KEYnote 44 English - Fall/Winter 2022 | Page 11

PROTECTION

Racing the Quantum Hare

What can a German fairy tale tell us about the threat of quantum computing and the fate of post-quantum cryptography ? Surprisingly much ! The story of an unequal race between a hare and a hedgehog reminds us of the situation that the cryptographic world has found itself in : With the advent of commercially viable quantum computers that can break established cryptographic algorithms , any outside observer would say that the race has already been lost . But that is far from the truth .
Most modern cryptography relies on a simple premise : For encryption algorithms , you use a mathematical problem that is so complex that conventional computers would require decades or centuries to crack . It may not be impossible in theory , but it certainly is in any real-world scenario . When Peter Shor demonstrated how a working quantum computer could factorize large numbers with ease and speed , all of this confidence went out of the window . Though quantum computers were still the stuff of science fiction at the time , the cryptographic community started looking for new hard mathematical problems to build new cryptographic algorithms on , some for the love of math and theory , and some because they saw the actual thread – in the far future .
Nearing the Tipping Point But quantum computers have now become a real factor to contend with , as working devices , however immature and limited the technology might still be , are already being operated by state and private actors and even available via cloud access . So , is now the right time to panic ?
How Serious has the Threat Become ?
Indeed , conventional cryptographic algorithms have lost their USP as practically unassailable fortresses . Well-known schemes like RSA are no longer absolute guarantees for security . The technical underpinnings of digital signatures and certificates , like the DSA and ECDSA algorithms or the Diffie-Hellman key agreement , have become vulnerable . Sooner or later , a powerfulenough quantum computer could crack essentially any protocol , or even work back from any public key to compute the matching private key and break through any protection layer .
No Need to Panic However , all of these threats apply primarily to asymmetric encryption . Symmetric schemes like the popular AES encryption or hash functions like the SHA family are not as easily broken . Quantum computing pioneer Lov Grover did propose an algorithm that would allow quantum computers to work out the secret key for AES encryptions or calculate back from a hash value , but not with the dramatic leaps in performance that are proving so worrying for other cryptographic approaches . It is not years or decades of computing turned into a leisurely afternoon ’ s work for a would-be hacker , but just a noticeable , but minor acceleration in the calculation process .
For symmetric encryption schemes , the response to the quantum threat is therefore simple : Just up the key length ! Switching from AES-128 to AES-256 , an easy change even for standard consumer devices , would level the playing field again and return the cryptographic arms race back to its old balance .
Taking Stock How fares the cryptographic world ? Even though symmetric encryption schemes still offer real security , the threat to asymmetric encryption is real , and that has serious implications for our ability to securely exchange encryption keys and maintain integrity and authenticity .
And the arms race is heating up : Modern quantum computers have passed into what is called
11