By Lt Col (Dr) Anupam Tiwari
Reader Caution: As you begin with this article, you will be presented with some concepts from the world of technology, including a little bit of elementary mathematics that mentions prime numbers and factorization. Do not worry if they appear technically overwhelming; I advise you not to skip reading. A good understanding of the fundamentals of quantum technology is growing more important in today’s technological world. Let this read be just not excluded for it is seemingly for tech geeks but understand that it’s a critical part of understanding the strategic defense challenges we will face in the years ahead. If any terms seem unclear while you read through, feel free to do a quick search or use tools like GPT to simplify them. Stay with it; knowledge is seemingly worth your time.
Armed forces globally are well known for deploying rugged cryptography implementations and adopting proven encryption/decryption standards for ensuring secret communications which are foundations of efficiency in demanding times of info warfare today. It may come as a surprise for most of the readers that all the mil grade encryption and cryptography that we (Indians) bank upon is primarily riding on NIST standards ex USA. So, all the well-known standards in cryptography like AES, 3DES, RSA, PKE SHA2/SHA3, etc. are ex-NIST. These standards also deployed across national CII like Finance, Data centers, National Missions like Aadhar, Ayushmaan etc. holding a plethora of data have done expectedly well till date and while umpteen breaches and data thefts have been reported over the last few decades, they have all been attributed to bugs in applications and vulnerabilities in deployment but not in deployed cryptography protocol. Per se, the standards and the algorithms themselves have withstood the challenging times and ensured imparting seamless Confidentiality, Integrity and Availability (CIA triad) of data as deemed.
The threat of the emergence of ‘Cryptographically Relevant Quantum Computers‘ (CRQC), which would potentially render conventional cryptography obsolete, is undoubtedly on the cards although perhaps sooner or a little later.
Going back a couple of decades back, in the 1990s, Peter Shor and Lov Grover came up with their respective algorithms which if could be run on CRQC, would be able to crack into the asymmetric encryption standards (aka present-day cryptography) and be able to perform quadratic speed searches which modern genre computers would take hundreds of years to process and compute.
- Peter Shor Algorithm: Cryptography banking upon prime number factorization needs to keep in mind the power of this algorithm which easily solves the problem of identifying large prime numbers in a matter of minutes/seconds once a CRQC is in place.
- Grover’s algorithm: A quantum algorithm to search for an item in an unsorted database. It offers a quadratic speedup over classical methods for searching and you are able to find a given item in a database of size N using about the order of square-root{N} instead order of N evaluations. So simply speaking for a comparison, if some algorithm search needs 64 attempts to search for a key, it will be just square root (64) i.e. 8 attempts to solve.
Cryptography Classification and Effects
While CRQCs are assumed to be a threat to the present genre of cryptography, there is an if-then-else condition that exists to this realization. The broad division of cryptography classifies cryptography into two types: Symmetric and Asymmetric. Symmetric Cryptography pertains to the use of a single key/password for use in encryption and ensuring security of data. The longer the key with a mix of alpha-numerics and special characters, the greater is assumed to be the security. In Asymmetric cryptography, we have two keys aka Public Key and Private Key which have special characteristics enabled on Discrete logs/ Prime factorization or Elliptic curve cryptography that allow one key to encrypt and another key to decrypt allowing encryption-decryption and non-repudiation/ownership of data by sender and receiver. Asymmetric cryptography is majorly used in encryption as well as digital signatures to sign documents digitally.
Among this classification i.e. Symmetric and Asymmetric, it is asymmetric cryptography at large that stands directly vulnerable to quantum computer attacks. Peter Shor’s algorithm directly affects into breaking these encryptions by breaking the mathematically hard problems of present-day cryptography. Per se Symmetric Cryptography, for the present day it is just enough to double the key size, although AES- 256 and equivalent is considered apt as quantum future proof today.
Quantum Computers: Simply understanding
Conventional computers are known for construing everything for processing by just interpreting Zero’s and One’s combination and sequence. So be it image editing typing anything, playing a song or video, doing simple to complex mathematical operations etc., conventional computing is all enabled on 0s and 1s. Just the opposite is the way quantum computers work. So there are no 0s and 1s in here but it is the superimposition state i.e. a bit can be in both 0 & 1 state at the same time. This makes it very contrastive to the way we have acquainted ourselves with learning the basics of computers, but that’s how it is. So, without going into more of the technicalities of explaining quantum characteristics like entanglement and parallelism, let’s for now assume that quantum computers are quite a contrast to our apprehension of computing and processing. A whole lot of unlearning is deemed before anyone diving to understand the quantum world.
So, these peculiar characteristics of Quantum computers make it very simple to solve computing problems that conventional computers would have taken years to break. While present-day computing hardware is limited by speed and processing specs to break conventional cryptography, this will not stand against CRQC.
The illiterate of the twenty-first century will not be those who cannot Read and Write, but those who cannot Learn, Unlearn, and Relearn” by Alvin Toffler, an American futurist and author.
Need of Post Quantum Cryptography
So here we arrive at the core of the discussion of this article on the need for Post Quantum Cryptography (PQC). So today, per se threat, the arrival of CRQC is just a reverence, it may come within a decade, or it may come after a decade plus. But whatever encryption we are banking upon today might not be effective after this foreseen arrival and no one stops from the same being harvested by the adversary today. “Harvest Now Decrypt Later” is a well-known phrase used in security forums discussing quantum threats. So, let’s say for example, we have encrypted some secret data before being transmitted from one place to another, which even if accessible to an adversary owing to some vulnerability/bug in the application or API will be futile since it will be just a mix bag of indecipherable junk characters. But the same if harvested/stored today by the adversary, it can be easily decrypted on the realization of CRQC in the near future tomorrow. So is this acceptable? Certainly not. For all the assumed safe “data at rest” in clouds or any storage enabled on conventional cryptography, it is going to be a nightmare for any state if this stands compromised. We need to empathize with the colossal data in transit today banking merely on the premise of being encrypted but by classical methods of cryptography. Further to add, the emerging capacity of AI to examine and extract unimaginable insights from such huge datasets might even pose a catastrophic risk- an undoing of the security and strategic stability of any state together.
Today, to obviate ourselves from this imminent threat of the future, the need arises for the adoption of Post Quantum Cryptography. Per se seriousness of adoption and work, a whole lot of work has been done globally over the last two decades. NIST pioneered the PQC plans in the USA as it invited countries to submit respective PQC algorithms as early as 2016 to standardize the same. 82 submissions were received and 64 were finally filtered that met the criteria for stringent testing and audits. After a long 8 years that involved multiple rounds of iteration, the final standards were released on 13th Aug 2024. If we get specific to countries, the PQC development works are seen in brief in Figure 1.
Migration Dilemma
PQC is not just one technology, but a suite and amalgamation of multiple technologies enabled on vectors like QKD, and QRNG which have multiple subsets of tech classifications. Each of these sub-classifications has its respective Pro’s and Con’s and are applicable peculiar to user application scenarios. While the standards for PQC for most developed nations are out and undergoing implementation roadmaps already, it is very interesting to see the timelines of adoption for these standards. It is not weeks, not months, not one-two year but goes on up to 6-7 years. Such long migration times!!!! But what makes it so long?
The answer is the Size of the Keys. In Table 1 as seen herewith the huge difference in key sizes is imminent and this huge key size is attributed to the reason of such high migration times.
| CLASSICAL | PQC | |||||
| Symmetric | Asymmetric | Asymmetric | ||||
| Standard | Key Size (Bits) | Standard | Key Size (Bits) | Standard FIPS- 203 | Encapsulation Key Size (Bytes) | Decapsulation Key Size (Bytes) |
| AES | 128 | RSA | 2048 | ML-KEM-512 | 800 | 1632 |
| 192 | 3072 | ML-KEM-768 | 1184 | 2400 | ||
| 256 | 4096 | ML-KEM-1024 | 1568 | 3168 | ||
| Note: 1 Byte = 8 Bits | ||||||
This difference seen in Table 1 is way higher than conventional key sizes that today’s hardware is aptly capable of handling. Thus, migration from conventional cryptography to PQC is not just going to affect a simple replacement of algorithms and APIs but is certainly going to affect the infrastructure hardware and media that will be used to transact. The conventional infrastructure (Routers/Switches/Ethernet cards etc.) and the APIs (Browsers, Applications, Software etc.) would be deemed an upgrade in design, capacity and capability.
The Relational Dependence and Trust
If we look at the journey of evolution of Cryptography protocols, Symmetric and Asymmetric cryptography arrived in the mid-70s and India adopted it irrespective since we never had our indigenous options. We today have unfaltering belief in NIST and rest all our secrecy and confidentiality in their ostensibly safe protocols. Be it data at rest, data in transit, communication protocols, web traffic, APIs, or Android/iPhone real-time end-to-end encryption, it’s mostly NIST-dependent and nothing indigenous. While PQC final standards have been released by NIST, we await business models and industry to offer PQC-ready products, so we adopt and claim quantum readiness. That’s not how it should be if we envision Aatmnirbhar Bharat by 2047. We have capable but financially crunched R&D labs housing the best of global brains.
While we may feel proud of National Quantum Mission apportioning Rs 6000 crores (over 8 years till 2031), it will be interesting to note that while this figure may look immensely eminent internally to us, it is contemptibly small in amount considering other countries’ investments whom we intend to match as a developed country by 2047. China alone has earmarked 16 billion USD for the next 4 years peculiar to quantum technology.
So far So good, but in more dynamic times in today’s age where technology is just not about a product but is also more strategic, we need to take due caution in understanding the need for development and expedited need to adopt indigenous cryptography.
Quick Conclusion
I deliberately made this heading as Quick Conclusion since for as short an article can be on such a huge challenge on CRQC, I am limited by words and length to subscribe to the editor’s advice. But be it to understand, I am sure; the gist of the matter or problem is now in the minds of the readers who reached here. While we keep digitizing around defence forces and CII in the nation, we need to be extremely cautious about what cryptography are we banking upon now and what we plan for the future. While we envision being a developed nation, per se cryptography and PQC, we will need a whole lot of time (two decades +) to build, test, migrate and deploy our indigenous cryptographic standards. While the vision looks far away in 2047, the pace at which the future is approaching us all is much higher than seen in the past and we need to brace for unwarranted situations, unwarranted harvesting of data by adversaries and a whole other unwarranted lot. We need to be very clear that in global strategic relations, the friendship and adversarial tag of states is not a constant. We might be blind to adopting standards of friendly countries today, but it may become a trap if any swap of such tags happens tomorrow.
Dr Anupam Tiwari, a Ph.D in Blockchain Technology, is Advisor (Cyber) in the office of the Principal Advisor, Ministry of Defence, New Delhi.
