Quantum technology opens up transformative possibilities in computing, communication, sensing and many others – some of which we are only now starting to realise. But, like all technologies, it has its dark side: quantum computing will undermine much of modern cryptography, and with this the security and reliability of the internet.
Today, ‘quantumania’ is more than just the latest Marvel movie. With some of the largest companies around the world looking to create the next generation of computer, it’s only a matter of time until they become part of our new reality. And while companies work to develop large-scale quantum computers, many more are working to protect themselves against them. A functioning quantum computer has the potential power to help us understand far more about the world we live in than we ever imagined – but it could also crack the current encryption methods we use to protect our online communications, from bank transactions to private messaging. In 1993, mathematician Peter Shor developed a quantum computer algorithm that could break the commonly used RSA encryption, which is based on the assumed difficulty of factoring the products of large primes. Similarly, critical algorithms whose security is based on the assumed difficulty of computing discrete logs, such as Diffie-Hellman key establishment protocols, are swept aside by Shor’s algorithm. His work has spurred a new field: post-quantum cryptography. Without it, the digital world we’ve built for ourselves stands to also fall before us.
“The threat to modern crypto from quantum computers is sufficiently tangible and its impact sufficiently momentous that it must be taken very seriously. Quantum phenomena themselves may come to our aid in the form of quantum key establishment protocols but this is likely to be limited to very special cases. It is essential, then, that post-quantum cryptography be urgently investigated,” said Prof. Peter Ryan, head of the Applied Security and Information Assurance (APSIA) research group.
In partnership with the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust (SnT), LuxTrust – Luxembourg’s qualified trust services provider, is working to secure its infrastructure against quantum computers using post-quantum cryptography. In 2022, Jan Oupický joined SnT as doctoral researcher on the project, working alongside Dr. Marjan Skrobot and Prof. Ryan. Together, they will share their expertise in analysing the most promising post-quantum cryptography algorithms, and prepare the migration of LuxTrust’s infrastructure over to the post-quantum era. This will ensure a seamless continuity of LuxTrust’s services and security.
“We are confident that thanks to the expertise of SnT researchers, we will deliver practical solutions or answers to real industry challenges that will further benefit clients using our digital services,” said Fabrice Aresu, CEO of LuxTrust, when the partnership was announced in 2021.
Since Oupický’s work began in 2022, he has started analysing LuxTrust’s current infrastructure and areas that could be susceptible to the power of a quantum computer. With the infrastructure being vast, alongside the regulatory environment that accompanies trust services, Oupický will first focus on the areas that should be secured as a priority and then propose a plan to carry the data security through the post-quantum era.