Building an encryption algorithm resistant to quantum computers

Post-Quantum began solving this problem in 2009.

Berenice Baker

June 9, 2022

4 Min Read

Post-Quantum is building an encryption algorithm resistant to quantum computers.

Cybersecurity teams battling constant attacks on their networks and systems dread the day hackers can harness the power of quantum computers. These computers are fundamentally different and can analyze data in ways traditional computers cannot.

One British company that has been building an encryption algorithm resistant to quantum computers is Post-Quantum. It is one of four finalists in the National Institute of Standards and Technology (NIST) competition to set post-quantum cryptography standards. Post-Quantum has worked with high-profile organizations including NATO in the trialing of a quantum-safe VPN.

CEO Andersen Cheng began alerting the cybersecurity community that quantum computing posed a threat to encryption as early as 2009, before most people had even heard of it. While quantum computing is still a nascent technology, he argues that government and industry bodies should prepare now.

“Back in 2009, the common opinion was it was just not possible,” he said. “Even now, in the public domain, people say quantum computing is 10 to 20 years away. In the cyber world, they say it’s five to 10 years away, but in the intelligence world it’s just three to five years away.”

'Harvest now, decrypt later'

Cheng said he coined the phrase “harvest now, decrypt later” six years ago, to describe threat actors intercepting internet traffic and storing it for later decryption when practical quantum computers come into existence.

While it was previously widely disputed, even the likes of GCHQ and the NSA now admit it’s happening right in front of their eyes, says Cheng, noting that Border Gateway Protocol (BGP), which dictates the route internet communications take, is a threat point.

Also see: Ransomware: The world's no. 1 cybersecurity threat

“If I want to communicate with you over the internet, you need a domain, which I look up on the Domain Name System (DNS). The BGP tells me the route to get there. That can be broken and diverted to another entity or server somewhere, then people can collect the traffic without being able to decrypt it,” Cheng explained.

“That's been happening in the past few years, and from time to time you would have internet traffic suddenly getting rerouted to a server in Eastern Europe or Russia, for no apparent reason, then the back to normal two, three hours later.

“The only sensible conclusion is maybe people are diverting it to steal the data now. And it didn't just happen to just like some tiny ISPs; some of the big names as well, like AWS and Yahoo. So, it's not science fiction anymore.”

Quantum initiative 'extremely important'

Cheng said President Biden launching the quantum initiative is extremely important because it serves as the impetus for organizations to carry out the quantum migration that they may have been putting off up until now.

Similarly, NIST has been running a multi-year competition to set post-quantum cryptography standards. Announcing a winner has been delayed from March but it is now imminent off the back of the presidential initiatives.

“We understand that they have decided on the technical end a long time ago, but now there's just some IP or patent issues to be addressed,” explained Cheng.

“But because of the executive order, people say they just cannot delay any more. because the migration is a multi-year effort. It can easily take up to 10 years, if not longer, because every single device or e-commerce platform we use today has to be upgraded. The first beneficiary of this huge migration will be the consulting firms and systems integrators because today it is like Y2K happening every day.“

Subscribe to the Newsletter | Enter Quantum (knect365.com)

About the Authors

Berenice Baker

Editor, Quantum Business

Get the newsletter
From automation advancements to policy announcements, stay ahead of the curve with the bi-weekly AI Business newsletter.