”.
Cyberprotection Magazine: In your estimate, what will the effects be on the cybersecurity market?
Mark Pecen: The governments and original equipment manufacturers who plan ahead will still prevail after quantum computers are broadly available. The ones who don’t plan are likely to be caught by surprise and suffer substantial losses, simply because the planninc cycle will take some time. So companies should act now instead of waiting for quantum computers to be available.
Cyberprotection Magazine: How can companies protect data in the age of quantum computing? Do options for implementing quantum safe cryptography already exist and how can companies implement those?
Mark Pecen: At the present time, most solutions would require custom integration by a competent hardware, software or chipset developer. There are indeed solutions available today from a number of companies, many of whom are members of the ETSI Working Group QSC.
Cyberprotection Magazine: The Internet of Things (IoT) will be a growing technology over the next years and currently is difficult to protect. How can quantum safe cryptography help in securing the IoT?
Mark Pecen: It’s difficult to say at this time, because many of the IoT devices are very inexpensive and small, with limited computing power and battery life. For this reason, there are many ongoing studies in this area by industry and academia both. In the meantime, there is still the option to use symmetric key cryptography, which is inherently less vulnerable to quantum attacks, but the problem of managing and exchanging keys remains. This is a topic of ongoing work in ETSI Working Group QSC.
Cyberprotection Magazine: One of the other often discussed topics today is blockchain: what will the effect, if any, of quantum computing be on blockchain, as blockchain also uses cryptographic algorithms?
Mark Pecen: Blockchain solutions as they exist today are not quantum-safe to my knowledge. Indeed, the solution used by BitCoin is not a quantum-safe algorithm. Their crypto-systems would require upgrading to an implementation using algorithms from one of the five quantum-safe algorithm families.
Cyberprotection Magazine: Where do you see trends for the future, i.e. future interests of the members of the ETSI QSC group?
Mark Pecen: There is continued interest in migration techniques and crypto-agility to help mitigate the technology switching-costs for upgrading. Many members are continuing to study quantum-safe solutions specifically targeted to IoT environments. The implementation of quantum-safe authentication mechanisms are still being specified for the various domains, for example to use in automotive and aircraft software upgrade procedures. This is important, as the owner of a vehicle wants to be certain that it receives the latest software and firmware updates from an authorized service centre, and not some attacker who could maliciously damage or disable the vehicle.
For those interested in the topic and would like to know more, here are some references to some standards efforts.
ETSI Group Report (GR) QSC001 “Analysis of Quantum-Safe Primitives”. This Group Report discusses the basic principles of quantum-safe cryptography, the range of options available for implementation and usage as well as certain performance considerations and constraints such as cryptographic key-lengths and computational requirements.
ETSI GR QSC003 “Quantum-Safe Case Studies & Use Cases”. A practical analysis of the consequences of implementing and deploying certain quantum-safe methods. In this report, we cover some aspects of network security, such as Transport Layer Security (TLS), security for the Internet of Things (IoT) and the inherent constraints as well as satellite communication and the issues associated with security of one-to-many broadcast data.
ETSI GR QSC004 “Quantum-Safe Threat Analysis”. An overview of what is vulnerable over time to quantum attacks, including applications in banking and finance, intelligent transportation systems, Internet of Things, digital media content protection eHealth as well as how some of the quantum attacks are formulated.
ETSI GR QSC006 “Limits of Quantum Computing on Symmetric Key Cryptography”. This is the only effort addressing Symmetric Key Cryptography thus far, and it’s fairly speculative in its findings. Nevertheless, an excellent grounding on the limits of quantum computing as known at the time of the draft (2017).
ETSI TR 103 570 “Quantum-Safe Key Exchanges, Implementation Analysis” published in 2019. This Technical Report (TR) covers a range of quantum-safe key exchange mechanisms, such as Learning with Errors (LWE), Ring Learning with Errors (RLWE), supersingular isogenies, and others with regard to parameter selection, performance and implementation constraints.
ETSI TR 103 617 “Quantum-Safe Virtual Private Networks” published in 2019. This Technical Report (TR) explores protocol requirements necessary to add quantum resistance to VPN technologies, including client, server and architectural considerations. Specifically, requirements around protocols and key establishment are considered, based on the multitude of systems that are at risk and require security updates before quantum computers that can attack commercial cryptography are developed.
ETSI TR 103 618 “Quantum-Safe Identity-Based Encryption” published in 2019. This TR describes how Identity-Based Encryption operates within the confines of the requirement to be quantum-safe. Lattice-based Hierarchal Identity-Based Encryption (HIBE) is described in terms of implementation and parameter selection as well as some performance estimates for both 32-bit and 64-bit microprocessors.
Current work in the group
QSC-008: “Quantum-Safe Cryptographic Signature assessment”, (Rapporteur is INRIA) (publication expected 2020)
QSC-13: “Migration Techniques to Quantum-Safe Systems”, (Rapporteur is Cadzow Communication) (publication expected 2020)
QSC-14: “Technical Specification for Hybrid Key Exchange Subsystem”, (Rapporteur is Amazon) (publication expected 2020)
QSC-16: “TR Investigation on State Management for Hash-Based Signatures”, (Rapporteur is ISARA) (publication expected 2021)