CONTACT US

3 Weaknesses of Post-quantum Cryptography The World Can’t Afford to Ignore

Share on facebook
Share on twitter
Share on linkedin
Share on email

Back in 1999, everybody caught the “Y2K” bug. According to Y2K’s “prophecy of doom”, the transition into a new millennium would wreak havoc on computer networks globally and ultimately bring our entire civilization to a grinding halt.

Y2K turned out to be a damp squib.

But it’s highly unlikely that Y2Q or “years to quantum” will be as easy to tackle. Y2Q is approaching – and fast!

Experts like Michele Mosca, Deputy Director at the , believe that the odds of reaching Y2Q by 2026 are 1 in 7 and 1 in 2 by 2031. When Y2Q becomes a reality, quantum computers will easily break the outdated cryptographic protocols we currently rely on to protect our systems and data. Assets worth US$3.5 trillion are at risk because they still rely on outdated cryptography!

Currently, the best way to ward off future quantum attacks is to develop stronger quantum-resistant encryption. And of the many approaches that are being developed today, post-quantum cryptography (PQC) appears to be the most promising.

But even though PQC has garnered support from governments thanks to its cost-effectiveness, many PQC methods work well only in the lab. In unpredictable real-world environments, they can struggle to stand up to scrutiny. Not only that, but they can be difficult to deploy (though certainly not as difficult as QKD).

Here are the three main drawbacks of PQC-based systems you need to be aware of. $3.5 trillion worth of assets is at stake!

Large Key Sizes & Performance Costs

Most PQC systems require much larger keys than classical public-key algorithms. While the large key sizes make PQC algorithms more secure, they have serious implications for the performance of quantum-resistant cryptography.

Compared to legacy public-key cryptosystems, PQC algorithms can take more time to encrypt and decrypt messages. Not only that, but the larger keys occupy more storage space, need more memory, and require more network bandwidth.

At smaller scales and with small amounts of data, you might not even notice the performance cost of quantum-resistant cryptography. However, once you start transmitting and handling thousands of different keys simultaneously, the performance impact of PQC will begin to add up.

Old infrastructures with outdated hardware may be unable to keep up with the performance requirements of PQC. Worse, PQC might affect latency-sensitive workloads, like computer vision systems in autonomous vehicles. Resource-constrained devices like smartphones or IoT devices may be unable to run PQC as well.

The bottom line is that you may need to upgrade your infrastructure to support your transition to PQC. So even though PQC can be delivered to any device through software, the potential need to upgrade your infrastructure might make PQC’s deployment very challenging.

There is no way around this – if you want to protect yourself from quantum threats, you’ll need to accept some costs. That being said, some PQC algorithms are more efficient than others – you’ll want to use them to protect your infrastructure.

Non-Ideal Scalability

Many PQC algorithms struggle to maintain their hardness (resistance to attacks) at scale. As an example, lattice-based cryptography, which is one of the promising PQC techniques being researched, scales well but only achieves average-case hardness. In simple terms, average-case hardness means that lattice-based cryptography is resistant to most (but not all) quantum attacks.

It appears that scalability and encryption hardness are competing qualities. We can excel at one or the other, but not both. That being said, this might be true only for the PQC systems that are currently in development. In the future, researchers and cybersecurity vendors might be able to come up with solutions that can maintain their hardness at any scale.

Vulnerability to Advancements in Quantum Tech

Unlike quantum cryptography and, in particular, quantum key distribution (QKD), quantum-resistant cryptography will be sensitive to increasing quantum computing power. QKD is based on quantum mechanics and is theoretically impervious to attacks from quantum computers, regardless of their computing power. QKD has many issues that limit its real-world security, but it provides future-proof security at least in theory.

Now, the vulnerability of quantum-resistant cryptography to advancements in quantum technology is a very long-term problem – we probably won’t have to worry about it for quite some time. Still, this is something that we need to keep in mind going forward.

As quantum computers become more powerful, early PQC algorithms may need to be upgraded or replaced entirely. Sure, we probably will be able to somewhat offset the increasing power by using longer cryptographic keys. But eventually, PQC might become defenseless against very advanced and powerful quantum computers.

There’s also the possibility that researchers will come up with some sort of quantum algorithm that can easily solve the math that underlies PQC. Just like Shor’s algorithm shattered our assumptions about classical cryptography, researchers may someday come up with a neat trick that will be able to easily defeat PQC.

Prepare For Quantum With QiSpace™

At Quantropi, we believe that proactiveness and agility are the keys to protecting ourselves from the attacks of both today and tomorrow.

As the only quantum security provider in the world offering the 3 prerequisites for cryptographic integrity – Trust, Uncertainty, and Entropy (TrUE) – Quantropi is a force to be reckoned with in quantum cybersecurity. Our patented TrUE technologies provide end-to-end protection across entire enterprise infrastructures, starting from on-premises data centers and ending with communications between employees.

A highlight of TrUE is MASQ™ – Quantropi’s novel PQC algorithm that uses much smaller keys than NIST finalists. MASQ™ maintains performance similar to classical algorithms while offering the same or better quantum-safe protection.

All of Quantropi’s TrUE technologies are accessible via our flagship QiSpace™ platform. Talk to us today to learn more about QiSpace™ and how it can help you prepare for the future!

Experts like Michele Mosca, Deputy Director at the University of Waterloo’s Institute for Quantum Computing believe that the odds of reaching Y2Q by 2026 are 1 in 7 and 1 in 2 by 2031. When Y2Q becomes reality, quantum computers will easily break the outdated cryptographic protocols we currently rely on to protect our systems and data. That’s assets worth US$3.5 trillion that are at risk because they still rely on outdated cryptography!

Currently, the best way to ward off a possible future quantum attack is to develop stronger quantum-resistant encryption (aka post-quantum cryptography or PQC). But the truth is, most PQC methods work well only in the lab. In unpredictable real-world environments, they just cannot stand up to scrutiny. Moreover, researchers at the University of Waterloo’s erstwhile Quantum Hacking Lab have demonstrated that theoretically-perfect PQC is not as ‘unhackable’ or ‘quantum-proof’ as its supporters claim. 

Here are the 3 drawbacks of PQC-based systems we need to be aware of. $3.5 trillion worth of assets are at stake!

Increased Transition Complexity

Moving to a PQC-based system will affect the performance of an organization’s current cryptographic infrastructure since it will involve more computations and therefore an increased workload. It may even render some parts of the system obsolete, raising the need for replacement hardware and adding to transition complexity. As system complexity increases, it will also increase costs and lengthen timelines.

As an organization starts thinking about the move from classical to PQC-based encryption, it cannot ignore these disadvantages. Meanwhile, its vulnerability to quantum attacks keeps increasing.

Difficult to Scale

Many PQC algorithms are notoriously difficult to scale. For example, for lattice-based cryptography, which is a popular method for post-quantum cryptography, it is very difficult to prove its ‘hardness’ (a measure of an algorithm’s resilience to attacks) at scale. Current lattice algorithms that do manage to scale well only achieve average-case hardness. Thus, there is a trade-off between hardness and scalability. Either can be achieved, but not both.

Larger Key Sizes & Limited Speeds

Most PQC algorithms require much larger key sizes than existing public key algorithms. For example, multivariate cryptography, which is also considered a good basis for PQC, involves very large key sizes, which require more storage inside a device. They also result in large amounts of data to be sent over a communications system for key establishment and signatures. Therefore more time is required to encrypt and decrypt messages, or to verify signatures at either end. This limits transfer speeds, which can be dangerous in case of a sudden quantum attack.

At Quantropi, we believe that every organization needs to harden today’s defences against today’s attacks AND tomorrow’s attacks by quantum computers. We’re the only cybersecurity company in the world providing the 3 prerequisites for cryptographic integrity: Trust, Uncertainty, and Entropy (TrUE). Powered by quantum mechanics expressed as linear algebra, our patented TrUE technologies establish Trust between any two parties via quantum-secure asymmetric MASQ™ encryption (coming soon); ensure Uncertainty to attackers, rendering data uninterpretable forever, with QEEP™ symmetric encryption; and provide Quantum Entropy as a Service (QEaaS) with SEQUR™ – ultra-random key generation and distribution to enable secure data communications. All Quantropi’s TrUE technologies are accessible via our flagship QiSpace™ platform.

Talk to us today!

Quantum-secure any application, product, network, or device with the QiSpace™ platform — without having to sacrifice performance or make major investments in new technology or infrastructure. See for yourself how only QiSpace™ offers TrUE quantum security via all three essential cryptographic functions. Leverage asymmetric encryption algorithms (the “Trust” or “Tr” of “TrUE”) via MASQ™, symmetric encryption (“U” for “Uncertainty”) via QEEP™ and strong random numbers (“E” for “Entropy”) via SEQUR™.  Make it TrUE with QiSpace™ — and protect your business, brand, and customer promise. Now and forever. 

To learn more about our quantum-secure solutions, don’t hesitate to get in touch with our experts!

Share on facebook
Share on twitter
Share on linkedin
Share on email

Categories

BUSINESS

The nuts & bolts of real-world implementation
Read

TECHNOLOGY

The ins & outs of our solutions portfolio
Read

ACADEMIC

The math & science behind quantum security and QEEP™
Read

Talk To Us

Patricio Mariaca

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum quis mauris justo. Vestibulum vel nulla vel tortor dignissim auctor. Donec porta semper lacus, id mollis metus pretium at. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam malesuada ullamcorper metus, eget facilisis tortor posuere sed.

Eric Chan

Eric Chan a.k.a. EEPMON is a Crypto / Digital Artist with 15 years in the industry – and Quantropi’s Creative Emissary. His hybrid fractal/digital creations have been seen in fashion, comics to museums and has exhibited worldwide. EEPMON’s collaborations include Canada Goose, MARVEL, Snoopy, Microsoft Xbox, Canada Science & Technology Museum and was a TEDx performing artist. In 2018 he represented Canada on its first Creative Industries Trade Mission led by Canada’s Minister of Heritage and serves on the Canadian Museums Association‘s Board of Directors. At the same time, he is currently completing his Master of Information Technology – Digital Media at Carleton University. 

Dafu Lou

Dafu is Quantropi’s Director of engineering. Prior to Quantropi, he served as a technical leader at Irdeto, a world-leading provider of digital platform security software, where he was responsible for white-box cryptography, cloaked CA secure core, and iOS/android application protection services, among others. Prior to Irdeto, Dafu served as a senior software engineer at SecureNex Systems, where he led the implementation of an SSL-VPN solution and ECC-based secure data storage & PKI. He earned his Ph.D. in electrical engineering from the University of Ottawa in 2009. Dafu is also a part-time professor, teaching VLSI, Cryptography and other subjects at uOttawa.

Pauline Arnold

As James Nguyen’s EA, Pauline Arnold brings more than 40 years of experience in complementary customer service and administrative roles. Prior to Quantropi, she served 20 years as Branch Manager and an assistant in investments, and over 20 years at Metropolitan Life Canada in various aspects of the insurance sector – assisting clients, management and colleagues to complete tasks, solve problems, address questions and achieve goals. She also worked part-time for Royal Lepage Performance for 5+ years as a receptionist & admin, and for 5 years was chair of the TKFG’s charity golf tournament.

Bond Vo

Bond Vo is the Business Analyst of Quantropi. Along with Quantropi, Bond has been dynamic in accordance with a fast and evolving startup environment and is responsible in a wide range of areas including market research, funding, and more involved in the controller roles to oversee day to day accounting operation as well as build financing models and budget to achieve company’s ultimate goals/objectives. Bond has applied best practices consistently and successfully supports equity, debt, and non-dilutive funding for Quantropi since joint the team. He earned a Bachelor of Commerce concentrated in Finance from Carleton University. Outside of his professional career, Bond also participated in volunteer for the Vietnamese Immigration Student Association (VISA) to help and support students as well as newcomers in Canada.

Tina Wang

Tina develops websites and participates in a range of different projects, using new frameworks for front-end UI, along with Vuejs, Angula, Beego, Ruby on Rails, and Electron. She developed Quantropi’s desktop CipherSpace application by integrating Electron, Webassembly and Go, to ensure a good user experience, as well as perfect operating system compatibility. She is also part of the dynamic and efficient QKD-NODE project team. Tina is always looking for new ways to increase her knowledge, improve her technological proficiency and enhance her strong execution and implementation skills. Prior to Quantropi, Tina served as a full-stack web developer at Sunny Future, where she maintained a WordPress home site and managed the release of new content for the company.

Nick Kuang

As VP Corporate Services, Nick plans, directs and coordinates a wide range of activities aimed at achieving Quantropi’s vision of the Quantum Internet. He has a keen interest in transformative technologies and the possibilities they offer for bettering our everyday lives. A pharmacist by training, Nick nurtures teams with a focus on integrity and collaborative effort, coupled with strong attention to detail. With prior experience in a successful biotech start-up developing point-of-care test kits, he enjoys the fast pace and challenge of the start-up environment.

Alex He

Alex is a product-oriented project manager who bridges the gaps between the company’s engineering and commercial teams. He has over ten years of experience in the analysis, design and development of enterprise-class applications, with a particular focus on creating optimal user experiences (UX). Ever passionate about cybersecurity solutions that can deliver solid security without unreasonably sacrificing customer convenience, Alex is the lead inventor of a registered patent on user interface security. He is committed to helping ensure that the Agile software engineering team at Quantropi delivers consistently high-quality, high crypto-agility cybersecurity solutions for next-generation communications.

Michael Redding

Before joining Quantropi, Mike was Managing Director and co-founder of Accenture Ventures, where he grew a global portfolio of strategic partnerships and 38 equity investments in emerging technology startups.

During his nearly 30 years with Accenture, he incubated and launched technology innovations for enterprises across multiple geographies and industries. Ever-passionate about bold ideas with game-changing results, he speaks frequently on the impact of emerging technology on large organizations.

With a bachelor’s degree in Electrical Engineering and Computer Science from Princeton, and a Master’s in Biomedical Engineering from Northwestern, Mike is a former member of the Board of Directors for the Accenture Foundation and Board Observer for startups Maana and Splice Machine.

Raj Narula, P.Eng.

A seasoned technology executive, business builder and angel investor, Raj has held operational and advisory roles in Recognia (Trading Central), Belair Networks (Ericsson), March Networks (Infinova), Sandvine (Procera), Neurolanguage (ADEC), Bridgewater Systems (Amdocs), Vayyoo (Cafex), TenXc (CCI), 1Mobility (Qualys) and others. Having divided his time among North America, EMEA and Asia-Pac for over 20 years, Raj speaks several languages. He grew up in Asia, Europe, South America and Canada, and holds a B.Eng degree in Mechanical Engineering from the University of Ottawa. He is also a co-founder and Charter Member of the Ottawa chapter of TiE (the Indus Entrepreneur).

Ken Dobell

Ken leads marketing strategy at Quantropi. In high demand as a consultant with 25 years’ experience in performance media and an award- winning creative background, he has completed successful transformations, (re)branding and product development mandates with KPMG, Keurig, Fidelity, Eddyfi, Coveo, and more, and provides digital advice to the CMA. Previously, Ken pivoted an offline advertising brokerage to a leading-edge, data-driven performance agency as President of DAC Digital, held a progression of international leadership roles with Monster.com, pioneered a range of multi-channel initiatives as VP Marketing with a global franchisor, and introduced a mobile-first programmatic media offering to Canada within WPP.

Cory Michalyshyn

Cory brings a breadth of experience to the Quantropi team, working fractionally with multiple SaaS technology companies as CFO, and as the CFO with Celtic House Venture Partners. Prior to these roles, Cory was CFO and COO at Solink, and played a lead role in the metrics-led pivot to a direct-sales SaaS model, followed by multiple VC-backed funding rounds and their recognition as one of the fastest growing start-ups in Canada. He qualified as a CPA while serving technology, VC & PE-fund clients at Deloitte, and earned his Bachelor of Commerce at Queen’s University.

Dr. Randy Kuang

Randy holds a doctorate in quantum physics. His research findings have been published in top international journals and named “Kuang’s semi-classical formalism” by NASA in 2012. With a career spanning IT, including with Nortel as senior network researcher & developer, he co-founded inBay Technologies in 2009, serving as CTO of the cybersecurity platform. As the first recipient of a patent for two-level authentication (2011), Randy is a prolific inventor, with 30+ U.S. patents in broad technology fields, such as WiMAX, optical networks, multi-factor identity authentication, transaction authorization, as well as concepts, technologies and industrial applications for quantum key distribution.

James Nguyen

Prior to leading Quantropi, James was Chief Investment Officer & VP Asia Operations for a group of private and public real estate, mining, energy storage, graphene technologies and manufacturing interests, where, in his responsibilities for strategy, banking and global expansions, he secured large-scale investments and partnerships for commercializing graphene applications across multiple industries. A graduate of Carleton in Economics, he previously achieved success managing a mid-market portfolio (professional services, public sector, Asian markets) at RBC for over a decade. James has been on the HKCBA board, held advisory positions with technology start-ups and gives back as volunteer, fundraiser and mentor.