At Security Innovation, we have been warning customers of the threat of quantum computers towards public key infrastructure (PKI) and asymmetric cryptography for many years. We warn our customers of the significant impact on their business when quantum computers can instantly break their key exchange and digital signatures. We warn them that HTTPS websites would be useless, encrypted mail would be no better than sending the information in clear text, and there would be no way to trust any code update sent over the internet. Any security solution that uses RSA, ECC or Diffie Hellman is rendered useless with the arrival of quantum computers.
These warnings are generally met by our customers with a nod of understanding and then an implied statement of “I’ll let the person after me worry about it.” This is a completely understandable reaction. For over 30 years, the scientific community has been talking about quantum computers being 10 -15 years away. A track record of missed predictions like that can lead to a lack of credibility and tuning out of future predictions. So why should anyone believe that quantum computers are coming anytime soon, if at all?
Recently, a new cast of characters has been sounding the quantum computing alarm. In July, at the ISC 2015 supercomputing conference, Vadim Smelyanskiy, a Google scholar working on quantum computing stated that by improving error correction, a powerful quantum computer could become available sometime between 2020 and 2025. In August, the NSA announced that they would be recommending a new cryptography solution to government agencies that would resist quantum computing attacks. A few weeks later, PQCRYPTO, a consortium of universities and companies funded by the European Union, issued their initial conservative recommendations for post quantum cryptography.
So the US Government, a European Union-sponsored organization, and Google, within a span of 3 months, all spoke of arrival of quantum comp ters in the next few years. This brings a different sense of urgency than in the past. If you haven’t been planning for cryptography in the post-quantum world, then it is time to start.
There are cryptographic solutions available today that resist quantum computing attacks, including Security Innovation’s NTRU algorithm. But changing cryptographic solutions can be difficult and expensive, as evidenced by the transition from RSA to ECC that has been going on in the market for nearly a decade. To address this issue, Security Innovation has created a Quantum Safe Hybrid approach, which allows you to pair a quantum safe algorithm, such as NTRU, with your existing classical algorithm, e.g. RSA or ECC. The high speed of NTRU give you quantum protection at virtually no performance penalty, while keeping RSA maintains backwards compatibility and meets compliance regulations. The popular TLS/SSL solution provider wolfSSL already provides an implementation of this approach, making it extremely easy to start securing your communications today.
With the EU, NSA and Google all warning us to pay attention, there really is no excuse for not being prepared.