“The Enigma stands as a silent sentinel to the folly of those who placed their absolute confidence in its security.”[i]
This quote caught my attention the other day as I visited the NSA’s National Cryptologic Museum in Maryland. Based solely on mathematics, the Enigma was immensely secure. At the time, there was no known way to break its code. Eventually, its code was broken due to subtleties of how it was being used, and it’s interesting to note that to gain an advantage, the WWII Allied Forces didn’t reveal until many years later that they could decrypt its ciphered messages.
Remembering the history of the Enigma has stark relevance in today’s efforts with quantum security. This is especially true when it comes to understanding the strength or level of protection that certain quantum security techniques provide. This understanding is muddled when many sources seem to use terms interchangeably, such as quantum-safe, quantum-secure, quantum-resistant, quantum-resilient, quantum-enhanced, and quantum-proof. The truth is that there are significant distinctions between some of these terms. Puzzling them out can be somewhat of an enigma—pun intended.
What is quantum-safe?
Post-quantum cryptographic (PQC) algorithms, such as the announced NIST finalists, are referred to specifically as quantum-resistant.[ii] Many, often refer to them also as quantum-safe. Quantum-safe or quantum-resistant approaches use mathematics to create complex algorithms that are believed to be unbreakable by future quantum computers. The NSA explains it like this, “It is generally expected that any “quantum-resistant” or “quantum-safe” standard will be secure against all envisioned and understood quantum computing capabilities.”[iii]
That expectation is based on a conditional-secure assumption that there won’t be sufficient computational resources to break the encryption. In other words, similar to the Enigma of its time, quantum-safe means there’s currently no known way today to break NIST encryptions or PQC quantum-safe solutions. But, since they only rely on mathematic complexity, history demonstrates the likelihood that they will eventually be cracked. Does that mean quantum-safe solutions don’t have value? No. They play a vital role in addressing critical short-term security needs.
In this context, short-term security might mean keeping a one-time password secure for 10 minutes, a login token secure for a few hours until it expires and signs you out, or data with short-term value secure for up to 5 years. The secure lifespan could be potentially longer, but the actual expectancy is unpredictable due to the mathematical uncertainty inherent to quantum-safe encryption. As was recently reported, “The SIKE crack shows us, any quantum-safe encryption will be safe only until it is cracked.”[iv] So, caution needs to be exercised in how long we trust the efficacy of quantum-safe.
Consequently, quantum-safe security shouldn’t be relied on to protect against harvest now, decrypt later attacks unless the data being protected only has short-term value. That said, quantum-safe security can play a vital in enabling the secure implementation of quantum-secure solutions, such as how Qrypt uses short-term security of rotating pools of quantum random keys during an initial key exchange before those pools expire and are shredded.
What is quantum-secure?
A cryptosystem that is truly quantum-secure provides unconditional security, also referred to as information-theoretic security. To be quantum-secure or unconditionally secure, a cipher system must be proven safe against an attack from any adversary that has unlimited resources. In other words, it doesn’t matter how powerful of a computer gets invented, a quantum-secure solution is one that has mathematical proof that there’s no way to successfully break it.
Claude Shannon introduced this concept in 1946 with his work on perfect secrecy, where he proved that a properly implemented one-time pad is perfectly secure.[v] Unfortunately, one-time pads have been considered impractical for many years due to the strict requirements that must be met to achieve the status of perfect secrecy or being unconditionally secure. However, quantum-secure encryption exists today that leverages the cloud in a unique and practical way to leverage one-time pads to address long-term security needs.[vi]
Examples of data with long-term value that quantum-secure encryption is ideally suited to protect includes, classified government information and communications, trade secrets, biometric markers, covert intelligence asset identities, Social Security IDs, weapon designs, financial information, health records, personally identifiable information (PII), and more. Quantum-secure encryption can guarantee protection of these long-term data sets against harvest now, decrypt later attacks. Anything less than quantum-secure, leaves long-term data exposed the moment adversaries crack their code.
The threat from quantum computers is real and already here. Both quantum-secure and quantum-safe solutions will be needed to protect against the threat of quantum computers. But while quantum-safe solutions continue to be developed for future threats, quantum-secure solutions exists now to protect long-term data against today’s existing harvest now, decrypt later threats.
To learn more, sign up for our newsletter on our home page or contact our sales team at firstname.lastname@example.org.
As the VP of Product for Qrypt, Chris formulates the product roadmap to address the world’s threats to privacy and security. He has 13 issued U.S. patents and 15+ published works. Prior to Qrypt, Chris spent 20 years at IBM, most recently as Director of Product for IBM Quantum.
[i] Dr. A. Ray Miller, Center for Cryptologic History National Security Agency, “The Cryptographic Mathematics of Enigma,” Revised edition 2019
[ii] NIST, “NIST Announces First Four Quantum-Resistant Cryptographic Algorithms,” July 05, 2022
[iii] National Security Agency, “Quantum Computing and Post-Quantum Cryptography Frequently Asked Questions”
[iv] Kevin Townsend, SecurityWeek, “Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?” October 4, 2022
[v] Timothy J. Shimeall, Jonathan M. Spring, “Introduction to Information Security,” 2014
[vi] Kevin Townsend, SecurityWeek, “Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?” October 4, 2022