Post-Quantum Cryptography standard released - practical work can now begin

Quantum computers are heralded as being the accelerators of medical research, traffic optimisation and even finance. By the same token, it is also understood that, in the wrong hands, quantum computers can wreak considerable havoc on the data protection of sensitive or confidential information. Destructive cyberattacks, such as the data breaches of the Vastaamo psychotherapy centre and City of Helsinki are already happening – what will happen in the future, when criminals get their hands on powerful quantum computers?

The classic asymmetric encryption algorithms currently in use today will be broken when sufficiently capable quantum computers become available. There are two types of these asymmetric encryption algorithms, both of which play an invaluable role in modern-day digital communications. Key encapsulation algorithms are used to exchange symmetric encryption keys between parties, thus facilitating secure communications. Digital Signature Algorithms (DSA) are used to ensure data integrity and to authenticate the identity of signatories. So-called symmetric encryption methods, which are already intrinsically quantum-safe in light of current knowledge, are also used.

In order to ensure secrecy also in the quantum age, the American National Institute of Standards and Technology (NIST) opened a call for proposals for the Post-Quantum Cryptography (PQC) Standardization process in 2016. The goal of standardisation is to create quantum-safe alternatives to replace outdated algorithms. Out of 82 candidates for standardisation, four algorithms were selected. Three of these have now been released.

On 13 August 2024, NIST released three new asymmetric encryption standards: key encapsulation algorithm FIPS (Federal Information Processing Standard) 203 and Digital Signature Algorithms FIPS 204 and FIPS 205. The algorithms of FIPS 203 and FIPS 204 are based on structural lattices and the algorithms of FIPS 205 are based on cryptographic hash functions. 

In addition, NIST is further assessing alternative key encapsulation and digital signature algorithms. The purpose of these is to ensure that if critical vulnerabilities are later discovered in structural lattices, they can be replaced with alternative PQC algorithms that are not based on structural lattices. 

Release of the standards means that the replacement of current public key cryptography solutions can now begin. Companies and organisations have access to concrete tools, which prepare them for tackling quantum threats. The PQC transition is, however, a laborious and costly process – The White House estimates that the PQC transition costs for the United States public sector alone will amount to USD 7.1 billion. It is for this reason that action must be taken as soon as possible.

The first step in the PQC transition is the adoption of ‘hybrid algorithms’. This involves using classic and PQC algorithms side by side, thus ensuring the functioning of systems, even when different actors are in different phases of the transition.  Another advantage of the hybrid model is that an attacker would have to break both algorithms in order to gain access to sensitive information.

Once development has advanced to a sufficient degree, it would then be possible to transition entirely to PQC algorithms. In the future, preparations would also have to be made for making similar new updates, such as in the event that vulnerabilities threatening the security of the newly released standards might be discovered. Consequently, it must be possible to replace the encryption algorithms used in all systems with as little work and modification as possible. 

Finland is only in the initial stages of development. According to a VTT study for the National Emergency Supply Agency of Finland, only 3% of Finnish companies responding had taken concrete measures to prepare for the quantum transition, despite the fact that as many as 75% of the respondents were aware of the quantum threat. The roadmap published with the study helps companies with planning and implementation for making the quantum transition.

As far as is known, quantum computers have not yet been able to break conventional asymmetric encryption algorithms. The security of classic asymmetric encryption algorithms is based on the computational difficulty of factoring and discrete logarithm problems. An ordinary computer is not capable of breaking these, but a sufficiently powerful quantum computer is. The evolution of quantum computers has been impressive in recent years, which is why it has been estimated that the classic asymmetric encryption algorithms currently in use will be broken in around 5-15 years. A practical example of this is IBM, which announced that it will deliver a fully error-corrected, 200-qubit quantum system by 2029.

In addition, criminals are already able to collect data protected by conventional means and break encryption when using a sufficiently powerful quantum computer. In reality, any data that needs to be kept secret long into the future will no longer be secure if it is protected by outdated encryption. 

VTT has been deeply involved in the development of the quantum sector, working together with IQM to build 5 and 20 qubit quantum computers at Otaniemi in Espoo. VTT has also participated in research on quantum-safe algorithms, such as by publishing research articles and theses from higher education institutions in the national PQC project, which is funded by Business Finland and coordinated by VTT. Active research on quantum-safe encryption methods will also continue in the years to come.

Additional information on the PQC transition in Finland can also be found at, for example, the National Cyber Security Centre Finland.