Report: ‘Post-Quantum Cryptography’ Needed for Retroactive Risks
A coordinated, long-term approach is needed to confront the “retroactive risk” to secure communications posed by quantum computing, warns a new report emphasizing that code-breaking applications based on quantum technologies could emerge by as early as the next decade.
The report released Thursday (April 9) by the RAND Corp., the government-backed think tank, asserts that current encryption schemes will likely prove inadequate as quantum computing moves into the mainstream. Those risks underscore the need for what the report calls “postquantum cryptography,” or PQC, to fend off future threats to highly-secured communications.
“We judge the threat to be urgent,” the report warns. “There is little to no margin of safety for beginning the migration to PQC. The vulnerability presented by quantum computers will affect every government body, critical infrastructure and industry sector.”
“The advent of quantum computers presents retroactive risk because information being securely communicated today without postquantum cryptography may be captured and held by others now in order to be decrypted and revealed later once quantum computers are created,” said Evan Peet, a co-author of the report and a RAND economist.
Quantum key distribution (QKD) is currently the primary means of implementing quantum-secured communications. In essence, a quantum system generates a random key to encode a message. The key is then used to encrypt the message. The key is shared between parties in such a way that any attempt to discover the key causes detectable changes. Once an attempt is detected, both parties immediately know a third party has tried to read a message. That would trigger a resend cycle involving use of a new key.
Experts note that quantum cryptography is overwhelmingly used to produce and distribute a key, not to transmit any message data.
The report’s authors doubt those steps will remain effective as quantum computing is rolled out. “Ultimately, we concluded that [quantum-key distribution] was not a viable solution for the broader cybersecurity risk management that needs to happen for risk from quantum computing,” Michael Vermeer, lead author of the report and a physical scientist at RAND said in response to emailed questions.
“While it may be used in some niche applications in either the short- or long-term, the technology is very nascent and it is not clear that it will be able to overcome the significant scalability challenges that would need to be overcome for it be a more widespread solution in our infrastructure,” Vermeer added.
The RAND report notes that standard protocols for postquantum cryptography capable of maintaining current security levels are expected to be released over the next five years. However, implementation protocols to mitigate future vulnerabilities posed by quantum computers may take “decades.”
If expedited, a holistic set of security protocols would go a long way toward securing future communications while reaping the benefits of quantum computing, the report concludes.
“The United States has the means and very likely enough time to avert a quantum disaster and build a safer future, but only if it begins preparations now,” Vermeer said.
The report addresses quantum key distribution only peripherally, acknowledging it could serve as an “effective future solution for securing communications in manner that is not vulnerable to quantum computers.”
The question is how far into the future QKD would prove effective as quantum computing scales.
“It is hard to imagine a future where QKD could feasibly be used in every, or even most, instances where public key cryptography is currently used,” Vermeer said. “It would require a massive, systemic change to our telecommunications infrastructure using technology that has not yet been developed, and it would need to happen soon.
“In contrast, post-quantum cryptography (i.e., public-key cryptography using algorithms that we don’t expect quantum computers to be able to break) already exists, it is being standardized, and the eventual standard could be implemented without changing the way we currently send and receive information in our communications,” Vermeer said.
Among the report’s recommendations is creation of a National Quantum Initiative to coordinate a nation-wide response to potential security threats posed by quantum computing.
Regulatory oversight should include market incentives to support a “cryptographic transition,” the authors said.
Meanwhile, the technology sector should begin assessing future and retroactive risks from quantum computing. “Organizations need to assess current and future vulnerabilities, including from information that has already been captured or that may be captured now and exploited years later.
“Many organizations may already be facing risk from the latter vulnerability, and it will only grow the longer they take to transition to PQC,” according to the report. Risk assessments should consider how current public key cryptography is being used to protect communications in order to gauge future vulnerabilities.
--John Russell contributed to this report.