TAIPEI (Taiwan News) —The third “PQC Standardization and Migration Workshop” took place at Academia Sinica on Saturday (Aug. 10), attracting upwards of one hundred participants from both domestic government and industry.
The one-day workshop addressed the “quantum leap” in computing power expected in the next 10-15 years, fueled by a shift from binary bits to qubits, unleashing more powerful computing. The risk associated with greater computing power is the current system of passwords and cryptography will soon be obsolete.
Furthermore, inexpensive data storage will allow hackers to engage in “catch now and decrypt later.” So worrying is this threat that an alliance of cyber security groups is encouraging industries and governments to migrate their data to post-quantum cryptography (PQC) standards.
Chelpis Quantum Tech Research Director Matthias Kannwisher said the workshop encouraged more companies and governments to prepare for the advent of quantum computing.
“Some companies are active in PQC and some are not. The US is leading the way in policy by issuing standards and some of the big US tech companies are also active.”
Kannwisher said there is still a lot of work to do. He encouraged Taiwanese companies as well as the government to pay more attention to the future threats posed by quantum computing.
NTU Professor Chang Pei-zen (張培仁) addressed the cybersecurity threat that many governments may soon face. “Many people say RSA cryptography will be broken in 15 years, so we need to work hard to prepare for this as we need to undertake data migration.”
Yang Bo-ying (楊柏因), Academia Sinica Institute of Information Science research fellow, warned current cryptography could be cracked at an accelerated timeline, warning both industry and government to make adequate preparations. Yang said the first PQC workshops began in 2015, attracting the interest of governments around the world in issuing standards and making recommendations.
Yang and fellow Academia Sinica partner Chou Tung (周彤) have participated in a competition hosted by NIST to develop the next PQC cryptography standard. Currently, his team is in the quarterfinal round of the competition out of an original field of 82 teams.
Yang believed that one aspect of PQC cryptography will be hardware support with specialized chips embedded on motherboards that will utilize either Kyber post-quantum key encapsulation or Elysium.
Sophie Schmeig, Google's senior staff cryptography engineer, reiterated Yang’s concern that PQC standards need to be generally accepted and agreed upon by many governments and industries. She said cybersecurity experts should both “know what should be standardized” and hope that in the future, “standards should be well defined.”
According to Schmeig, for a company like Google, which operates a huge data center, engaging in PQC data migration can affect performance, but she does not agree that more hardware or chip support is needed. “Chip support can be valuable, but I believe that many are still using very basic computers.”
Schmeig was also critical of what she deemed “fancy cryptography,” such as blind signatures, which will also be ineffective because most are based on the current RSA cryptography system.
Michael Kasper, Fraunhofer SG CEO, said that quantum computing technology is both a threat and an opportunity for society. “To ensure that the emergence of quantum computing is a positive development for society, we must first mitigate the associated threats.”
Kaspar said that PQC migration and resilience are needed to ensure data security for companies and governments at the application layer, security protocol layer, and crypto layer. He added that PQC security planning includes lots of preparation, including inventory and risk assessment, as well as the migration concept.
At a question-and-answer session, speakers were invited onstage to express their opinions about the current state of post-quantum cryptography. The most divisive issue was the use of quantum key distribution (QKD), or hardware-based boxes required by both the receiver and sender to decode encrypted data.
Google’s Sophie Schmieg expressed her belief that QKD is not a serious contender for security practice as it does not provide security to every switch in the system. Furthermore, she added that the speed of QKD makes it prohibitive and not compatible with other systems.
Kaspar agreed that QKD may not be useful for most companies, though it could be useful in niche markets. Kaspar said he has been working in cryptography for more than 15 years, and during this time, there have been many moments when the cryptography community has either converged or grown apart. He said more cooperation and agreed-upon standards would benefit end users as many more cyberattacks are expected in the future.
And finally, Schmeig was asked how Google chooses its security program. She said it’s a very complicated issue built upon a ”license wall,” with each level of protection being nearly impossible to break, with upper levels progressing in difficulty.