Post-quantum cryptography

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with popular algorithms currently used in the market is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm^[1]^[2] or even faster and less demanding (in terms of the number of qubits required) alternatives.^[3]

While as of 2023, quantum computers lack the processing power to break widely used cryptographic algorithms,^[4] cryptographers are designing new algorithms to prepare for Y2Q or Q-Day, the day when current algorithms will be vulnerable to quantum computing attacks. Their work has gained attention from academics and industry through the PQCrypto conference series hosted since 2006, several workshops on Quantum Safe Cryptography hosted by the European Telecommunications Standards Institute (ETSI), and the Institute for Quantum Computing.^[5]^[6]^[7] The rumoured existence of widespread harvest now, decrypt later programs has also been seen as a motivation for the early introduction of post-quantum algorithms, as data recorded now may still remain sensitive many years into the future.^[8]^[9]^[10]

In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers.^[2]^[11] While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks.^[12] Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography.

^ Shor, Peter W. (1997). "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer". SIAM Journal on Computing. 26 (5): 1484–1509. arXiv:quant-ph/9508027. Bibcode:1995quant.ph..8027S. doi:10.1137/S0097539795293172. S2CID 2337707.
^ ^a ^b Bernstein, Daniel J. (2009). "Introduction to post-quantum cryptography" (PDF). Post-Quantum Cryptography.
^ Kramer, Anna (2023). "'Surprising and super cool.' Quantum algorithm offers faster way to hack internet encryption". Science. 381 (6664): 1270. doi:10.1126/science.adk9443. PMID 37733849. S2CID 262084525.
^ "New qubit control bodes well for future of quantum computing". phys.org.
^ "Cryptographers Take On Quantum Computers". IEEE Spectrum. 2009-01-01.
^ "Q&A With Post-Quantum Computing Cryptography Researcher Jintai Ding". IEEE Spectrum. 2008-11-01.
^ "ETSI Quantum Safe Cryptography Workshop". ETSI Quantum Safe Cryptography Workshop. ETSI. October 2014. Archived from the original on 17 August 2016. Retrieved 24 February 2015.
^ Gasser, Linus (2023), Mulder, Valentin; Mermoud, Alain; Lenders, Vincent; Tellenbach, Bernhard (eds.), "Post-quantum Cryptography", Trends in Data Protection and Encryption Technologies, Cham: Springer Nature Switzerland, pp. 47–52, doi:10.1007/978-3-031-33386-6_10, ISBN 978-3-031-33386-6
^ Townsend, Kevin (2022-02-16). "Solving the Quantum Decryption 'Harvest Now, Decrypt Later' Problem". SecurityWeek. Retrieved 2023-04-09.
^ "Quantum-Safe Secure Communications" (PDF). UK National Quantum Technologies Programme. October 2021. Retrieved 2023-04-09.
^ Daniel J. Bernstein (2009-05-17). "Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?" (PDF).
^ Daniel J. Bernstein (2010-03-03). "Grover vs. McEliece" (PDF).

[shor-algorithm-1] Shor, Peter W. (1997). "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer". SIAM Journal on Computing. 26 (5): 1484–1509. arXiv:quant-ph/9508027. Bibcode:1995quant.ph..8027S. doi:10.1137/S0097539795293172. S2CID 2337707.

[djb-intro-2] Bernstein, Daniel J. (2009). "Introduction to post-quantum cryptography" (PDF). Post-Quantum Cryptography.

[renev-algorithm-3] Kramer, Anna (2023). "'Surprising and super cool.' Quantum algorithm offers faster way to hack internet encryption". Science. 381 (6664): 1270. doi:10.1126/science.adk9443. PMID 37733849. S2CID 262084525.

[4] "New qubit control bodes well for future of quantum computing". phys.org.

[5] "Cryptographers Take On Quantum Computers". IEEE Spectrum. 2009-01-01.

[ieee-jintai-ding-6] "Q&A With Post-Quantum Computing Cryptography Researcher Jintai Ding". IEEE Spectrum. 2008-11-01.

[7] "ETSI Quantum Safe Cryptography Workshop". ETSI Quantum Safe Cryptography Workshop. ETSI. October 2014. Archived from the original on 17 August 2016. Retrieved 24 February 2015.

[8] Gasser, Linus (2023), Mulder, Valentin; Mermoud, Alain; Lenders, Vincent; Tellenbach, Bernhard (eds.), "Post-quantum Cryptography", Trends in Data Protection and Encryption Technologies, Cham: Springer Nature Switzerland, pp. 47–52, doi:10.1007/978-3-031-33386-6_10, ISBN 978-3-031-33386-6

[9] Townsend, Kevin (2022-02-16). "Solving the Quantum Decryption 'Harvest Now, Decrypt Later' Problem". SecurityWeek. Retrieved 2023-04-09.

[10] "Quantum-Safe Secure Communications" (PDF). UK National Quantum Technologies Programme. October 2021. Retrieved 2023-04-09.

[collisioncost-11] Daniel J. Bernstein (2009-05-17). "Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?" (PDF).

[djb-groverr-12] Daniel J. Bernstein (2010-03-03). "Grover vs. McEliece" (PDF).

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]