A few notes on the future of cryptography wih a nod to The Cat in the Tinfoil Hat.
""
—
In common with so many people, to me quantum anything is a bit of a mystery, and quantum computing might as well be dark magic for all i understand. I have no idea how it really works despite many attempts to have it explained like I'm five, except to understand that in the future, quantum computers may well be powerful enough to render many of our current encryption standards insecure; i.e. quantum computers may be able to crack some of the problems we currently rely on as being "unbreakable". Cryptographers have been thinking about this problem for a while now, and we are slowly beginning to see the introduction of encryption protocols and algorithms that are invulnerable to supposed future attack by hypothetical future quantum computers.
Most current encryption relies on the complexity of calculating certain numbers, namely integer factorization the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or possibly future alternatives. Forget AI and the Singularity, this is a bigger, known and more real problem right now.
the NSA has for a while worked on the basis that one day, messages currently uncrackable will be vulnerable to future quantum attacks, and have almost certainly begun storing vast quantities of data for future analysis, a process known as 'Harvest now, decrypt later". They have a massive data centre in Utah¹ which we (the tinfoil-hat privacy geeks) can only assume is for the storage of exabytes of such data for later perusal.
For those of us already reaching for tinfoil hats, this is perhaps the time to check that the encryption we rely on daily for safety and privacy is quantum-proof. Google and IBM are among the tech companies looking into building better quantum computers and you can bet that the NSA has a finger in the pie too.
Algorithms considered quantum-proof
kyber, dilithium, ntru, and frodokem are lattice-based and currently considered strong candidates. classic mceliece is a code-based algorithm. gemss is multivariate. sphincs plus and xmss are hash-based and rely on the hardness of finding collisions in cryptographic hash functions. sike was isogeny-based but is no longer trusted after being broken by classical attacks.
NiST is leading the standardization of post-quantum cryptographic algorithms. kyber has been chosen for key exchange, dilithium for digital signatures, and sphincs plus for stateless hash-based signatures. other candidates like classic mceliece and ntru are still under evaluation in round 4. final standards are expected by 2024 or 2025, and provided we can trust NIST and other agencies, we should be good soon.
Real-world usage
google has tested kyber in chrome for tls handshakes. cloudflare has deployed hybrid tls connections using both classical and quantum-resistant algorithms. IBM has implemented pqc in prototype vpn and tls systems. signal is developing quantum-resistant upgrades to its encryption protocols. agencies like the nsa in the united states, bsi in germany, and anssi in france are planning official adoption of pqc by 2030.
library and protocol support
cryptographic libraries such as openssl, wolfssl, and liboqs have integrated support for post-quantum algorithms. hybrid key exchange methods combining x25519 with kyber, or rsa with dilithium, are used for testing and gradual migration. these allow systems to remain secure even if one algorithm is later broken.
how to try it yourself:
You can experiment with post-quantum cryptography using open quantum safe or liboqs, which provides command-line tools and libraries. Pqc-enabled versions of openssl and experimental builds of openssh can be used to test key exchange and authentication with post-quantum algorithms. these tools work on most linux distributions and are aimed at developers and researchers preparing for the transition.
¹https://en.wikipedia.org/wiki/Utah_Data_Center
$ xclip -o | wc -w
622