Author: Sal Kimmich
In a recent presentation to the Confidential Computing Consortium’s Technical Advisory Committee, Hart Montgomery discussed the pressing topic of post-quantum cryptography (PQC). The presentation highlighted the looming threat posed by quantum computers to traditional public key cryptography and outlined the proactive steps necessary to secure digital information in a post-quantum world.
The Quantum Threat
Montgomery began by addressing the fundamental issue: quantum computers, once sufficiently powerful, will be able to break nearly all existing widely deployed public key cryptography methods. These methods include widely used standards like RSA, DSA, and elliptic curve cryptography (including ECDSA). The crux of the problem is that quantum computers can solve complex mathematical problems—such as factoring large numbers and the discrete logarithm problem—exponentially faster than classical computers, rendering current cryptographic techniques vulnerable.
- RSA (Rivest–Shamir–Adleman): A widely used public-key cryptosystem that relies on the difficulty of factoring large integers. Learn more about RSA.
- DSA (Digital Signature Algorithm): A Federal Information Processing Standard for digital signatures, based on the difficulty of solving discrete logarithms. Learn more about DSA.
- ECDSA (Elliptic Curve Digital Signature Algorithm): A cryptographic algorithm used by many standards for digital signatures that relies on the hardness of discrete logarithm over elliptic curves. Learn more about ECDSA.
Why Does This Matter?
The implications of quantum computers’ ability to break these cryptographic methods are far-reaching. A particularly concerning scenario is the “harvest now, decrypt later” problem, where adversaries could intercept and store encrypted data today, only to decrypt it in the future when quantum computing is sufficiently advanced. This is especially problematic for sectors like finance, where regulations often require data to be secure for decades. All experts queried by Global Risk Institute’s 2023 Quantum Threat report agreed that shift is likely to occur within the next 3 decades.
The Power of Quantum Computing
To better understand the quantum threat, Montgomery provided a brief overview of quantum computing’s capabilities. Quantum computers operate using quantum bits, or qubits, which can exist in a superposition of states, allowing for massive parallelism in some computations. This property enables quantum algorithms, such as Shor’s algorithm, to solve problems like integer factorization exponentially faster than classical algorithms.
Shor’s algorithm, in particular, presents a significant threat to cryptography. It can factor large numbers exponentially faster than the best-known classical algorithms, such as the General Number Field Sieve (GNFS). For example, while classical algorithms might take an impractically long time to factor a 1,000-digit number, a quantum computer running Shor’s algorithm could potentially do so in a feasible amount of time.
- Quantum Superposition: A fundamental principle of quantum mechanics where a quantum system can exist in multiple states simultaneously. Learn more about superposition.
- Shor’s Algorithm: A quantum algorithm that can efficiently factorize large integers, threatening current public-key cryptographic systems. Learn more about Shor’s Algorithm.
- General Number Field Sieve (GNFS): The most efficient classical algorithm for factoring large integers. Learn more about GNFS.
Quantum-Safe Cryptography
To counter the quantum threat, the cryptographic community has been developing quantum-safe cryptographic algorithms. These new methods are based on mathematical problems that are believed to be resistant to quantum attacks. One of the leading approaches is lattice-based cryptography, which involves complex mathematical structures known as lattices.
Montgomery emphasized the importance of transitioning to quantum-safe cryptography well before quantum computers reach a stage where they can break existing cryptographic systems. The timeline for the advent of quantum computers remains uncertain, with experts estimating that powerful quantum computers could emerge within the next 15 to 30 years. For organizations that need to secure data for extended periods, the shift to quantum-safe methods is urgent.
- Lattice-Based Cryptography: A type of cryptography based on the hardness of lattice problems, which are currently considered secure against quantum attacks. Learn more about lattice-based cryptography.
Standardization Efforts and Challenges
Montgomery highlighted the extensive efforts to standardize post-quantum cryptography. The National Institute of Standards and Technology (NIST) has been leading a global initiative to develop and evaluate quantum-safe algorithms. This process has involved rigorous review and testing by cryptographers worldwide. The first set of standardized algorithms were released in August 2024, with four key candidates emerging: Kyber, Dilithium, and Sphincs+.
While these algorithms offer security against quantum attacks, they also introduce challenges. One significant issue is the larger key sizes and computational overhead associated with these new methods. For example, lattice-based schemes like Kyber and Dilithium require larger keys and ciphertexts, which could impact performance in certain applications, particularly those involving large-scale or high-frequency cryptographic operations.
- NIST (National Institute of Standards and Technology): A U.S. federal agency that develops and promotes measurement standards, including cryptographic standards. Learn more about NIST.
- Kyber: A lattice-based key encapsulation mechanism (KEM) designed for post-quantum security. Learn more about Kyber.
- Dilithium: A lattice-based digital signature algorithm designed for post-quantum security. Learn more about Dilithium.
- Falcon: A compact lattice-based digital signature scheme optimized for post-quantum security. Learn more about Falcon. (standards still developing)
- Sphincs+: A stateless hash-based digital signature scheme that provides post-quantum security. Learn more about Sphincs+.
Impact on Confidential Computing
The discussion also touched on the implications for confidential computing, particularly in areas like attestation, which heavily relies on cryptographic methods. Attestation is a critical component in confidential computing, used to verify the integrity and authenticity of a system or software environment.
Montgomery noted that while the transition to post-quantum cryptography will require careful planning, many aspects of confidential computing, such as firmware and microcode, may not require significant hardware changes to implement quantum-safe cryptographic algorithms.
However, he did caution that the larger key sizes and ciphertexts associated with post-quantum cryptography could pose challenges in scenarios where numerous attestations (process of verifying the integrity and authenticity of a computing environment) or key exchanges occur frequently. Despite these challenges, the transition is crucial to ensure the long-term security of confidential computing environments.
The Post-Quantum Cryptography Alliance
To further advance the adoption of quantum-safe cryptography, Montgomery introduced the Post-Quantum Cryptography Alliance, The alliance’s goal is to build high-quality, quantum-safe cryptographic code and foster collaboration between the research community and developers to refine cryptographic algorithms that are resistant to quantum attacks. The alliance is structured similarly to other Linux Foundation projects, with an emphasis on open collaboration and transparency. Two key projects within the alliance are the Open Quantum Safe (OQS) project and the PQ Code Package project. OQS focuses on the development and implementation of quantum-safe algorithms, while the PQ Code Package project is dedicated to creating formally verified, high-assurance implementations of quantum-safe standards like Kyber.
- Open Quantum Safe (OQS) Project: Learn more about OQS.
- PQ Code Package Project: Learn more about PQ.
Looking towards the Quantum Computing Era
Post-Quantum Cryptography (PQC) addresses the quantum threat by developing cryptographic algorithms that can withstand attacks from quantum computers, ensuring that encrypted data remains secure and that signatures cannot be forged. Meanwhile, Confidential Computing (CC) protects data in use through secure enclaves and hardware-based security features, safeguarding sensitive computations from unauthorized access.
Together, PQC and CC provide a layered security approach that covers the entire data lifecycle—from protection at rest and in transit to safeguarding data during processing. As digital threats evolve, integrating both PQC and CC into security strategies is vital for organizations looking to future-proof their operations. These technologies are not just essential on their own; they complement each other, forming the foundation of tomorrow’s secure computing environment.
As we approach the era of quantum computing, the need for quantum-safe cryptography becomes increasingly urgent. Hart Montgomery’s presentation underscored the importance of proactive measures, including the development and standardization of post-quantum cryptographic methods. While challenges remain—such as increased computational overhead and larger key sizes—the work being done today will be crucial in securing our digital future against the quantum threat.
You can watch the entire discussion on the CCC youtube channel.