0

I would like to preface this with the information that I am clearly not well versed in crypto, so my understand so far may not be accurate.

CISA recently published an advisory Preparing Critical Infrastructure for Post-Quantum Cryptography which details actions in preparation for migrating systems to a post-quantum cryptographic standard.

My understanding is that as quantum computers are becoming more powerful, the possibility of breaking asymmetric encryption drastically increases due to the drastic speed increase of integer factorization through Shor's Algorithm. Doing so allows quantum computers to compute the primes in a public-key cryptosystem, which greatly weakens the algorithms using asymmetric encryption. This means that in the coming years there will most likely be a large shift in how encryption is managed for things like HTTPS.

I have been reading through CISA, Wikipedia, and NIST's Post-Quantum Cryptography project and I have yet to find an 'explain-like-I'm-five' answer on how the normal web and devices are going to be using quantum-resistant algorithms. I suppose one way to protect against these algorithms is to use even larger prime numbers, but at that point it is most likely that a lot of vulnerable devices will not have the computing power to implement those algorithms. Even if they do, as slow as some of the industry moves, they most likely will not be implemented on a large number of devices until the devices are replaced.

Symmetric key encryption is not vulnerable, or at least not as, to quantum computing if given a sufficiently large secret, however that does not help out in the case of HTTPS, which is extremely widely used.

I have a couple questions from what I have read so far:

  • In layman's terms, how do these new quantum cryptography algorithms roughly work, and do they all follow the same general format?
  • How will normal computers/services like websites be able to handle these new algorithms; will there be a significant amount of strain put on processing these new algorithms, or is it even possible?
cutrightjm
  • 1,714
  • 4
  • 18
  • 31
  • 1
    Not all asymmetric ciphers are based on prime factorization and thus have different characteristics in terms of post quantum security – The one who tests Aug 26 '22 at 04:43
  • @Theonewhotests If you name some and tell about their characteristcs, this might be the right answer. – Marcel Aug 26 '22 at 05:57

1 Answers1

1

In short: The currently proposed algorithms for PQC are significantly slower and/or have significantly larger key sizes compared to what we have with RSA or ECC. Protocols like IPSec, TLS etc need to be adjusted to deal with these issues without impacting user experience too much and without creating new vectors for denial of service attacks.

All of this is ongoing research and practical experiments since several years. But there are no adjusted standards yet. It is not even clear yet which algorithms will be used for which use cases.

For deeper insights into this topic like details to specific algorithms please ask at Cryptography Stackexchange.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424