< Back to listing

Posted 9 octobre 2020

In the 1990s, scientific researchers predicted that if a very powerful computer came on the market, it would be able to decipher encrypted business or government data in record time. If you never heard of the quantum computer project, you should know that for some people, it would be considered the greatest threat to data security, while for others, the quantum computer is just a myth, dreamed up by hackers, which may never see the light of day. Explanations of post-quantum cryptography…

blog

What is a quantum computer?

Thanks to these two phenomena, superposition and entanglement, a quantum computer can theoretically access all the possible results of a calculation in a single step, whereas a conventional computer has to process information sequentially, one result after the other. This massive parallelism is at the heart of the power of the quantum computer.[1]

What about cryptography? Cryptography[2] uses several “principles, means and methods of data transformation, with the aim of hiding their content, preventing their modification from going unnoticed and/or preventing their unauthorized use.”

In particular, public-key cryptography allows two parties to authenticate each other or exchange a secret key over a network. This secret key is then used in a number of common secure services and platforms (online payment, instant messaging, communication, document storage, videoconferencing, transportation card…) and millions of businesses use it.  Public key cryptography is designed to protect all your personal and business data, and is now an integral part of the digital economy.

 

To date, cyber-security experts are able to counter all kinds of cryptographic attacks by increasing the size of security keys. But eventually this method will become obsolete. While conventional computers can “theoretically” take billions of years to decipher encrypted data [3] using well-established algorithms, the acceleration in computing power enabled by the quantum computer could cause conventional encryption methods to fall apart.

As introduced above, a quantum computer can decipher any encrypted data using standard cryptography. This is why, in response to the possible emergence of a quantum computer on the market, standard cryptography is adapting and becoming “post-quantum cryptography”. It is based on “new mathematical concepts to encrypt communication protocols[4] and “can resist the power of a quantum computer”.[5]

 

The quantum computer, an invisible but powerful threat

Digital giants such as IBM, Google and Intel are competing to lead on the quantum field, [6]and are actively working on powerful computers that can offer ever higher computing capabilities. IBM has just published its quantum roadmap and claims it will have a 1000-bit machine by 2023.[7] The stakes are high: Anne Canteaut, a computer scientist specialized in cryptography, believes there is a 50% chance that one of the cryptographic systems based on a shared public key, used in all transactions around the world, will be broken within the next fifteen years using a quantum computer.[8]

The threat is deemed so serious that NIST, the main American standardization body, has decided to scrap standards based on public-key cryptography in favor of new quantum-resistant standards. According to the NIST roadmap, these new standards should arrive by 2022. This trend is international. In France, for example, ANSSI already recommends taking these new standards into account to protect data with a long lifespan.          

For their part, organizations must now anticipate possible future attacks by strengthening the protection of their encrypted data in order to secure it over the long or even very long term. Some confidential information require protection over several decades, up to 60 years for the most sensitive (government applications, air fleets, social security cards and healthcare data, electronic signatures, confidential communications…), even up to 100 years for a notarial deed regarding a minor!

Successful attacks by a quantum computer would involve compromising the identity of certain information sources, disclosing intellectual and industrial property titles, non-repudiation of legal documents by forging signatures, or the unencrypted dissemination of our confidential data history.

Regardless of their industry, organizations must develop solutions to counter possible cyber-attacks orchestrated using a quantum computer, and allocate the necessary investments in robust infrastructures, dedicated hardware and secure tools (specific hardware, key exchanges, etc.).

 

How to respond to potential quantum computer attacks?

Unveiled at the beginning of September 2020 by the French government, the recovery plan will allocate €7 billion to the digital industry, out of the €100 billion announced. An industry considered strategic and essential for the future of the country. Details:

– €2.4 billion will be devoted to French technological sovereignty (via investments in areas such as quantum computing, cyber-security, artificial intelligence, the Cloud, digital healthcare, etc).

– €2.3 billion will go towards accelerating the digital transition of businesses and government services (securing infrastructures, digitization of the healthcare system, etc.).

– €1.3 billion will be earmarked for the development of start-ups (through aid for innovation under the Future Investment Program and participation in fund-raisers).[9]

These investments are necessary to accelerate the deployment of new post-quantum cryptography standards to all the solutions and secure platforms of our daily professional and personal lives.

 

Post-quantum cryptography already exists on the market, even before the appearance of the quantum computer. Digital players are developing new algorithms, integrated into professional solutions, resistant to all kinds of external attacks against secure communications, storage and exchange of sensitive information.

In France, CryptoNext Security offers new cryptography standards to secure information systems against attacks. In a partnership with Ercom, the two French companies were able to develop a first post-quantum integration test using the library developed by CryptoNext Security (Quantum-Safe library) in Ercom’s Cryptosmart solution to secure mobile devices and communications. Integration was quickly done due to the simplicity offered by the Cryptonext Security library and Cryptosmart’s architecture designed to evolve easily. As a result, the first users were able to make post-quantum calls safely! A technological and secure breakthrough addressing the strategic and sovereign challenges of organizations in all industries.

 

This “historic update”[10] now needs to be applied to all our devices to ensure total protection of our digital economy against the threat of the quantum computer.

 

About Ercom

Part of Thales Group, Ercom is a French company that has been recognized for more than 30 years for its communication, data and device security solutions. With its ability to adapt, Ercom is able to address the needs of large corporations and administrations as well as SMEs with certified security solutions that comply with the most stringent requirements.

For more information, visit our website www.ercom.com

About CryptoNext Security (CNS)

CNS is a spin-off from Sorbonne Université and INRIA, incubated by Agoranov and accelerated by the Thales Cyber@Station program. CNS is listed in StationF’s Futur40, the 40 most promising out of 1,000 startups currently at StationF (the largest startup campus in Europe). Hello Tomorrow also selected CNS (80 out of 5,000) in its Global Challenge international competition. CNS ranks in the top five of the Global Challenge, Cyber-Security category. In 2020, CNS is the winner of the prestigious i-Lab Innovation Contest, and one of the 10 winners of Grand Prizes rewarding exceptional projects intended to address a major societal challenge.

[1]  https://lejournal.cnrs.fr/articles/ordinateur-les-promesses-de-laube-quantique

[2] https://www.ssi.gouv.fr/entreprise/glossaire/c/

[3] https://cyberguerre.numerama.com/2169-comment-la-cryptographie-se-prepare-a-faire-face-aux-cyberattaques-quantiques.html

[4] http://www.senat.fr/fileadmin/Fichiers/Images/opecst/quatre_pages/OPECST_2019_0071_note_cryptographies_quantiques_postquantiques.pdf

[5] http://www.senat.fr/fileadmin/Fichiers/Images/opecst/quatre_pages/OPECST_2019_0071_note_cryptographies_quantiques_postquantiques.pdf

[6] “Quantum supremacy” suggests that “research leading to the notion of quantum supremacy dates back nearly 40 years. The question that has been raised is whether quantum computing could solve tasks that are very difficult for a conventional computer” (source: https://www.numerama.com/tech/550760-quest-ce-que-la-suprematie-quantique-que-google-aurait-atteinte.html)

[7] https://techcrunch.com/2020/09/15/ibm-publishes-its-quantum-roadmap-says-it-will-have-a-1000-qubit-machine-in-2023/

[8] https://www.larecherche.fr/informatique-cryptographie/%C2%AB-la-meilleure-garantie-de-s%C3%A9curit%C3%A9-est-l%C3%A9preuve-du-temps-%C2%BB

[9] https://www.channelnews.fr/plan-de-relance-7-milliards-deuros-pour-le-numerique-98665

[10] https://cyberguerre.numerama.com/2169-comment-la-cryptographie-se-prepare-a-faire-face-aux-cyberattaques-quantiques.html