“The secret to getting ahead, is getting started.”- Mark Twain
To expand upon my previous blog post, “Quantum Computing and the Role of Internal Audit,” I will explore Schrodinger’s cat experiment to explain the concept of superposition. Schrodinger’s cat experiment is a thought experiment that states that if a cat is sealed in a box, and something is put in a box that will kill it, it is unknown whether the cat is alive or dead unless the box is opened.
In a normal context, we would state that the cat is either alive or dead. But for the purpose of our consideration, it should be taken that until the box is opened and cat is observed, the cat is simultaneously dead and alive. This is the concept of superposition. The diagram below illustrates the concept discussed.
The concept of entanglement means two particles can be connected in a such a way that an action performed on one of them can have an immediate effect on the other particle even if it is located far off. The diagram below explains the concept of entanglement.
So, in a nutshell, superposition allows qubits to be in multiple states at once, like a coin flipping in mid-air, and entanglement creates a mysterious connection between particles that lets them communicate instantly, no matter the distance. These two mind-bending concepts are the quantum magic that powers quantum computing’s potential for super-fast calculations and problem solving.
Quantum Computing and Cryptography
The advent of quantum computing can pose a serious challenge to the existing cryptographic algorithms as it can break them in no time due to its huge computational power.
Once sufficiently powerful quantum computers exist, traditional asymmetric methods for key exchange and digital signatures will be easily broken. Leveraging Shor’s algorithm, they will reduce the security of integer discrete logarithms like Elliptic Curve Cryptography (ECC) and RSA (Rivest-Shamir-Adleman) so much that no reasonable size would suffice to keep data secure.
Introduction to Post-Quantum Cryptography (PQC)
The PQC algorithms are mainly implemented by hash-based signature algorithms, code-based cryptography, multivariate cryptography protocols or by lattice-based cryptography.;The diagram below explains each PQC algorithm briefly.
Several security specialists and scholars agree that the lattice-based cryptograph algorithm is the path forward to deliver quantum resistant encryption. It uses two-dimensional algebraic constructs known as lattices that are not easily defeated with quantum computing schemes.
NIST announced the first four quantum-resistant cryptographic algorithms in 2022. For general encryption NIST has selected CRYSTALS-Kyber Algorithm as it has the advantage of smaller encryption keys that two parties can exchange easily, as well as the speed of its operation. For digital algorithms, to verify identities during a digital transaction, or to sign a document remotely, NIST has selected three algorithms: CRYSTALS-Dilithium, as the primary algorithm, FALCON for applications that need smaller signatures, and SPHINCS+, though somewhat larger and slower than the other two, but valuable as a backup for the chief reason that it is based on a different math approach than all three of NIST’s other selections. Three of the selected algorithms are based on a family of math problems, called structured lattices, while SPHINCS+ uses hash function. The additional four algorithms still under consideration are designed for general encryption and do not use structured lattices or hash functions in their approaches.
The NSA requires all national security systems (NSS) to fully transition to PQC Algorithms by 2033, with some use cases required to complete that transition as early as 2030.
The Urgency of Post-Quantum Cryptography
Some might wonder why we need to worry now about the threat of quantum computers. We can continue to focus on existing algorithms like RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) that use keys derived from elliptic curve cryptography (ECC).
But there are three important reasons that we need to focus attention on post-quantum cryptography:
- We need time to improve the efficiency of post-quantum cryptography.
- We need time to build confidence in post-quantum cryptography.
- We need time to improve the usability of post-quantum cryptography.
If we don’t do anything and later post-quantum cryptography becomes essential, then years of critical research time will have been lost. Therefore, it is wiser to research post-quantum cryptography now and be prepared for Q Day.
Author’s note:The opinions expressed are of the author’s own views and does not represent that of the organization or of the certification bodies he is affiliated to.