TAIPEI (Taiwan News) — Computer technology typically moves in leaps and bounds, and the next innovation may be a quantum leap shifting current capabilities.
Currently, most computer technology is based upon a binary system of bits (1s and 0s). In the future, bits will become qubits, unleashing quite a bit more computing power, so much so that new quantum computers will make our current security systems such as password keys, algorithms, and cryptography virtually worthless.
Fortunately, cryptographers have foreseen this threat for many years and have been working on quantum-safe cryptography. Without such protection, large batches of information at government and private institutions could be vulnerable to hackers.
Leading tech companies that provide cloud-based services like AWS, Google, and Apple, also have a vested interest in providing secure post-quantum cryptography for data transactions.
The National Institute of Standards and Technology (NIST) is expected to publish new post-quantum cryptographic standards in 2024, which has created a rush of companies eager to offer such services.
In Taiwan, the leading company offering services and consulting is Chelpis Quantum Tech. The company is working to ensure a safe digital future that is protected from hackers and other groups armed with the latest quantum computers.
In order to find out more about the company Taiwan News recently met with incoming Quantum Safe Migration Center Director Matthias J. Kannwischer.
Can you briefly introduce yourself?
Previously, I worked with Academia Sinica and for the Max Planck Institute for Security and Privacy in Germany researching quantum-resistant cryptography. Now, I have moved to the quantum-safe migration center here, to bring this technology into the industry and deploy this technology to protect users’ data.
What motivated you to join the quantum-safe migration center at Chelpis?
I’ve been working on quantum-safe cryptography research for the past couple of years, and my entire Ph.D. And I have always been working on practical things, like how to implement these things in a secure and efficient way and how to make them work on a small chip so that you can use them everywhere.
It has been kind of exciting to see how this purely academic research has been moving into the real world with industries and governments interested in this. And Chelpis Quantum Tech is the first company in Taiwan, and probably the first company in Asia, that is opening a dedicated center just for this migration to quantum-resistant cryptography.
So for me, it’s a great opportunity to bring the research that I’ve been doing and many others have been doing into practice and use it to actually protect peoples’ data, while at the same time still being able to contribute to research and being close to research.
How do you see the importance of quantum-safe migration in today’s cybersecurity landscape?
Currently, I think that most companies and governments are still underestimating the importance of this migration to quantum-resistant cryptography. For the most part, the cryptography that we are using today to connect securely to websites and connect securely to your office, or used by VPNs and credit cards, and instant messaging. All of this is using technology that will be crackable by quantum computers.
So a hacker that has a quantum computer can use this to break this cryptography and read all of your communication and pretend to be you. So there is an importance to this work.
We need to address this and migrate away from this cryptography. Moreover, hackers can do more. They can record everything and decrypt it once they have a quantum computer.
So we need to start thinking about this much earlier than when we have a quantum computer. So yes, I think that this is really important and we need to start worrying more about how we can migrate away from broken cryptography to quantum-resistant cryptography.
What specific contributions do you hope to make in advancing post-quantum migration solutions?
Here at Chelpis’ Quantum Safe Migration Center, we want to help corporations and individuals in the migration away from traditional cryptography and onto quantum-resistant cryptography.
We want to work with researchers that have been working on this for the last couple of years and we need their research and to collaborate with researchers in Taiwan, and worldwide in making their research deployable into the real world. I think that this is important because since this has been a research topic mostly for the last couple of years there is lots of work in academia.
People have spent a lot of time implementing these things efficiently. We need to use this expertise to deploy it into the real world. We should not start to do it without academia. This needs to be a collaborative process. That’s one big part that we want to work on.
What are the main challenges and obstacles you foresee in implementing quantum-safe migration?
As I said before, the biggest problem corporations and governments will face is first identifying what they have to migrate. They have to build an inventory and see what kind of algorithm they are using and where, and which ones need to migrate first and others migrate later. That is the first obstacle.
The second obstacle is that the new technology is just a little different and requires larger key sizes and larger cybertext signatures. So this can be a problem, especially if we use very small microcontrollers.
There can be a problem that we can’t even compute this due to the amount of memory and so you either need to buy a new device or you need to put in effort to come up with ways to still compute it with very little memory. So that’s an obstacle that we will face there because some devices just won’t be powerful enough or their uplink for communications is just not fast enough to complete the data transfer in a reasonable time frame.
But we kind of have to live with this because the technology we have today is much bigger than what we are used to before. And it doesn’t seem that we will have anything that is as small as elliptic curve cryptography which is what we have been using for the last few decades.
So there won’t be a technology any time soon that will be as good as that. So that’s another problem that we will face there on a technical level.
The third problem that we will face is that some protocols that we are using today such as the signal protocol used on instant messaging app (eg. Whatsapp) or WireGuard requires some functionality that we don’t know how to do with quantum-resistant technology. For example, there is something called a non-interactive key exchange – it doesn’t really matter what it is, but we are using it in a lot of protocols today, and we don’t know how to do this in post-quantum cryptography.
We don’t know how to do this in an efficient scheme in a reasonable way. And there it also doesn’t look like we will have anything viable in the next couple of years. The only way that we can solve this here is that if we think of protocols in a way that doesn’t need this particular functionality, we can use something else and that’s going to be another big problem that we will face.
How do you envision the collaboration between academia, industry, and government in promoting quantum-safe migration?
I think that this migration is an exciting opportunity for these parties because the research that we have been working on for years will be moved into practice. For me, it’s very exciting that the stuff that I have been doing is actually going to be deployed. And companies are interested in what we are doing and it’s really nice.
I think that this is an opportunity for all these parties to benefit from these processes. The industry I think can benefit from the expertise that there is in the research community because they have been doing this for years and they know how to implement stuff in a secure and efficient way and what the pitfalls are and how to do things so that it doesn’t go wrong.
So we should be using this expertise in the research community to make it accessible to industry and also the other way around. It is very interesting to see what happens if people put this technology into practice, so what are the challenges that we face doing this, and what new problems arise.
This can lead to interesting questions that can lead to more research questions and when solved can give us better technology. I think that both parties can benefit from this process, so I don’t really see this as a technology transfer from academia to industry but more of a collaborative process that iteratively comes up and deploys things with new problems that need to be solved. I think that this is a nice opportunity.
Governments also of course play a role in many ways here. First of all, governments are running massive information systems that have to be migrated as well and often these systems handle very sensitive information.
If you think of healthcare systems and some other systems like this, it all needs to be migrated from something that uses conventional cryptography to quantum resistance.
What lessons have you learned from your experience as a co-submitter of the Rainbow signature scheme in the NIST PQC project?
Rainbow was a signature scheme that some other researchers and I submitted to NIST to be considered as a new standard for quantum-resistant cryptography. And it was a finalist, so it was among the very last schemes that they were considering.
And just before they selected a winner, a couple of months before there were a breakthrough and a researcher published a new way of attacking this cryptosystem. That was kind of a surprising shock to many that have been working on this cryptosystem for a long time, including myself.
So yeah, we don’t have this cryptosystem anymore. Luckily, this cryptosystem was a very niche cryptosystem, so it was only useful for very few cases. So it never was a general-purpose signature scheme. It was only useful for a few cases. Hopefully, there has been no serious deployment of this. Also, it was before it was standardized. That was good timing.
So what can we take away from this and what did we learn? The process of public evaluation works. So researchers submit their proposals, it is posted on a public website and other researchers can evaluate them over many years and over multiple rounds and then researchers publish the results. So this shows that it works.
If a researcher found a potential vulnerability, they published it, and now everyone knows you should not use this cryptosystem. I think that overall this is a good thing and particularly since it was discovered before it was standardized. That is one thing that we should take away from this.
Another thing is we need to be careful about being overly confident in the security of this new cryptography. Particularly for this cryptosystem since it was such a niche system that only a few people had looked at it, only a handful of people on this planet had the expertise to understand how to attack it.
So we need to be conservative and need to be frightened. Even more, we have seen another big break in the last year. It was another finalist, another scheme under consideration called SIKE and that was also completely destroyed last year.
Luckily that was also a rather niche scheme that was not applicable to many use cases. So for the schemes that we have selected now, lattice-based encryption schemes and signature schemes, and hash-based signature schemes, there have been a lot more people who have looked at this. We can have higher confidence that these are more secure than what we had before.
But I think that we should still be careful and when we deploy this new type of cryptography, always deploy it in combination with an existing conventional cryptosystem.
So we build something that is called a hybrid that is using two cryptosystems in combination and this hybrid remains secure even if either of its components is insecure. I think this is how we should be doing things to be careful.
As the director of Chelpis Quantum Safe Migration Center, what are your expectations for the future development and adoption of post-quantum migration solutions in the industry?
My expectation is next year we will have standards from NIST, and then quickly other standardization bodies will follow. There will be ISO standards and other standards that integrate these sorts of things.
And then the early adopters, the big tech companies, the people who have already been working on this for the past couple of years will be switching to this very quickly so you will be using this type of cryptography very soon next year.
But then afterward, will be the long process of migrating the rest, so all the protocols that we are using have to be updated. We have to think about how to do these protocols with quantum-resistant cryptography. All of the applications that companies have to migrate, so all the applications that are using cryptography in some form in a way. And then we have to do all the updates and make sure that nothing breaks in the process.
So this is going to be a huge undertaking. This is going to be challenging for corporations for governments. This is going to be a big task. But I think that this is going to give us a unique opportunity where we kind of have to replace everything. If we have to replace everything anyway, we might as well do things better this time.
There are a couple of things that I think we should be doing along the way of doing this migration. I have mentioned this before, we should pay more attention to crypto agility, so make sure that we build our systems in a way that it’s easy to migrate to something that is new in the future if we have to replace a certain cryptosystem in there again, make this easier, make the design more modular so that it is easier to migrate.
Second, I think that we have seen many attacks and many hacks on cryptography that did not attack the math behind it but exploited mistakes in the implementation, like little bugs that can be exploited and make the entire cryptography completely useless.
And traditionally what we have been doing to prevent this is being careful, hiring good programmers that don’t make many mistakes and doing a lot of testing, and then hiring auditors that audit our code to check that there are no mistakes. But we have kind of seen that this is insufficient, it’s not solving the problem but there are new ways that use formal verification techniques.
We use math to prove that your implementation is correct so that it does not contain any mistakes. I hope one day that we will be able to deploy more formally verified implementations of cryptography.
And then thirdly, I believe that we should reconsider our systems of cryptography. They have been designed without very much concern for the privacy of the users in mind. Often, these are designed by big corporations that want to collect as much information as possible. They are not very privacy-friendly and I think that we should change this.
We should put privacy or give privacy more importance, and make user privacy-preserving technologies that can maintain the privacy of the individuals while still allowing the protocols to operate. I think that this could give back power to the individuals and control what their data is used for. That’s one big flaw that we have today as it is all in the hands of big corporations.
I think what is important to understand is that we don’t need quantum computers to use this type of cryptography. The goal is not to make use of quantum computers; the goal is to use cryptography that is secure even if your attacker or hacker has quantum computers. That technology can be used on the computers that we have today.
This type of cryptography can be used on classical computers and used on small microcontrollers and smartphones and laptops. We don’t need new hardware for this necessarily unless the devices are not powerful enough to run it but for the most part, we can use this stuff today. We just have to migrate to it.
It is important to understand that we cannot wait until there is a quantum computer because when there is a quantum computer it’s already too late.