Avoiding the post-quantum apocalypse
I’m surprised a doomsday Hollywood blockbuster hasn’t been made about this yet. Imagine a world where everyone’s private information – bank details, […]
November 6, 2018
 
            
                I’m surprised a doomsday Hollywood blockbuster hasn’t been made about this yet.
Imagine a world where everyone’s private information – bank details, passports, everything – became instantly unlocked and readable all at the same time.
There is a very real, looming threat to the security algorithms that hold safe your personal data: quantum computers. Once they’re invented, they will be able to break standard cryptography algorithms.
Rendering our most private types of data – finances, government accounts, and the like – unsecure. Researchers at CSIT are hard at work to stop this happening.
Establishing digital identification is one of the crucial pieces of this cryptographic puzzle – because data needs to be accessible by the right people, but not by the wrong people.
Sarah McCarthy a research assistant at CSIT, and a final year PhD student, met with me to discuss her work on lattice-based cryptography. She says, “These lattices are based on harder maths problems that can’t be broken by quantum computers – and our work focuses on making practical efficient permutations of these new algorithms.”
Some forms of cyber security would be too “heavy” – requiring too much computational power – to work on lightweight IoT devices. Sarah and her team are in the process of analysing possible permutations that are both secure and light enough.
They are working through analysing 70 submissions to the National Institute of Standards and Technology’s Post-Quantum Cryptography Project, to determine which security solutions are efficient.
In a post-quantum world, the concept of secure digital ID will be critical.
Sarah said, “One of the projects establishes user ID as a public key – so there’s no need for certificate management which can be quite an intensive component of encryption. This was created by one of the partners in the SAFEcrypto project and we’ve established that it has practical applications – that it doesn’t need power-heavy computing – that processing times are fast enough to work in the IoT.”
To put this into real life, Sarah discussed self-driving cars.
“Automated cars have engine control units, which are small pieces of hardware in the car. They need to be able to run encryption and decryption instantly. For instance, if two cars are talking to each other and one needs to do an emergency stop,” Sarah said.
Do you have that running on a car?
“We have demonstrated that it runs on the piece of hardware akin to what would be in the car,” she said.

Another type of digital ID project is file access.
“Another example is file systems within companies – you only want certain people to be able to open and read certain files. Using lattice-based cryptography, we can introduce hierarchy so management can access all the data – whereas people below the ranks can only reach certain pieces of data. It’s dependent on your digital ID.”
Sarah explained the benefits of lattice-based algorithms:
“The Identity Based Encryption (IBE) scheme I have implemented is two orders of magnitude faster than older implementations of pairing-based (existing) schemes, and five times faster encrypt, and 12 times faster decrypt, than the proof of concept.”
How likely is it that quantum computers will be able to break the algorithms faster than you can come up with them?
“There’s a reason why a lot of the cryptography schemes are undergoing so much analysis – to ensure there are no underlying vulnerabilities in these schemes,” she warned.
“With standard lattice using a matrix of integers, they have proven to be secure – they cannot be broken by quantum computers. However they require a huge amount of mathematics. To shorten this need, we use ring lattices. They are defined by vectors that make the multiplication much faster. However, there’s a strong assumption being made that this extra structure won’t help the quantum computer break the problem. Unless someone proves this is a vulnerability, they’ll be used because they’re much faster to create,” she concluded.
 
                     
                     
                     
                    
                         
                    
                         
                    
                         
                    
                         
                    
                         
                    
                         
                    
                        