Transition to Post-Quantum Cryptography

By: Manvi Saini ¹& Kahishpreet Kaur ²

^1,2CSE, Chandigarh College of Engineering and Technology, Chandigarh, India.

Email: ¹[co22343@ccet.ac.in], ²[co22339@ccet.ac.in]

Abstract: In domain of cybersecurity, cryptographic techniques safeguard sensitive information against malicious sites, data breach campaigns, malware etc. Over the decade, cryptographic algorithms have transitioned from uncomplicated algorithms such as RSA, ECC (Elliptic Curve Cryptography) and DH(Diffie-Hellman) to complex algorithms such as code-based, hash-based, multivariate polynomial cryptography etc. The transition from conventional to post-quantum cryptographic solutions requires a lot of strategic planning and leads to integration dilemma requiring careful orchestration.

Keywords: Cybersecurity, Post-Quantum Cryptography, Data Security, Transition Phase, Integration Dilemma, Digital Communication.

Introduction:

Cybersecurity is the protection of digital systems, networks, and data from cyber threats. Cryptography is a domain of cybersecurity which plays a crucial role as it provides techniques to secure and safeguard sensitive information through encryption, ensuring confidentiality, integrity, authentication, and non-repudiation of data[1]. It employs mathematical algorithms to encrypt data, rendering it unreadable without the correct decryption key. Its aim is to ensure confidentiality, integrity, authentication, and non-repudiation of information. Cryptography safeguards sensitive data like personal information, financial transactions, and government communications across computer networks, e-commerce platforms, and digital channels.

The integration dilemma in post-quantum cryptography refers to the challenge of seamlessly transitioning from conventional cryptographic systems to quantum-resistant solutions while ensuring compatibility and security across existing infrastructure[2].

Drawbacks in previously used cryptographic systems:

RSA and ECC, known as the conventional cryptographic systems, possess vulnerabilities that pose significant risks to data security. Quantum attacks, such as Shor’s algorithm, have the capability to rapidly decrypt data encrypted using these systems, highlighting the urgent need for the adoption of post-quantum cryptography[3]. While increasing the length of encryption keys can enhance security against attacks, it also introduces a trade-off by slowing down cryptographic processes, particularly in environments with limited computational resources. Furthermore, the long-term security of RSA and ECC is uncertain in light of advancements in classical and quantum computing technologies[4-5]. This uncertainty underscores the importance of transitioning towards more resilient cryptographic algorithms capable of withstanding emerging threats. Despite the necessity for enhanced security, concerns regarding the performance of these algorithms persist due to the intricate calculations involved, which can impact processing speed and energy consumption[6]. Additionally, issues related to patents and intellectual property rights present obstacles to the development and widespread adoption of cryptographic solutions. Nevertheless, ongoing efforts aimed at promoting open standards and fostering collaboration among industry stakeholders are underway to mitigate these challenges and ensure the continued advancement and accessibility of cryptographic technologies[7].

Post Quantum Cryptography

Post Quantum Cryptography aims at developing cryptographic primitives which are resistant to attacks from both classical and quantum computers. Various Post- Quantum Cryptography algorithms include Lattice-based Cryptography, Code-based Cryptography, Hash-based Cryptography, Multivariate Polynomial Cryptography etc. These primitives are based on mathematical problems hard to solve even for quantum computers [8-9].

Fig1: Post -Quantum Cryptography (Lattice-based cryptography)

Post Quantum Cryptographic Algorithms:

There are four Post Quantum Cryptographic algorithms as shown in Table 1:

Algorithm Type	Definition	Examples
Lattice-Based Cryptography	It uses problems related to lattices (like grids) in space for security.	Learning With Errors (LWE) problem is an example of this algorithm. Here, we have noisy equations, and the goal is to find the secret vector. Another variant is Ring-LWE, which uses rings instead of vectors, offering efficiency benefits.
Code-Based Cryptography	This relies on error-correcting codes to secure data.	The McEliece cryptosystem, proposed in 1978, is one example. It’s based on decoding certain types of linear codes, making it resistant to quantum attacks.
Hash-Based Cryptography	It uses cryptographic hash functions to ensure security.	The Merkle signature scheme, based on hash trees, and the Lamport signature scheme, relying on pre-image resistance of hash functions, are examples. They offer strong security against classical and quantum attacks.
Multivariate Polynomial Cryptography	This is based on solving systems of polynomial equations.	One example is the Unbalanced Oil and Vinegar (UOV) scheme, which offers strong security against both classical and quantum attacks. Another is the Rainbow scheme, which aims to improve efficiency while maintaining security.

Table 1: Post Quantum Cryptographic Algorithms [10-12]

The Integration Dilemma:

Integrating post-quantum cryptographic algorithms into existing systems is a delicate task. The challenge lies not only in developing robust quantum-resistant algorithms but also in ensuring a smooth transition that does not disrupt the vast interconnected web of digital communication [13]. Major disruptions could have cascading effects on industries, governments, and individuals relying on secure digital transactions.

Strategies for Phased Transition:

1. Algorithmic Agility: Algorithmic agility refers to the capability of cryptographic systems to support multiple cryptographic algorithms simultaneously [14]. Researchers are advocating for algorithmic agility, enabling systems to support multiple cryptographic algorithms simultaneously. This approach allows for a gradual shift, where systems can dynamically choose between classical and post-quantum algorithms based on the level of security required.

2. Hybrid Cryptosystems: A phased transition involves implementing hybrid cryptosystems that utilize both classical and post-quantum algorithms. By doing so, organizations can maintain compatibility with existing systems while gradually incorporating quantum-resistant solutions for enhanced security[15-17].

3. Key Management Overhaul: Quantum-resistant algorithms often necessitate new approaches to key management. As part of the transition strategy, researchers are exploring efficient key generation, distribution, and storage mechanisms that align with the unique characteristics of post-quantum cryptographic systems.

4. Collaborative Standards Development: The establishment of standardized protocols for post-quantum cryptography is essential [18]. Collaborative efforts among researchers, industry experts, and standardization bodies are underway to define benchmarks, ensuring interoperability and compatibility across diverse systems.

5. Education and Awareness: A successful transition requires a well-informed user base. Educational initiatives are crucial to raising awareness among developers, system administrators, and end-users about the importance of transitioning to post-quantum cryptography and the potential impacts on their digital interactions [19].

Future Scope:

The future of post-quantum cryptography lies in further research and development to enhance the efficiency, security, and usability of cryptographic algorithms. Continued collaboration among researchers, industry stakeholders, and policymakers will be essential to address emerging challenges and stay ahead of evolving threats in the quantum era[20]. Additionally, ongoing educational initiatives will play a pivotal role in ensuring widespread adoption and understanding of post-quantum cryptographic solutions.

Conclusion:

The transition to post-quantum cryptography is a critical step in securing tomorrow’s digital landscape against quantum threats. By embracing innovative strategies and fostering collaboration among stakeholders, we can navigate the complexities of integration and ensure the long-term resilience of cryptographic systems. The collaborative efforts of researchers, industry stakeholders, and policymakers are essential to safeguarding the foundations of trust and security in the face of quantum advancements.

References:

1. Kumar, S., Singh, S. K., Aggarwal, N., & Aggarwal, K. (Year). Evaluation of automatic parallelization algorithms to minimize speculative parallelism overheads: An experiment. Journal of Discrete Mathematical Sciences and Cryptography, 24(5), 1517-1528.
2. Mengi, G., Singh, S. K., Kumar, S., Mahto, D., & Sharma, A. (2023, February 21). Automated Machine Learning (AutoML): The Future of Computational Intelligence. In International Conference on Cyber Security, Privacy and Networking (ICSPN 2022) (pp. 309-317).
3. Vats, T., & Kumar, S. (2021). Next-generation towards construction of cyber-physical systems and digital twins. Retrieved from https://insights2techinfo.com/next-generation-towards-construction-of-cyber-physical-systems-and-digital-twins/
4. Dubey, H. A. R. S. H. I. T., Kumar, S. U. D. H. A. K. A. R., & Chhabra, A. N. U. R. E. E. T. (2022). Cyber Security Model to Secure Data Transmission using Cloud Cryptography. Cyber Secur. Insights Mag, 2, 9-12.
5. Singh, M., Singh, S. K., Kumar, S., Madan, U., & Maan, T. (2021, September). Sustainable Framework for Metaverse Security and Privacy: Opportunities and Challenges. In International Conference on Cyber Security, Privacy and Networking (pp. 329-340).
6. Sharma, A., Singh, S. K., Kumar, S., Chhabra, A., & Gupta, S. (2023). Security of Android Banking Mobile Apps: Challenges and Opportunities. In N. Nedjah, G. Martínez Pérez, & B.B. Gupta (Eds.), International Conference on Cyber Security, Privacy and Networking (ICSPN 2022) (ICSPN 2021, Lecture Notes in Networks and Systems, vol 599, pp. 39-49). Springer, Cham. https://doi.org/10.1007/978-3-031-22018-0_39
7. Zhang, Y., Liu, M., Guo, J., Wang, Z., Wang, Y., Liang, T., & Singh, S. K. (2022, December). Optimal Revenue Analysis of the Stubborn Mining Based on Markov Decision Process. In International Conference on Machine Learning for Cyber Security (pp. 299-308).
8. Aggarwal, K., Singh, S. K., Chopra, M., Kumar, S., & Colace, F. (2022). Deep learning in robotics for strengthening industry 4.0: Opportunities, challenges and future directions. In Robotics and AI for Cybersecurity and Critical Infrastructure in Smart Cities (pp. 1-19).
9. Gupta, A., Singh, S. K., Chopra, M., & Gill, S. S. (2022). An inquisitive prospect on the shift toward online media, before, during, and after the COVID-19 pandemic: a technological analysis. In Advances in Data Computing, Communication and Security: Proceedings of I3CS2021 (pp. 229-238). Singapore: Springer Nature Singapore.
10. Aggarwal, K., Singh, S. K., Chopra, M., & Kumar, S. (2022). Role of social media in the COVID-19 pandemic: A literature review. Data mining approaches for big data and sentiment analysis in social media, 91-115.
11. Kaur, P., Singh, S. K., Singh, I., & Kumar, S. (2021, December). Exploring Convolutional Neural Network in Computer Vision-based Image Classification. In International Conference on Smart Systems and Advanced Computing (Syscom-2021)
12. Gupta, A., Sharma, A., Singh, S. K., & Kumar, S. Cloud Computing & Fog Computing: A solution for High Performance Computing. Proceedings of the 11th INDIACom. IEEE.
13. Singh, A., Singh, S. K., & Mittal, A. (2022). A review on dataset acquisition techniques in gesture recognition from Indian sign language. Advances in Data Computing, Communication and Security: Proceedings of I3CS2021, 305-313
14. Bernstein, D. J., & Lange, T. (2017). Post-quantum cryptography. Nature, 549(7671), 188-194.
15. Chen, L., Chen, L., Jordan, S., Liu, Y. K., Moody, D., Peralta, R., … & Smith-Tone, D. (2016). Report on post-quantum cryptography (Vol. 12). Gaithersburg, MD, USA: US Department of Commerce, National Institute of Standards and Technology.
16. Song, F. (2014, October). A note on quantum security for post-quantum cryptography. In International Workshop on Post-Quantum Cryptography (pp. 246-265). Cham: Springer International Publishing.
17. Bernstein, D. J. (2009). Introduction to post-quantum cryptography. In Post-quantum cryptography (pp. 1-14). Berlin, Heidelberg: Springer Berlin Heidelberg.
18. Chen, L., Moody, D., & Liu, Y. K. (2016). Post-quantum cryptography. US Dept. Commerce, Nat. Inst. Standards Technol., Gaithersburg, MD, USA, Tech. Rep. NISTIR, 8105.
19. Sendrier, N. (2010, May). Post-quantum cryptography. In third international workshop, PQCrypto, Darmstadt, Germany.
20. Takagi, T. (2016). Post-quantum cryptography. Lecture Notes in Computer Science, 9606.
21. Malik, M., Prabha, C., Soni, P., Arya, V., Alhalabi, W. A., Gupta, B. B., … & Almomani, A. (2023). Machine Learning-Based Automatic Litter Detection and Classification Using Neural Networks in Smart Cities. International Journal on Semantic Web and Information Systems (IJSWIS), 19(1), 1-20.
22. Verma, V., Benjwal, A., Chhabra, A., Singh, S. K., Kumar, S., Gupta, B. B., … & Chui, K. T. (2023). A novel hybrid model integrating MFCC and acoustic parameters for voice disorder detection. Scientific Reports, 13(1), 22719.
23. Chui, K. T., Gupta, B. B., Liu, J., Arya, V., Nedjah, N., Almomani, A., & Chaurasia, P. (2023). A survey of internet of things and cyber-physical systems: standards, algorithms, applications, security, challenges, and future directions. Information, 14(7), 388.
24. Sharma, P. C., Mahmood, M. R., Raja, H., Yadav, N. S., Gupta, B. B., & Arya, V. (2023). Secure authentication and privacy-preserving blockchain for industrial internet of things. Computers and Electrical Engineering, 108, 108703.
25. Upadhyay, U., Kumar, A., Sharma, G., Gupta, B. B., Alhalabi, W. A., Arya, V., & Chui, K. T. (2023). Cyberbullying in the metaverse: A prescriptive perception on global information systems for user protection. Journal of Global Information Management (JGIM), 31(1), 1-25.

Cite As

Saini M ; Kaur K (2024) Transition to Post-Quantum Cryptography, Insights2Techifo, pp.1

691300cookie-checkTransition to Post-Quantum Cryptographyyes