3D visualization of mathematical formulas in bright pink font on black background
 
#Digital Infrastructures

Cryptography redefined

Expert Opinion
6 Mins.

IT experts agree: quantum computing is on its way – they just don’t know when it will be available on a wide scale. In the meantime, specialists are working to make today’s cryptographic processes quantum computer-proof.

Whether you’re checking your email or using internet banking – online communication is a private matter. What keeps online communication secure against interception by third parties is cryptography. For the most part, today’s methods get the job done quite effectively. A classical computer is incapable of breaking an RSA 2048-bit encryption key, which is employed, for example, when paying for something online with a credit card. “However, a properly equipped quantum computer could break that same code in a matter of seconds,” says Dr. Sven Bauer, Senior R&D Cryptology Specialist at G+D.

Not surprisingly, people are worried: according to a study from cloud solution provider Thales, 72% of organizations expect that quantum computing will have an impact on their security and cryptographic operations in the next five years. “At the moment, quantum computers exist only in testing labs, and their capabilities are extremely limited. It’s highly unlikely that they’ll be able to break codes any time soon – and certainly not in the next five years,” says Bauer, reassuringly. However, the time to prepare for quantum computing – whenever it might arrive – is now.

Collaboration for security

Close up of hands and a laptop
Cryptography: keeping online communication secure against interception by third parties

Around the world, experts are working on many different aspects of quantum computing-proof cryptography. In Germany, the research project Aquorypt was called to life to investigate the applicability and practical implementation of quantum-safe cryptographic methods for embedded systems. Funded in part by the German Federal Ministry of Education and Research, Aquorypt is a collaborative effort involving G+D, Infineon, Siemens, the Fraunhofer Institute for Applied and Integrated Security, and the technical universities of Munich and Darmstadt.

The project is focusing on two areas: embedded systems in industry, and smart card-based security applications. Industrial embedded systems operate within narrow time limits and are characterized by a long lifetime. Chip card-based security applications must meet high security requirements, but they offer little memory and computing power to do so. Additionally, these chips are usually not connected to the internet and therefore cannot be updated with new software. An example is the chips built into passports that are valid for 10 years.

The Aquorypt team is evaluating procedures that have an adequate security level and implementing them in hardware and software. Of course, all solutions must be resistant against attacks from quantum computers as well as classical computers. G+D is contributing its expertise with small embedded systems. The main challenge is to fit new cryptographic processes onto the chips, but without increasing their size. “It’s sort of like trying to fit an elephant onto a postage stamp,” says Bauer. The main tools being employed here are mathematical models and corresponding subdisciplines such as coding theory and algebraic geometry.

“It’s sort of like trying to fit an elephant onto a postage stamp“
Dr. Sven Bauer
Senior R&D Cryptology Specialist at G+D

G+D experts are also considering strategies for transitioning in the future to chips that operate with post-quantum cryptography. “All cases are individual,” says Bauer, “and could involve exchanging software where possible all the way to installing all new chips.” The idea is that security is not only about products, but also about services.

In addition, G+D’s Corporate Technology Office is also exploring areas internally where quantum computing could be employed – for example, to solve so-called computationally hard problems, or to boost artificial intelligence-based processes.

Patience, please

When a threat is perceived – as has been the case with quantum computing – people understandably want to take immediate action. “It’s important to have the topic on the radar and for organizations to analyze current systems for vulnerabilities. At the same time, the risk from quantum computers is still theoretical, and attention on this area shouldn’t be at the expense of today’s threats,” says Bauer.

Worldwide, experts are now collaborating to decide on a standard for post-quantum cryptography. A major player in the effort is the US National Institute of Standards and Technology (NIST), which since 2017 has been carrying out a very careful standardization process, with active participation from members of the security community. G+D has been contributing its technical expertise to the undertaking. In around two years a decision for a standard is expected, which also coincides with the end of the Aquorypt project. At that time, G+D is planning to release its first chips with built-in post-quantum cryptography.

When exactly quantum computing will play a role in day-to-day business remains to be seen. But when this faster and highly specialized computing technology is available, G+D plans to be at the forefront to keep online communication secure. So even with quantum computing, you can continue to write emails, bank online, and make purchases with confidence.

Published: 25/06/2020

Share this article

Listen to our G+D articles

On the go? We've made it easier for you to access our articles, wherever you are.
Explore our audio articles