Post-quantum cryptography will be a major challenge for the next decade at least, according to Bart Preneel, professor of cryptography at KU Leuven University in Belgium.
This is one of the main conclusions of his latest annual cryptographic review at the EEMA ISSE 2018 cyber security conference in Brussels.
Preneel began his discourse on post-quantum cryptography by noting that quantum computers are really not as useful as many people may think.
“But they are good for simulating physics processes at molecular level, which people hope will enable them to create new medicines,” he said. “This is the good news.
“For big data, I don’t think quantum computers will be that useful because they can’t deal with big data, however they are good for cracking crypto, mostly all the public key crypto that we all use every day.”
The good news here, said Preneel, is that the impact for symmetric cryptography is not so bad. “You just have larger encryption keys and then you are done,” he said.
Looking at the state of play in terms of developing a practical quantum computer, Preneel said IBM has announced a 50 qubit computer, while Google is at 72 qubits and Rigetti 128 qubits.
“To factor [crack] a 1,024 bit number [encryption key], you need only 2,048 ideal qubits,” he said. “So you would think we are getting close, but the qubits announced are physical qubits and there are errors, so they need about 1,000 physical qubits to make one logical [ideal] qubit.
“So to scale this up, you need 1.5 million physical qubits. This means quantum computers will not be a threat to cryptography any time soon. They will definitely not be done by Christmas.”
Although it is difficult to say how long it is likely to take to achieve a viable quantum computer capable of cracking today’s cryptographic algorithms, Preneel said it is likely to be achieved at some point. Considering that it will take at least 10 years to switch to quantum resistant cryptography and the fact that data needs to be kept confidential for 10 to 50 years, organisations should start planning to switch now, he added.
This is consistent with the view of Christiane Peters, security architect for Benelux at IBM, who told the opening session of the ISSE conference that organisations should waste no time in carrying out a post-quantum risk assessment to make the right investments at the right time.
When it comes to developing new cryptographic algorithms, Preneel said there are several competitions running, which he described as the “Olympic Games for cryptographers”.
Currently, however, the only competitions are in the US because Europe is no longer running them. “What is funny is that most of the input to the competitions comes from Europeans, but the Americans make the decisions,” he said. “For some reason, the Europeans seem to think that is a good idea.”
The most significant competition in terms of developing post-quantum or quantum-resistant algorithms is the one being run by the US National Institute of Standards and Technology (Nist), which should be completed around 2024.
“So, while organisations can start preparing for post-quantum cryptography now, they will have to wait at least six years to know which algorithm to adopt once Nist has chosen the best submissions for incorporation into a standard,” said Preneel.
Of the 82 submissions received, about 20 have already been broken and some have been withdrawn, leaving a total of 69 complete and proper submissions, which will take some time for Nist to work through, he said.
“Start thinking about post-quantum as part of your long-term strategy,” said Preneel. “Start looking at options. Start looking at what crypto you have and think about how you will prepare your migration. Make a plan and look at what you need to do to go there.”
Turning to the topic of crypto wars, Preneel noted that law enforcement is still campaigning against “warrant-proof encryption”, which the US deputy attorney general said in November 2017 “defeats the constitutional balance by elevating privacy above public safety”.
The US and its allies are pressing for what they call “responsible encryption” that allows access only with judicial authorisation. The argument is that the role of law enforcement is to protect society – they have always had warrants to get access to information, and technology should not change this.
“This means they want to be able to intercept voice calls even if it is voice-over-IP, they want to read all your messages and collect all the metadata including location, they want access to stored data including the cloud, and they want access to confiscated devices as well as remote access to suspects’ devices,” said Preneel.
“So it is a very broad range of things, but the debate is always confused because they put everything in one big stack, but the implications of each of those things are very different, both on society and technology.”
The academics’ response, he said, is that adding an interface [for law enforcement] with a back door will make systems even more complex and therefore less secure.
“There is risk of abuse by bad actors, plus many countries are not democratic and will use those back doors to further suppress their population and carry out mass surveillance,” he said. “So the academics said it is not possible to have a ‘magic key’ that only works for the good guys and not the bad guys.”
The only real options for law enforcement, said Preneel, is to ask for key escrow “saying they want a copy of every key”, but this was tried in the early 1990s by US president Bill Clinton.
“We sank the Clipper Chip and we thought the debate was off the table,” he said. “But the crypto wars are heating up again and now the US is saying cryptographers created the problem, so they need to solve the problem. There have been several proposals for back-door schemes, but most of them, in my view, are not very good.”
This means that the only other option open to law enforcement is to exploit operational security weaknesses, obtain technical assistance from industry to bypass decryption, use metadata, and buy zero days or use zero day services, said Preneel.
“So governments buy weaknesses in systems, they don’t tell the vendors, they actually write tools to hack the systems of criminals, but then, once in a while, these tools leak. They can also work with intelligence services, because they also tend to like to hack stuff.
“So we see today in this law enforcement battle that governments think it’s OK to hoard zero days and write attack tools, and when they leak out and there is severe damage to the economy, they look the other way and blame the Russians. So there is a lot of hypocrisy.”
In Europe, the authorities are encouraging countries to work together to develop a toolbox to break into encryption, said Preneel. “So it is about minimum base level information-sharing, but Europe is divided, with some nations wanting go big scale and share, while the European Commission says we should all hack together,” he added.
Moving from crypto wars to cyber warfare, Preneel said: “The military are in our systems. They have decided that the next war will in part be cyber. They are preparing for this war, and it will include defence and attack.
“This war will be fought in their systems and firewalls, but also in your firewalls and end systems, because the internet is everywhere. So I am not saying we shouldn’t be able to hack, and I am not saying we should be naïve and not cyber arm ourselves, but my question is always: who will check these people and ensure that they stay within the bounds of the law? And when they start abusing their power, who will be able to detect it?”
Wars are being fought on our devices, our internet and our systems, said Preneel. “Europe is in a very bad position because it has more or less given away its technologies. In contrast, China and Russia make their own search engines, their own e-commerce sites and their own processors. They realise that if you want to defend yourself, you have to be in charge of your own systems.
“For Europe, there is only one answer, which is to go to open systems. At the same time, if we go for open systems, then maybe at the same time we can stop these people in government who believe that any system should have a back door.”
Preneel added: “The only option is to set an example and go for open systems. It is the only option where Europe still can win.”