Skip to content
Home » Editorials » Understanding Post-Quantum Cryptography

Understanding Post-Quantum Cryptography

As we stand on the brink of a quantum revolution, India grapples with the challenges and opportunities this paradigm shift presents. This editorial analysis explores the country’s current initiatives, the insufficiencies therein, and the urgent need for comprehensive migration to Post-Quantum Cryptography (PQC) algorithms.

The Quantum Threat

  • Quantum computers are expected to materialize by the end of the decade.
  • This advancement poses a threat to current cryptographic protocols.
  • These protocols could become obsolete soon.

The Moment of Change: Q-Day

  • The moment when existing cryptography fails is referred to as “Q-Day”.
  • This pivotal point is rapidly approaching.

The Solution: Quantum Resistant Cryptography

  • Quantum Resistant Cryptographic (QRC) algorithms offer a solution.
  • These algorithms are also known as Post-Quantum Cryptography (PQC).

The Global Initiative

  • There is a worldwide initiative to implement these new cryptographic methods.
  • This initiative aims to make Post-Quantum Cryptography a reality soon.

Importance Of PQC

Quantum Algorithms

  • Quantum algorithms, like the one devised by Peter Shor in 1994, can perform complex tasks quickly.
  • A classical computer would take approximately 300 trillion years to break a 2048-bit RSA encryption key.
  • On the other hand, a perfect quantum computer could accomplish the same task in just 10 seconds.

Improvements and Progress

  • Shor’s algorithm has been refined and enhanced over the years.
  • For example, Regev’s algorithm is an improvement on Shor’s original concept.
  • Additionally, Annealing quantum computers are now a reality.
  • These computers address the factoring problem in a different way. They treat it as an optimization problem and have shown considerable progress.

Future Threats and Solutions

  • Quantum computers pose potential future threats even though ideal quantum computing is still a decade away.
  • Attackers may ‘harvest’ data now and decrypt it later when quantum computers become widespread.
  • This suggests that quantum computers already present a significant threat, even without being fully realized.
  • This could mean that large quantities of data might be compromised.
  • Therefore, the integration of Post-Quantum Cryptography (PQC) into our current encryption protocols is crucial.

Progress And Updates In Post-Quantum Cryptography

NIST’s Post-Quantum Cryptography Standardization Project

  • In 2016, the National Institute of Standards and Technology (NIST) in the US started a project. This project aims to standardize post-quantum cryptography (PQC).
  • They invited experts to submit possible PQC algorithms.
  • They received 69 eligible submissions for this project.

PQC Algorithms for Standardization

  • Out of all submissions, NIST selected four for standardization.
  • These are CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON.
  • CRYSTALS-Kyber is for general encryption.
  • The other three are digital signature schemes.

Release of Draft Standards

  • In August 2023, NIST released draft standards for the first three algorithms.
  • They did this to receive public feedback.
  • They plan to release the final standards in 2024. This will also include the FALCON algorithm.

Lattice-Based Cryptography

  • Three of the selected algorithms use Lattice-Based Cryptography.
  • This method is based on the challenge of finding the closest point on a lattice to a random point.
  • This is similar to finding the nearest tree to a random location in a forest.
  • High-dimensional lattices make this problem especially tough.
  • Even quantum computers seem to struggle with this problem.

SPHINCS+

  • SPHINCS+, unlike the others, utilizes “Hash Functions”.
  • Hash functions are a key part of blockchain technology.

Backup Algorithms

  • The NIST is also developing a second set of algorithms.
  • These algorithms are based on different math problems.
  • They will be used if any weaknesses appear in lattice-based cryptography.

Quantum Readiness

  • The US Cybersecurity and Infrastructure Security Agency, National Security Agency (NSA), and NIST released a document called “Quantum Readiness: Migration to Post-Quantum Cryptography”.
  • They advised all organizations, particularly those involved in critical infrastructure, to prepare a “quantum-readiness roadmap”.
  • This roadmap will ease the transition to PQC standards.

PQC Coalition

  • The PQC Coalition was established in September 2023.
  • Its goal is to raise awareness about PQC and encourage the public to adopt NIST’s algorithms.
  • Members of the coalition include IBM, Microsoft, MITRE, PQShield, SandboxAQ, and the University of Waterloo.

India’s Progress in Post-Quantum Cryptography (PQC)

  • The Indian Army and the National Security Council Secretariat formed the Quantum Lab in 2021.
  • This lab is located at the Military College of Telecommunication Engineering in Mhow, Madhya Pradesh.
  • The Quantum Lab’s primary goal is to lead in quantum computing and communication research and training, particularly in PQC.

Also Read | Quantum Artificial Intelligence (QAI)

Pioneering Efforts of the Centre for Development of Telematics (C-DOT)

  • C-DOT, an autonomous R&D center under the Department of Telecommunications, is actively developing PQC.
  • They have created a “Compact Encryption Module,” a quantum-safe encryptor.
  • They have also developed a “Quantum Secure Smart Video IP Phone,” a quantum-safe, AI-enabled video IP phone.

The Impact of Startups on PQC Development

  • Startups are playing an increasingly significant role in PQC advancement.
  • QNu Labs, a Bengaluru-based startup, is the fourth company globally to create a quantum-safe security product.
  • They have developed a PQC algorithm named “Hodos,” based on one of NIST’s lattice-based algorithms and have made it commercially available.
  • They have also teamed up with Bharat Electronics Limited to create quantum-safe security systems if a public sector entity needs them in the future.
  • Other startups such as Scytale Alpha and Qulabs are also showing active interest in PQC.

UPSC 2024: Download the Ebook.

Way Forward

Insufficiency of current initiatives

  • The efforts taken to address the threat of quantum supremacy are inadequate.
  • Data breaches are increasing rapidly each year, posing serious security concerns.
  • Both China and non-state groups present constant threats.

Need for migration to PQC algorithms

  • India must expedite its migration to Post-Quantum Cryptography (PQC) algorithms.
  • All sectors, especially critical infrastructure, must leverage these algorithms.
  • Support for academic research and private sector
  • India should cultivate a supportive ecosystem for academic research in this field.
  • The private sector, which showed promising progress, should be nurtured and incentivized.

Role of National Quantum Mission (NQM)

  • The National Quantum Mission serves as India’s leading initiative in quantum technology.
  • The NQM is responsible for positioning India as a global leader in this field.

Importance of PQC in NQM

  • PQC and its adoption should be a crucial part of the NQM.
  • This is vital for the NQM’s goal to establish India as a quantum technology leader.
  • Source: Post-Quantum Cryptography: The lynchpin of future cybersecurity (ORF, December 4, 2023)
Tags: