prepare without rushing

Like computing, security technologies are also evolving at a very fast pace. With the advent of quantum computers and their unlimited computing power, quantum computers are gradually becoming a reality. But since quantum computers are difficult to design and implement, conventional and quantum computers will continue to exist side by side.

Several currently commonly used algorithms, such as public key cryptography, are based on complex mathematical calculations that could be easily solved by a quantum computer. They should therefore no longer be considered “mathematically robust”. That is why several technological fields, and in particular the field of security, already have to anticipate this development and adapt immediately.

It is in this context that “post-quantum cryptography”, also called “PQC” for “Post-Quantum Cryptography” in English, appeared. And despite many recent advances, its algorithms remain vulnerable to advanced attacks, especially those aimed at the way they have been implemented.

Multiple vulnerabilities in post-quantum cryptography

Two types of attacks can be considered as potential threats that exist in both classical cryptography and post-quantum cryptography: passive attacks, where the attackers do not interact directly with the target, but rather exploit a related physical property to the activity of data considered sensitive and active attacks , where the attackers directly intervene in their target and disrupt its normal functioning.

Although PQC is a new type of cryptography, it remains vulnerable to the same threats as conventional cryptography; and sometimes even more. In fact, in a PQC context, signature verification schemes can fail and therefore represent a potential gateway to certain attacks.

Post-quantum cryptography is a new technology and it is not yet completely secure. But it’s only a matter of time before she is.

Many initiatives for the development of technologies

Many players have invested in the development and improvement of post-quantum cryptography. For example, several government agencies have launched several initiatives to promote PQC research: China Association for Cryptography Research (CACR), Japan, Information Technology Promotion Agency (IPA), Cryptography Research and Evaluation Committee (Cryptec) and National Institute of Information and Communication Technology (NICT).

In France, BPI is funding the RISQ project, which consists of a consortium of industrialists and government certification bodies, to develop expertise and prepare the migration for post-quantum security.

Finally, in the United States, the National Institute of Standards and Technology, i.e. National Institute of Standards and Technology (NIST), one of the key decision makers in the standardization of PQC. As a non-regulatory government agency, it develops standards to drive innovation and find the best approach to protect data from an attack carried out with quantum computers.

Common use of classical and quantum cryptography

Post-quantum encryption can be implemented in both hardware and software. Its use provides internal security to devices by enabling secure boot and secure OTA (Over-The-Air) update services. In addition, external cryptographic services such as authentication or proxy encryption.

The PQC can be integrated “à la carte”; either as a stand-alone block or in a secure element, providing integration flexibility and additional “in-depth security”.

The National Agency for Security of Information Systems (ANSSI) and other public authorities are currently recommending the joint use of post-quantum cryptography and classical cryptography in order not to rely solely on PQC methods. Having both types of cryptography actually makes it possible to avoid any risk of attack that could benefit from an immature model.

Chose for you

Deeptech Pasqal draws with BMW to use quantum calculation for metal forming

Leave a Comment