Post-quantum Cryptography (PQC): New Algorithms for a New Era

[Updated December 7th, 2023] Post-Quantum Cryptography (PQC), also known as Quantum Safe Cryptography (QSC), refers to cryptographic algorithms designed to withstand attacks by quantum computers.

Quantum computers will eventually become powerful enough to break public key-based cryptography, also known as asymmetric cryptography. Public key-based cryptography is used to protect everything from your online communications to your financial transactions.

Quantum computing represents a major security threat and action is needed now to secure applications and infrastructure using Post-Quantum/Quantum Safe Cryptography.

This blog explains everything you need to know about the new algorithms designed to protect against quantum computer attacks.

Contents

• What is quantum computing?
• Why are quantum computers a security threat?
• What is Post-Quantum Cryptography (PQC)?
• Is Quantum Safe Cryptography the same as Post-Quantum Cryptography (PQC)?
• Why do we need to act now if quantum computers are still a way off?
• What progress has been made to develop new PQC algorithms?
• What recommendations does CNSA 2.0 make for transitioning to PQC algorithms?
• How can companies get ready for the Quantum Computing Era?
• What Quantum Safe IP solutions are available from Rambus?

What is quantum computing?

Quantum computing utilizes quantum mechanics to solve certain classes of complex problems faster than is possible on classic computers. Problems that currently take the most powerful supercomputer several years could potentially be solved in days.

Source: Quantum Could Solve Countless Problems —And Create New Ones | Time, February 2023

As such, quantum computers have the potential to deliver the computational power that could take applications like AI to a whole new level. Powerful quantum computers will become a reality in the not-so-distant future, and while they offer many benefits, they also present a major security threat.

Why are quantum computers a security threat?

Once sufficiently powerful quantum computers exist, traditional asymmetric cryptographic methods for key exchange and digital signatures will be broken. Leveraging Shor’s algorithm, quantum computers will be capable of reducing the security of discrete logarithm-based schemes like Elliptic Curve Cryptography (ECC) and factorization-based schemes like RSA (Rivest-Shamir-Adleman) so much that no reasonable key size would suffice to keep data secure. ECC and RSA are the algorithms used to protect everything from our bank accounts to our medical records.

Governments, researchers, and tech leaders the world over have recognized this quantum threat and the difficulty in securing critical infrastructure against attacks from quantum computers.

“A quantum computer of sufficient size and sophistication — also known as a cryptanalytically relevant quantum computer (CRQC) — will be capable of breaking much of the public-key cryptography used on digital systems across the United States and around the world.

When it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems, May 2022

What is Post-Quantum Cryptography (PQC)?

New digital signatures and key encapsulation mechanisms (KEMs) are needed to protect data and hardware from quantum attacks. Many initiatives have been launched throughout the world to develop and deploy new cryptographic algorithms that can replace RSA and ECC while being highly resistant to both classic and quantum attacks. Post-Quantum Cryptography (PQC) refers to these cryptographic algorithms designed to withstand attacks by quantum computers.

Is Quantum Safe Cryptography the same as Post-Quantum Cryptography (PQC)?

Yes, Quantum Safe Cryptography is another term for Post-Quantum Cryptography. Both refer to cryptographic algorithms designed to withstand attacks by quantum computers. Other terms that you may come across include Quantum Proof Cryptography or Quantum Resistant Cryptography.

Why do we need to act now if quantum computers are still a way off?

While quantum computers powerful enough to break public key encryption may still be a way off, data harvesting is happening now. Malicious actors are already said to be collecting encrypted data and storing it for the time when future quantum computers will be capable of breaking our current encryption methods. This is known as a “harvest now, decrypt later” strategy.

Further because the shelf life of confidential or private information can span years or decades, there is a rapidly growing need to protect such data today to future proof it from quantum attack. Additionally, for many devices such as chips, the development cycle is a long one. Given that it can take years for security testing, certification and then deployment into the existing infrastructure, the earlier the transition to Quantum Safe Cryptography begins, the better.

What progress has been made to develop new PQC algorithms?

The biggest public initiative to develop and standardize new PQC algorithms was launched by The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). International teams of cryptographers submitted algorithm proposals, reviewed the proposals, broke some, and gained confidence in the security of others.

After multiple rounds of evaluations, on July 5th, 2022, NIST announced the first PQC algorithms selected for standardization. CRYSTALS-Kyber was selected as a Key Encapsulation Mechanism (KEM) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected as digital signature algorithms.

On August 24th, 2023, NIST announced the first three draft standards for general-purpose Quantum Safe Cryptography.

These are draft standards are:

• FIPS 203 ML-KEM: Module-Lattice-Based Key Encapsulation Mechanism Standard, which is based on the previously selected CRYSTALS-Kyber mechanism
• FIPS 204 ML-DSA: Module-Lattice-Based Digital Signature Standard, which is based on the previously selected CRYSTALS-Dilithium signature scheme
• FIPS 205 SLH-DSA: Stateless Hash-Based Digital Signature Standard, which is based on the previously selected SPHINCS+ signature scheme

What recommendations does CNSA 2.0 make for transitioning to PQC algorithms?

The National Security Agency (NSA) published an update to its Commercial National Security Algorithm Suite (CNSA) in September 2022, CNSA 2.0.

National Security Systems (NSS) will need to fully transition to PQC algorithms by 2033 and some use cases will be required to complete the transition as early as 2030. CNSA 2.0 specifies that CRYSTALS-Kyber and CRYSTALS-Dilithium should be used as quantum-resistant algorithms, along with stateful hash-based signature schemes XMSS (eXtended Merkle Signature Scheme) and LMS (Leighton-Micali Signatures).

CNSA 2.0 sets out an ambitious timeline for PQC algorithm adoption – other organizations across the globe are set to follow suit with their own guidelines.

Source: NSA Commercial National Security Algorithm Suite 2.0, September 2022

How can companies get ready for the Quantum Computing Era?

• Understand where vulnerable cryptography like RSA or ECC is deployed in your products.
• Investigate what performance impact a PQC transition will have on your products and what makes sense for your product roadmap.
• Establish what transition timelines your products must observe.
• Speak with your customers and suppliers to ensure that expectations and plans align.
• Understand where vulnerable cryptography like RSA or ECC is deployed in your business infrastructure and business processes.
• Talk to security experts like Rambus to understand how you can begin to transition to Quantum Safe Cryptography

What Quantum Safe IP solutions are available from Rambus?

Rambus Quantum Safe IP solutions offer a hardware-level security solution to protect data and hardware against quantum computer attacks using NIST and CNSA selected algorithms.

Rambus Quantum Safe IP products are compliant with FIPS 203 ML-KEM and FIPS 204 ML-DSA draft standards. Products are firmware programmable to allow for updates with evolving quantum-resistant standards.

The products can be deployed in ASIC, SoC and FPGA implementations for a wide range of applications including data center, AI/ML, defense and other highly secure applications.

Solution	Applications
QSE-IP-86	Standalone engine providing Quantum Safe Cryptography acceleration
QSE-IP-86 DPA	Standalone engine providing Quantum Safe Cryptography acceleration and DPA-resistant cryptographic accelerators
RT-634	Programmable Root of Trust with Quantum Safe Cryptography acceleration
RT-654	Programmable Root of Trust with Quantum Safe Cryptography acceleration and DPA-resistant cryptographic accelerators
RT-664	Programmable Root of Trust with Quantum Safe Cryptography acceleration and FIA-protected cryptographic accelerators

Summary

Quantum computing is being pursued across industry, government and academia with tremendous energy and is set to become a reality in the not-so-distant future. For many years, Rambus has been a leading voice in the PQC movement and now offers a portfolio of Quantum Safe IP solutions designed to offer hardware-level security using NIST and CNSA selected algorithms.

Explore more primers:
– PCI Express 5 vs. 4: What’s New?
– DDR5 vs DDR4 – All the Design Challenges & Advantages
– Hardware root of trust: All you need to know
– Side-channel attacks: explained
– Compute express link: All you need to know
– MACsec Explained: From A to Z
– The Ultimate Guide to HBM2E Implementation & Selection