In January 2022, France’s Agence nationale de la sécurité des systèmes d’information (ANSSI) issued a position paper outlining its views on the transition to post-quantum cryptography. The paper has two core objectives, to outline a transition agenda and to provide direction to organisations developing security solutions. ANSSI specifically calls for a progressive increase of assurance on new post-quantum algorithms without introducing new vulnerabilities.
The transition to post-quantum cryptography involves the adoption of a new family of cryptographic algorithms. Unlike quantum key distribution (QKD), which requires its own infrastructure, these post-quantum algorithms can be executed by classical computers, across classical channel. This means they can be deployed across existing infrastructure.
ANSSI goes on to encourage crypto-agility and the adoption of a hybrid cryptographic mechanism that incorporates both the strong assurance of pre-quantum public key algorithms and the resistance against future quantum threats. Whilst hybrid PQC is not mandatory today, ANSSI does see it playing a crucial role in future cryptographic security.
What is a post-quantum algorithm?
The process of selecting and standardizing post-quantum cryptographic (PQC) algorithms was kicked off by NIST in 2017. Round three candidate algorithms were selected back in 2020 and comprise public key encryption, key establishment, and digital signature algorithms. Final published standards are expected in 2024.
PQC algorithms are typically defined by the mathematical principles on which they are built. They include:
- Structured or unstructured Euclidean lattices
- Error-correcting codes
- Isogenies between elliptic curves
- Multivariate systems
- Hash trees
Government calls for post quantum cryptography
Also in January, the President of the United States issued a National Security Memorandum setting a timeline of 180 days, within which US federal departments and agencies must have identified all instances where encryption is in use that doesn’t comply with NSA-approved quantum resistant protocols, and provide a timeline for transition to compliance.
Transitioning to post-quantum cryptography
Senetas has been developing solutions to the threat posed by quantum computers for more than 15 years and released its first commercial solution in 2007 in collaboration with IDQuantique. Since December 2021 it has offered hybrid encryption – classical AES and NIST candidate quantum encryption algorithms – in its CypherNET network encryptors. Of the 7 shortlisted candidate algorithms, Senetas already incorporates 4 in its hardware.
The ability to offer both classical and post-quantum algorithms will become the de facto standard for enterprise, government, and defence applications. Truly agile solutions will also permit users to make a choice from multiple encryption algorithms and standards.