• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • [email protected] Newsletter
    • Other Research
      • Future Issues And Technology (FIT)
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Cohesive Societies
    • Great Powers
    • Sustainable Security
    • COVID-19 Resources
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • [email protected] Newsletter
      • Other Research
        • Future Issues And Technology (FIT)
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Cohesive Societies
      • Great Powers
      • Sustainable Security
      • COVID-19 Resources
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • The Cryptography Race: Securing Systems Before Quantum Computers Arrive
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO23006 | The Cryptography Race: Securing Systems Before Quantum Computers Arrive
    Dr David Joseph

    13 January 2023

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    The quantum threat to cybersecurity is a topic gaining awareness, but just how tangible is it? What are the solutions? And what are the challenges facing both “red” and “blue” teams in this game of cat-and-mouse?

    cybersecurity
    Source: Stockvault

    COMMENTARY

    IN 1994, Peter Shor published a quantum algorithm which could perform specific mathematical tasks incredibly efficiently, so long as one had access to highly controlled hardware being developed in the then nascent and esoteric field of quantum computing. The problems that quantum computers could solve – doing long division and other closely related problems were its forte – did not seem to be of much interest to the general population. For most of the population, the realities of performing computation on a quantum scale were practically science fiction; to cryptographers, however, it represented a far off, albeit existential threat.

    Public key cryptography, less than two decades old at the time, relied upon the hardness of solving the exact same set of mathematical problems that Shor’s algorithm solves efficiently using a quantum computer. Yet this threat was not completely unseen – one of the co-inventors of RSA (a widely used public key cryptography system), Adi Shamir, had even stated as early as 1989 that “the basis of modern public key cryptography… has become dangerously dependent on the difficulty of a single problem.” Three decades on from Shor’s initial paper, the modern computational information infrastructure that governs the world we live in is highly dependent on those exact same problems.

    The Threat from Advances in Quantum Computing

    However, over the past five years there has been renewed fervour among quantum scientists. Their optimism is driven by a small number of engineering breakthroughs which have brought quantum computation to the brink of reality. Enormous hurdles remain, but now we have a clearer picture of the roadmap ahead. Organisations – both public and, increasingly, private – are beginning to toil towards building large fault-tolerant quantum computers capable of cracking our current encryption. No-one knows for sure, but some experts believe we could see such a machine breaking our encryption within 10 years.

    The threat of such a quantum machine would be two-fold. The first is to confidentiality: a quantum adversary would be able to decrypt traffic that has been exchanged between parties who believe that the only ones who can read the data are those with whom they have securely exchanged a key. The problem here is that such data can be downloaded and stored as of today, known as the “store now, decrypt later” threat. The second threat is to authenticity, as with a quantum computer, one could forge digital signatures, proclaiming to be Google, Amazon, a government website, or any party using insecure signature algorithms. This false identity can then be used to gain trust and access for malevolent means.

    Emergence of Post-Quantum Cryptography

    Meanwhile, in the intervening 30 years, mathematicians and cryptographers have not been resting on their laurels. They have developed a wide suite of algorithms to ensure confidentiality and authenticity using other mathematical problems, which they believe will remain resistant to quantum attacks. These algorithms are known together as post-quantum cryptography (PQC). PQC algorithms are categorised by their underlying “hard problem,” with flavours such as lattices, codes, hashes, and more. For the past five years, the US government has been running the most prominent PQC standardisation process in the world to select the public key cryptosystems of the next era.

    Such standardisation cannot be rushed. Even after many years of prodding and poking at cryptosystems, late-stage algorithms such as Rainbow (Multivariate) and SIKE (Isogenies) have been broken, potentially undermining confidence in the remaining candidates. For this reason, many promote a hybrid approach to migration (combining PQC and traditional cryptography), so that systems maintain their current levels of security even if the PQC algorithm is subsequently broken. Nevertheless, the cryptographic community does have strong confidence in the algorithms recently announced to be standardised.

    From Standardisation to Integration

    Once complete, these standardised mathematical formulae will begin to permeate into web browsers, email, government communications, 5G, and practically every secure communication protocol across the internet and telecommunications. But the integration will not happen by itself. Untangling the internet’s spaghetti history of cybersecurity protocols, patches, poor security implementations, and more, will take teams of engineers many years to perform. Their task is simple: find public key cryptography wherever it exists, rip it out (if vulnerable), and replace it with quantum-resistant standardised successors.

    No-one knows exactly how long we have until large fault-tolerant quantum computers arrive. That depends on the best efforts and scientific breakthroughs of the world’s leading quantum engineers, corporations, and government programmes. But the transition to quantum-resistant communications must happen for organisations to retain the trust of their users in an era where quantum computers exist, and cybersecurity and privacy top the global data agenda.

    About the Author

    Dr David Joseph is a Research Scientist at SandboxAQ. This commentary is based on remarks delivered at a RSIS event.

    Categories: Commentaries / Country and Region Studies / General / Technology and Future Issues / East Asia and Asia Pacific / Global / South Asia / Southeast Asia and ASEAN

    Last updated on 13/01/2023

    comments powered by Disqus
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    The quantum threat to cybersecurity is a topic gaining awareness, but just how tangible is it? What are the solutions? And what are the challenges facing both “red” and “blue” teams in this game of cat-and-mouse?

    cybersecurity
    Source: Stockvault

    COMMENTARY

    IN 1994, Peter Shor published a quantum algorithm which could perform specific mathematical tasks incredibly efficiently, so long as one had access to highly controlled hardware being developed in the then nascent and esoteric field of quantum computing. The problems that quantum computers could solve – doing long division and other closely related problems were its forte – did not seem to be of much interest to the general population. For most of the population, the realities of performing computation on a quantum scale were practically science fiction; to cryptographers, however, it represented a far off, albeit existential threat.

    Public key cryptography, less than two decades old at the time, relied upon the hardness of solving the exact same set of mathematical problems that Shor’s algorithm solves efficiently using a quantum computer. Yet this threat was not completely unseen – one of the co-inventors of RSA (a widely used public key cryptography system), Adi Shamir, had even stated as early as 1989 that “the basis of modern public key cryptography… has become dangerously dependent on the difficulty of a single problem.” Three decades on from Shor’s initial paper, the modern computational information infrastructure that governs the world we live in is highly dependent on those exact same problems.

    The Threat from Advances in Quantum Computing

    However, over the past five years there has been renewed fervour among quantum scientists. Their optimism is driven by a small number of engineering breakthroughs which have brought quantum computation to the brink of reality. Enormous hurdles remain, but now we have a clearer picture of the roadmap ahead. Organisations – both public and, increasingly, private – are beginning to toil towards building large fault-tolerant quantum computers capable of cracking our current encryption. No-one knows for sure, but some experts believe we could see such a machine breaking our encryption within 10 years.

    The threat of such a quantum machine would be two-fold. The first is to confidentiality: a quantum adversary would be able to decrypt traffic that has been exchanged between parties who believe that the only ones who can read the data are those with whom they have securely exchanged a key. The problem here is that such data can be downloaded and stored as of today, known as the “store now, decrypt later” threat. The second threat is to authenticity, as with a quantum computer, one could forge digital signatures, proclaiming to be Google, Amazon, a government website, or any party using insecure signature algorithms. This false identity can then be used to gain trust and access for malevolent means.

    Emergence of Post-Quantum Cryptography

    Meanwhile, in the intervening 30 years, mathematicians and cryptographers have not been resting on their laurels. They have developed a wide suite of algorithms to ensure confidentiality and authenticity using other mathematical problems, which they believe will remain resistant to quantum attacks. These algorithms are known together as post-quantum cryptography (PQC). PQC algorithms are categorised by their underlying “hard problem,” with flavours such as lattices, codes, hashes, and more. For the past five years, the US government has been running the most prominent PQC standardisation process in the world to select the public key cryptosystems of the next era.

    Such standardisation cannot be rushed. Even after many years of prodding and poking at cryptosystems, late-stage algorithms such as Rainbow (Multivariate) and SIKE (Isogenies) have been broken, potentially undermining confidence in the remaining candidates. For this reason, many promote a hybrid approach to migration (combining PQC and traditional cryptography), so that systems maintain their current levels of security even if the PQC algorithm is subsequently broken. Nevertheless, the cryptographic community does have strong confidence in the algorithms recently announced to be standardised.

    From Standardisation to Integration

    Once complete, these standardised mathematical formulae will begin to permeate into web browsers, email, government communications, 5G, and practically every secure communication protocol across the internet and telecommunications. But the integration will not happen by itself. Untangling the internet’s spaghetti history of cybersecurity protocols, patches, poor security implementations, and more, will take teams of engineers many years to perform. Their task is simple: find public key cryptography wherever it exists, rip it out (if vulnerable), and replace it with quantum-resistant standardised successors.

    No-one knows exactly how long we have until large fault-tolerant quantum computers arrive. That depends on the best efforts and scientific breakthroughs of the world’s leading quantum engineers, corporations, and government programmes. But the transition to quantum-resistant communications must happen for organisations to retain the trust of their users in an era where quantum computers exist, and cybersecurity and privacy top the global data agenda.

    About the Author

    Dr David Joseph is a Research Scientist at SandboxAQ. This commentary is based on remarks delivered at a RSIS event.

    Categories: Commentaries / Country and Region Studies / General / Technology and Future Issues

    Last updated on 13/01/2023

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    The Cryptography Race: Securing Systems Before Quantum Computers Arrive

    SYNOPSIS

    The quantum threat to cybersecurity is a topic gaining awareness, but just how tangible is it? What are the solutions? And what are the challenges ...
    more info