Quantum Threat: Challenge to modern cryptographic systems

(To Mario Satin)

In recent months, the world of cryptography has been rocked by two announcements: the White House issued a memorandum to start in short period the migration to new cryptographic algorithms1 and the Elysium announced that it had sent the first diplomatic message using these algorithms2. In reality, for insiders, they are to be considered mandatory actions that well reflect the technological supremacy in the sector pursued by both countries and, in this context, it is also necessary to start a reflection in Italy on the issue of national technological sovereignty in the cryptographic field - of strategic importance, not only in the governmental and military fields, but in the economic-financial field, for example.

In general, the protection of data and communications must increasingly be linked to technologies that guarantee long-term responses, capable of countering threats with disruptive and partly still unknown potential.

The United States and France therefore demonstrate that they are moving in the same direction, - by adopting so-called algorithms Post-Quantum Cryptography (PQC) - in order to contrast the evolution of quantum computing, with respect to the real danger that it can represent. In fact, the security of today's cryptographic algorithms is computational, based on the assumption that the resolution of specific mathematical problems - recognized by the international scientific community - are unsolvable for a computer traditional. In the case of PQC algorithms, their design it is gradually focusing on mathematical problems - different from the current ones - which today are also considered resistant to computer quantum. Furthermore, their implementation will be able to guarantee information security without intervening on existing infrastructures, making the migration to PQC algorithms feasible on a large scale and in the short-medium term.

It is therefore to be considered understandable - in the current scenario - the sensationalist tone assumed by the news of these days in relation to the publication of an article by some Chinese researchers. The latter consider it possible to break even the most secure keys of classical cryptographic algorithms, such as the RSA keys of 2048 bit, using a computer quantum in line with current technological progress.

We talked about this news with the prof. Massimo Giulietti, mathematician and director of the Department of Mathematics and Computer Science at the University of Perugia, as well as vice president of the National Cryptography Association "De Componendis Ciphris"3.

“It has been known since 1984 that using a quantum computer could break much of the encryption normally used, including several algorithms of the Commercial National Security Algorithm Suite approved by the US National Security Agency (NSA), still widely used to protect information both civilian and military. This is why a competition has arisen between large states and large companies (such as Google and IBM) aimed at building ever more powerful quantum computers. However, there are intrinsic physical limitations in quantum computers that make it extremely difficult to build them in dimensions such as to represent a serious danger. Or at least, that's what we thought until a few days ago...

If the quantum algorithm proposed by the Chinese team of researchers is as efficient as they say, then it will most likely be possible to build, within a few years, quantum computers that can break cryptographic keys of thousands of bits. More precisely, Chinese researchers claim that it is possible to break the 2048-bit RSA algorithm with just 372 qubits of a quantum computer4, starting from a refinement of a recent cryptanalytic proposal5. This conjecture would represent the largest qubit savings ever speculated to date and would be achievable within current technological constraints - IBM just unveiled a 433-qubit quantum computer called the Osprey, and more are on the way."

So how realistic can this statement be?

“From a strictly technical point of view it is very difficult to express a judgment so soon. The scientific method requires verification and analysis of the results of Chinese academics, verifications that can last for months, before arriving at a conclusive conclusion.

Two aspects must also be kept in mind. The first is that their article is actually a preprint - therefore not yet subjected to peer review by the international scientific community - the second is that they do not provide any details on its effectiveness by scaling the model on large numbers. For the moment, reading the article certainly highlights a great deal of expertise on the part of the authors, as well as the published results (the breaking of a 48-bit key, a record for quantum computers) suggest that their algorithm could really work. Of course, from 48 to 2048 bits there is still a big leap, but not big enough to let us sleep peacefully”.

While waiting - continues Giulietti - we can continue to devise PQC algorithms.

“For years now, the Western world has been preparing for the worst-case scenario, namely the one in which quantum computers can actually attack the cryptography normally used. In particular, in recent years a whole new area of ​​cryptographic research has developed in this specific area linked precisely to the PQC. The USA is very attentive to the issue and the National Institute of Standards and Technology (NIST) has already chosen, through strict selection, a first family of PQC algorithms, for use by American agencies and bodies".

From this point of view it is important to ask whether Italy is preparing to make the leap post-quantum?

“Unfortunately, I believe that a full awareness of the severity of the quantum threat. We have excellent researchers in the PQC field, working both in Italy and abroad, but to date no specific government action. Even within our association there are very high skills in this area, ready to be engaged for the good of the country".

In the meantime, however, there is still no shortage of initiatives by the Italian cryptographic community...

“After five years of intense activity, made up of seminars and conferences, courses, hackathons and challenges, we are formally established last month as an association, under the guidance of prof. Massimiliano Sala, our President and director of the Cryptography Laboratory of the University of Trento, as well as leader of the Italian cryptographic community. Thousands of cryptographers subscribe to our mailing lists and follow us on social media. They are both academics from over twenty universities and developers in the private sector, as well as students or simple enthusiasts. A vast and qualified community at the disposal of our country”.

In this context, it should be noted that in the session of the Chamber of Deputies last 23 December - on the occasion of the approval of the Budget Law - an Agenda was voted and accepted by the Government6 which commits the latter to evaluate the opportunity to establish a National Cryptography Center (CNC). The CNC, already envisaged in the "National plan for cyber protection and information security" of 2017, but never implemented, would make it possible to provide the country with an institutional actor of reference for all those applications in which cryptography does not act exclusively as a useful tool of cybersecurity.








Photo: IBM