Ebook: Toward a Quantum-Safe Communication Infrastructure

This volume emerged from the NATO Advanced Research Workshop on Quantum and Post-Quantum Cryptography we hosted in Malta in November 2021 and brings together eleven invited papers from experts in the event’s scope. In this workshop, made possible with the generous assistance of the NATO Science for Peace and Security (SPS) programme, we set out to understand and reconcile two seemingly divergent points of view on where the future of cryptography and secure communication lies in a post-quantum world. The accelerating pace at which quantum computing is developing, approximately thirty years after Peter Shor published the seminal algorithms that now bear his name, makes it all but a foregone conclusion that some major cryptographic algorithms and protocols that we rely upon daily for anything from internet shopping to running our critical infrastructure may be compromised in the coming years.

One way of addressing this challenge is by developing post-quantum cryptographic (PQC) algorithms, which are designed from the ground up to resist attacks by quantum computers. Deploying PQC as a replacement for the algorithms that are in active use nowadays requires overhauling cryptographic systems and software stacks, but it does not require the deployment of new infrastructure. This latter reason has been suggested as a reason to prefer PQC over an alternative technology for overcoming this quantum threat—quantum cryptography, more specifically quantum key distribution (QKD). By exploiting the laws of quantum mechanics, QKD can in principle endow physical communication channels with the capability to distribute symmetric cryptographic keys without the possibility of these keys being stolen in transit; although QKD gives mathematical certainty of information security, it may in places require the deployment of new telecommunication infrastructure and implementation-level security measures need to be adequate. Our workshop was intended to bring these two communities together and to work towards a future where the two technologies are not seen as somehow in competition with each other, but rather as complementary solutions that help to secure communication systems at the hardware (QKD) and software (PQC) level. We also decided to broaden the discussion from the strictly technical to include the economic and broader societal perspectives. We hope that by adopting this perspective, this volume contributes a helpful and new voice to the conversation.

An overview of the papers in this volume follows and we note that these contributions were not peer-reviewed. In A Brief Overview of Quantum Advances and Impact on Economics, we read how one of the items that need to be addressed in this upcoming post-quantum transition is the education of an adequate workforce for the quantum age. Complementing this point of view is a discussion in Post-quantum cryptography migration: challenges in education of how universities’ curricula may require adjustments.

The third paper takes a leaf out of the collaborative nature of our workshop philosophy on how PQC and QKD are both required to enable a quantum-safe future. This is followed by a discussion of Quantum-Safe Cryptography from BSI’s Perspective, pointing out gaps in the state of the art, and a contribution on the Security against attacks to cryptographic algorithms by quantum computer - and why multiple different solutions are needed making a case for hybrid approaches. The subsequent two contributions look into technical aspects of implementing quantum-secure communication systems, with Authentication methods for Quantum Key Distribution: challenges and perspectives looking at authentication methods for QKD, and Securing DILITHIUM against physical attacks: performances analysis addressing the cost of securing a prominent post-quantum cryptographic proposal against implementation-level attacks.

Our next two contributions give an idea of two NATO nations’ efforts to address the possible emergence of cryptanalytically relevant quantum computers: Quantum-Safe Communication Research in Finland and Post-Quantum Cryptography Efforts in Türkiye. To conclude the volume, we take a look at two cryptographic applications that go beyond the basic goal of securing two-party communication in a post-quantum world: Group key exchange: living on the edge with a quantum adversary, which describes post-quantum group key exchange in an Internet-of-Things scenario, and Beyond Quantum Threats: Bridging Fully Homomorphic Encryption Schemes.

We thank all the contributors to our workshop and to this volume, and hope that you find it a useful contribution to the literature.

— Rainer Steinwandt and André Xuereb, December 2023

This paper provides an overview of the economic impact of quantum technologies. The goal is not to be exhaustive but rather to describe an up-to-date panel of stakes, challenges and figures that remains accessible to non-expert readers who wish to understand the priorities of the so-called quantum revolution. In a first part, the paper reminds the fundamentals of quantum physics (though not entering into technical details). Then in section 2, the benefits of different quantum technologies are challenged and/or illustrated. Section 3 puts in light the main steps that are required in order to economically benefit from the quantum; three axis are identified: education of skilled people, strategy for innovation ecosystem, and standardization. Section 4 concludes by giving some figures on funding efforts made by countries around the world and by pointing out some limitations to overcome.

PQC migration represents multiple challenges in education. We will need to educate our future cryptography researchers and engineers on new topics, introduce new challenges, and explain new cryptographic primitives. In the paper, we present our view on education challenges associated with the transition to post-quantum cryptography.

Quantum Key Distribution (QKD) and Post Quantum Cryptography (PQC) are often incorrectly assumed to be competitors of one another. In reality, they are complementary technologies aimed at solving different problems, with each having strengths and weaknesses that the other does not have. In this article, we will briefly summarise the current state of QKD and PQC, highlighting the advantages, disadvantages, and limitations of each technology stack. Finally, we explain our take on how both these technologies can be combined to provide better solutions that are better than any solution that uses solely PQC or QKD.

We discuss how the German Federal Office for Information Security (BSI) views the migration to quantum-safe cryptographic solutions in agile and hybrid systems. In particular, the perspective of BSI on Post-Quantum-Cryptography and on Quantum Key Distribution are explained, and existing gaps are pointed out.

This work describes and compares different ways to protect your systems against attacks by quantum computers. The comparison is done from a security and an implementation point of view.

In this article, we investigate the issue of authenticating the classical post-processing components of a QKD protocol through an insecure channel. Our analysis starts with state-of-the-art solutions and subsequently introduces an authentication scheme aiming at both Information Theoretic Security and resiliency from particular denial-of-service attacks targeting the authentication procedure. The proposed strategy combines -Almost Strongly Universal hashing for unconditional protection and computationally-secure Message Authentication Codes for DoS detection capability. Specifically, we consider the protocol security in a typical QKD scenario, taking into account partially weak authentication keys. Moreover, we add practical considerations related to authentication parameters and experimentally evaluate the performance of the proposed system in terms of computational complexity and key consumption in a reasonable use case.

Post-quantum cryptography will be the future standard of cryptography resistant to quantum and classical computers. The migration to quantum-safe products is not without a significant impact on hardware designs and capacities. In addition to mathematical security, the security of implementations regarding physical attacks: side-channel and faults, has to be taken into account. In this paper, we present a performances analysis of a full masked implementation in software of DILITHIUM. We provide a quantitative analysis of the bottlenecks introduced by the countermeasures in different configurations: from full software to implementation using assembly code for Keccak core, and, AES in hardware for seed extension. This work contributes to define the specifications of future hardware capabilities of components providing quantum-safe security services.

In the forthcoming era of quantum computing, revisions will be forced on secure communication. Modern public-key communication systems are vulnerable to attacks by quantum computers. Fortunately, there already exists quantum-safe encryption algorithms and quantum-based solutions.

The US National Institute of Standards and Technology has published the first draft of the post-quantum cryptography standard. In the EU quantum communication has been researched and developed in the EuroQCI initiative. In Finland, quantum safe communication has been studied and implemented in several research projects. We summarize the research projects and publications on quantum-safe communication in Finland and discuss future research activities.

The field of post-quantum cryptography has seen significant global progress, with a notable contribution from the Post-Quantum Cryptography Standardization Process managed by the National Institute of Standards and Technology (NIST) in the United States. At the same time, the advancement in programmable quantum computers has exceeded earlier predictions. Consequently, numerous nations, including the United States, United Kingdom, Germany, France, Türkiye, China, and (South) Korea, have made significant strides, particularly within the last decade, towards preparing for the quantum computing era. This article seeks to present an overview of relevant institutions and their corresponding endeavors within Türkiye. Specifically, we provide a concise summary of public announcements, NATO events, conferences, and projects primarily from the past five years. The intention is to offer a succinct and enlightening reference for relevant individuals and institutions.

Quantum computing has redefined the assumed complexity of different computational tasks, which implies the need for new cryptographic tools that can be considered secure even in the presence of entities that may be able to execute quantum algorithms. In particular, this poses significant challenges for the adaptation of cryptographic implementations, which are particularly relevant in the IoT scenario, where resources are especially limited. In this work, we report on a simple cryptographic protocol for group key establishment, where n > 2 devices interact to establish a key to secure their communication. Our design can actually be seen as a so-called key transport, where a small set of devices cooperatively choose a key that is subsequently distributed to all users over an insecure (and somewhat unstable) network using only cryptographic tools that are claimed to be post-quantum, i.e., resistant to quantum attacks. We give a theoretical description and also describe our experimental results implementing our protocol within networks up to 16 nodes based on ARM Cortex-M4. We believe that this design is a first proof-of-concept of a post-quantum group key exchange protocol in the IoT scenario.

In the advent of quantum computing, fully homomorphic encryption (FHE), whose security is based on the hardness of lattice problems, gains significant importance due to its quantum-resistant nature. This work provides a comprehensive survey of recent advancements in bridges between FHE schemes, with an emphasis on practical applications.