As humanity marches unflinchingly toward the future, we need to anticipate the impact that emerging technologies will have on our society. Ethical concerns surrounding data privacy, digital authoritarianism, mass surveillance, and algorithmic biases continue to plague researchers working in quantum computing, artificial intelligence (AI), and machine learning (ML).
The diminishing gap between science fiction and reality is visible with the advances in quantum computing over the last few years. Considering that the Defense Advanced Research Projects Agency (DARPA) is expanding its funding to increase the utility of quantum computers and there is now a 2-qubit desktop quantum computer available on the market for just $5,000, post-quantum encryption is becoming a priority for public and private organizations.
Why is Post-Quantum Cryptography a Priority?
While the 2-qubit desktop model from SpinQ doesn’t provide any performance benefits, the hardware aims to provide learners with hands-on quantum computing experience. IBM unveiled their 127-qubit Eagle processor in 2021, with the 433-qubit Osprey slated for 2022 and the 1,121-qubit Condor processor expected in 2023. Additionally, AWS Bracket is advancing research into quantum computing by giving users access to quantum annealers, gate-based ion-trap processors, photonic quantum computers, and superconducting processors.
The advances in quantum computing have the potential to solve some of humanity’s most complex mathematical problems — but also pose a risk to our current encryption methods. One estimate suggests that a 4,099-qubit quantum computer would smash through an RSA encryption in just 10 seconds compared to the 300 trillion years required for a classical system to break the algorithm. This is why companies like Wickr are focusing on post-quantum encryption techniques that can help protect sensitive information in a quantum-computing world.
What is Post-Quantum Encryption?
Post-quantum cryptography (or quantum encryption) refers to the development of cryptographic systems that can protect classical computers against attacks originating from quantum computers. Starting in 2021, the U.S. Department of Defense (DoD) had to provide guidance to the Senate on the state of quantum computing and how to mitigate risks to vulnerable encryption techniques.
Setting the Agenda for Post-Quantum Encryption
This year, the White House made its findings public in a National Security Memorandum (NSM) called Promoting the United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems. The memorandum sets out policy goals for quantum information science (QIS) and provides guidance on how to protect public-key cryptography from a Cryptanalytically Relevant Quantum Computer (CRQC). A CRQC refers to a quantum computer that has the processing capabilities required to “game out” our current encryption algorithms.
At the same time, the National Institute of Standards and Technology (NIST) is working on developing standardized post-quantum cryptography algorithms. The NIST will complete its first post-quantum cryptographic standard in about two years, but they announced four quantum-resistant algorithms that are already available.
The four quantum-resistant algorithm finalists are:
- CRYSTALS-Kyber — An IND-CCA2 Key Encapsulation Mechanism (KEM) used for general encryption that will secure communications over public networks
- CRYSTALS-Dilithium — One of the three digital signature schemes accepted by the NIST for verification of identities using the hardness of lattice problems over module lattices
- FALCON — Another lattice-based signature scheme that uses a trapdoor sampler with negligible leakage of the secret key across an almost infinite number of signatures
- SPHINCS+ — A state-less Hash-based signature scheme built on the SPHINCS design that uses pure random oracle instantiations during construction with SHAKE256, SHA-256, and Haraka hash-functions
Of the three signature encryption algorithms, CRYSTAL-Dilithium and FALCON provide the best performance. However, because SPHINCS+ uses a different math approach (hash functions), it remains a valuable backup compared to the structured lattice problems of the other three quantum-resistant cryptographic algorithms.
Why Post-Quantum Encryption Matters
Firstly, end-to-end encryption (E2EE) secures data both in-transit and at rest. While not all encryption algorithms are equal, the consensus was that symmetric encryption (like AES-256) wouldn’t be at risk until about 2030. The assumption was that full-scale quantum computers wouldn’t become available until the next decade.
Nevertheless, a publication in Science China Information Sciences this year puts those assumptions at risk. The paper demonstrated a variational quantum attack algorithm using current-generation quantum hardware that is faster than Grover’s algorithm. This breakthrough means we’re likely to see quantum computing capabilities that can break current encryption standards by 2025.
The recommendation now is for firms to start migrating encryption methods from current standards to the new, post-quantum resistant algorithms as soon as possible.
Evolving Post-Quantum E2EE with Wickr
Wickr continues to push the boundaries of encryption forward with our research into cryptographic security technologies. Our platform currently provides E2EE for all communications, including voice, video, and instant messaging. The forward secrecy and post-compromise security ensure that all data exchanged via Wickr remains secure from man-in-the-middle and long-term attacks. For enterprises, government agencies, and non-profit organizations, it will be critical to continue evolving your encryption methods along with the latest post-quantum cryptography standards.
Wickr remains at the forefront of post-quantum encryption research and analysis. To discuss your secure communication needs with our experts, contact us today.