The central goal of cryptography is to ensure secure and confidential communication between multiple parties. Electro-mechanical encryption can be traced back to World War II when Nazi Germany used the Enigma machine to transmit sensitive military and diplomatic messages. In today’s digital world, cryptography is everywhere; account passwords, text messages, e-commerce, emails, and secure web-browsing all require encryption and decryption in some form. With the rapid development of quantum computers and increased prevalence of cyber warfare, however, cryptography is changing and becoming more important than ever. In this article, the differences between classical (CC) and post-quantum cryptography (PQC) will be analyzed and discussed.
Classical cryptography can be split into two types: public and private key cryptography. Private key cryptography, also known as the symmetric encryption method, relies on a single private key to encrypt and decrypt messages between parties. Common examples include the AES and DES algorithms. Public key cryptography, or the asymmetric encryption method, forces users to have both a private and public key.[1] A widely-used example is the RSA algorithm, which is dependent on the difficulty of factoring large prime numbers to create a trap-door mechanism. In 1994, however, Shor’s algorithm demonstrated the ability of a functional quantum computer to break RSA encryption, deeming the cryptosystem unsuitable for the quantum era. While classical cryptography is still commonly used in today’s digital world, the threat of future quantum attacks necessitates a transition to post-quantum cryptography.
A common misconception is that classical cryptography is vastly different from PQC. This is inaccurate. Quantum-resistant algorithms must be capable of running on traditional computers, mobile devices, and network infrastructures. As a result, PQC does not require any new hardware; it is still reliant on the complexity of mathematical problems to implement asymmetric algorithms. These problems, however, do not use “integer factorization and discrete log problems to encrypt data”[2]. Quantum-resistant algorithms can be split up into the following cryptosystems: lattice based, error correcting code based, and multivariate based. One downside is that the mathematical complexity of these algorithms makes them slower than their classical counterparts. This makes the speed-security tradeoff much more significant, especially when devices or networks are constantly transmitting large volumes of messages/information.
The potential benefit of quantum computers is great. The computational power available will revolutionize pharmaceutical development, manufacturing, environmental modeling, and finance, among many other things. Nevertheless, the cybersecurity threats are real and must be mitigated. There are several routes companies and leaders can take. First, PQC solutions can be adopted immediately following NIST standardization. Some drawbacks to this approach are cost, unproven security, and high latency times. Second, systems could be “retrofitted with PQC solutions later.”[3] This means that companies would have to begin preparing the hardware and software of their current technologies for PQC adoption closer to 2030, once algorithms are more efficient and secure. Drawbacks of this approach include high cost and a lack of security until adoption occurs.
Society has made significant progress in the realm of cryptography. Classical cryptosystems have been developed, tested, and improved. Still, a new threat has emerged in the form of quantum computers, placing post-quantum cryptography at the forefront of modern cybersecurity developments. The decisions of industry leaders today will determine the security of the digital world tomorrow.
[1] Bennett, Charles, and Gilles Brassard. “Comparison of Classical and Quantum Cryptography.” 11 May 2021, https://cklixx.people.wm.edu/teaching/math300/KathyN.pdf. Accessed 22 June 2022.
[2] “Quantum Cryptography vs Post-Quantum Cryptography.” Anastasia Marchenkova, https://www.amarchenkova.com/posts/quantum-cryptography-vs-post-quantum-cryptography. Accessed 22 June 2022.
[3] “How to prepare for post quantum cryptography.” McKinsey, 4 May 2022, https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/when-and-how-to-prepare-for-post-quantum-cryptography. Accessed 22 June 2022.