Torben Pryds Pedersen: The Future of Cryptographic Security in the Age of Quantum

0
44

Modern cryptography is still a relatively young scientific discipline, but its history shows a significant pattern. Most developments are based on research that took place years or even decades before. There’s a good reason for this Ice Age movement pace. Just as drugs and vaccines go through years of rigorous testing before they hit the market, cryptographic applications must be based on tried and tested methods.

Blockchain is one such example of the development cycle in action. Satoshi Nakamoto’s work on Bitcoin was the application of principles that David Chaum first described in the early 1980s. Similarly, recent Multiparty Computation (MPC) deployments to secure private keys or sealed bid auctions take advantage of ideas developed at the same time. With the quantum machine threat looming over modern computers, the need for newer and stronger forms of cryptography has never been greater.

Torben Pryds Pedersen is the Chief Technology Officer of Concordium and was previously Head of Research and Development at Cryptomathic.

Nobody knows exactly when or if quantum computers will prove to be able to crack today’s encryption methods. However, the threat alone is currently fueling extensive work to develop alternatives that will prove robust enough to withstand a quantum attack.

A compressed timeline

Finding a replacement for existing encryption methods is not a trivial task. For the past three years the National Institute for Standards and Technology (NIST) has been working to research and develop alternative algorithms or the backbone of any cryptographic system. In July of this year, a shortlist with 15 proposals was announced for an ongoing project looking for quantum-resistant encryption standards.

However, many of these proposals are unattractive because of impractical key sizes or overall efficiency. In addition, these alternatives need to be tested and verified sufficiently to ensure that they stand up to the test of time.

I am sure we will see further developments in this area. However, developing better cryptographic algorithms is only part of the puzzle. Once an alternative is defined, ensuring that all existing applications are updated to the new standard is a much bigger task. The scope is huge and covers practically every use case across the entire Internet, in the entire financial sector and in blockchains.

See also: What Google’s “Quantum Supremacy” means for the future of cryptocurrency

Given the size of the task, plans and actions to migrate existing data must be in place long before the quantum threat becomes a reality.

Digital signatures for self-sovereign data

Governments and banking institutions are not naive. According to the 2020 United Nations e-government survey, 65% of member governments are seriously considering governance in the digital age, according to the agency’s own metrics. The protection of personal data is a growing problem which is reflected in the inclusion of data protection mechanisms and methods for digital signatures in the development agenda for e-government applications.

The technology behind digital signatures is generally well understood by governments. In Europe, for example, the eIDAS regulation obliges organizations in the member states to introduce uniform standards for electronic signatures, qualified digital certificates and other authentication mechanisms for electronic transactions. However, there is also recognition from the European Union that updates are needed to protect against the threat posed by quantum computers.

It is likely that future methods of protecting personal data will be driven by the principle that users own their own data. In the banking world, PSD2, a payment policy for how financial institutions handle data, was a catalyst for this principle. Once users have the right to share their own data, it becomes easier to simplify data exchange between multiple banking institutions.

Cryptography now plays an important role in the principle of self-sovereign data, but I think we will see that this concept is used more and more frequently in Web 3.0 applications. Ideally, users control their data in any Web 3.0 application, providing complete interoperability and ease of use.

Increase security and trustworthiness with multi-party computing

Similar to the increase in digital signatures, there will be more applications for multi-party computing. After MPC was a purely theoretical construction 30 years ago, MPC is now used in more realistic applications. For example, several institutional asset security platforms, including Unbound Tech, Sepior, Curv, and Fireblocks, are already using variants of MPC to ensure the security of private keys.

Blockchains have not yet reached their true potential, as evidenced by the lack of compelling use cases.

Due to the tremendous security potential of MPC, we will continue to see improvements in this technology. It also fits well with the principles of decentralization of trust as it removes individual points of attack and reduces reliance on individual trusted entities. In the future, a single person’s private key could be stored in several decentralized locations and still be made available immediately if the user so wishes.

Blockchains for individuals and companies

Blockchain technology is still at a low level of maturity. In theory, it offers significant promise to help individuals and businesses take control of their data. However, the fact remains that today’s blockchains and associated distributed ledger technologies have not yet reached their true potential, as evidenced by the lack of compelling use cases.

However, given the development of other cryptographic applications such as digital signatures and multi-party computation, it is expected that blockchain technology will improve significantly, become more efficient and accessible – and therefore gain importance in the coming years.

The concept of blockchains is not in itself threatened by quantum computers. Blockchains are first and foremost used to securely register data (or digests of data), and we already know how the basic functionality of blockchains (immutability of registered data) can be secured with basic cryptographic elements that are secure in the quantum age (hash functions) and digital signature schemes).

However, more work is required to handle more advanced protocols efficiently, and more work is required to continuously improve the security and efficiency of basic cryptographic elements and to make the blockchain ever more efficient.

With this in mind, distributed systems are gradually being improved to keep them secure. We will likely keep the smart and good properties of the current cryptographic algorithms and update them gradually as needed. The planning of this process must be done very carefully, as every update must be carried out in good time before the current version becomes unsafe.

In addition, blockchain-enabled payment systems with robust post-quantum security can play an important role in the future of online retail.

See also: Michael Casey – MPC Explains: The Bold New Vision for Securing Cryptocurrency

Regardless of the use case for cryptography, the user experience is a critical driver for adoption. A lack of usability has been a massive problem for most cryptographic applications – and this is also true for blockchains. Most platforms are just infrastructure solutions and therefore cause a lot of friction for end users.

Ultimately, blockchain applications have to become as user-friendly as today’s internet and smartphone applications. Ease of use and quantum-safe security are critical to the future of government, commerce, and Web 3.0.