Developments in quantum computing is driving innovation across a range of industries and domains. However, this advancement also has the potential to break the digital security that currently protects us. Post-quantum cryptography (PQC) is an evolving topic that aims to protect against the quantum threat that lay before us.
The quantum threat
Let's back it up. Most of the security on the internet relies on public key cryptography, most notably, RSA and elliptic curve cryptography (ECC). The magic behind their security is based on the difficulty of solving mathematical problems like factoring large numbers or solving discrete logarithms - problems that are computationally infeasible for classical computers.
Quantum computers leverage quantum bits (qubits) that are more powerful than classical computers at performing certain tasks. It turns out one of their super powers is factorising large numbers and computing discrete logarithms - the very thing keeping us secure today! If you want to read more about this, checkout Shor's algorithm - essentially, this algorithm can solve these mathematical problems in moments, whereas classical computers require thousands, if not millions of years to solve.
While quantum computers are still in their infancy and currently lack the power to break asymmetric encryption, researchers predict that within the next 10-20 years, they may reach the capability to do so. This is known as the quantum threat horizon.
Why should we care?
Even though quantum computers are not readily available yet, adversaries are already harvesting encrypted data with the intent to decrypt it in the future. This threat is known as HNDL, "Harvest Now, Decrypt Later". By transitioning to post-quantum cryptography as soon as possible, we can protect sensitive information from being decrypted and exploited in the future.
How to address the threat
In August last year, the NIST (National Institute of Standards and Technology) announced three new post-quantum cryptographic algorithms as Federal Information Processing Standards (FIPS). These algorithms are designed to resist attacks from quantum computers.
- FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM), a module lattice-based KEM originally submitted under the name CRYSTALS-Kyber
- FIPS 204, Module-Lattice-Based Digital Signature Standard (ML-DSA), a module lattice-based digital signature algorithm initially submitted as CRYSTALS-Dilithium
- FIPS 205, Stateless Hash-Based Digital Signature Standard (SLH-DSA), a stateless hash-based signature scheme that began as SPHINCS+
Hands on with post-quantum cryptography
Cloud provider, AWS recently published an article outlining their post-quantum cryptography migration plan which aims to provide a smooth transition for these protections.
If you're looking to test drive PQC now, the Open Quantum Safe project have a GitHub repo for prototyping quantum-resistant cryptography in a range of different applications.
Let's build an nginx web server that negotiates quantum-safe keys so we can checkout PQC in action.
git clone https://github.com/open-quantum-safe/oqs-demos/ .
cd oqs-demos/nginx
docker build -t oqs-nginx .
docker run -p 4433:4433 oqs-nginxBrowsing to the newly created web server, we can see that Chrome throws an error. That's because the quantum-safe cipher suites are not yet included in Chrome's built-in cryptographic library.
Let's build and run curl using OpenSSL v3 and the OQS provider to ensure we can establish a secure connection to the web server using quantum-safe algorithms.
docker build -t oqs-curl .The docker build should add the OQS provider in the openssl config. Verify the OQS provider is listed by issuing docker run -it openquantumsafe/curl openssl list -providers. The output should resemble the below.
Providers:
default
name: OpenSSL Default Provider
version: 3.4.0
status: active
oqsprovider
name: OpenSSL OQS Provider
version: 0.8.0
status: active
Let's test it out by specifying --curves mlkem512
docker run -it openquantumsafe/curl curl -k -vv https://192.168.201.79:4433 --curves mlkem512Success - albeit a little underwhelming, the output below indicates that the connection between client and server is using quantum-safe algorithms, specifically, mlkem512 as the key exchange mechanism and mldsa65 for the digital signature.
