View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

Advertorial: in association with the University of Surrey

Cybersecurity in the quantum age

A new era of computing requires a new kind of cryptography.

By Professor Liqun Chen

Cybersecurity has become one of the hottest topics in the modern digital world. How to make cybersecurity solutions trustworthy is a highly relevant question. Cybersecurity solutions make use of cryptographic mechanisms, so trusting in these solutions means trusting in cryptography. Cryptography helps the world build trust. Without cryptography, trusting any information that is processed, distributed and stored is impossible. From this point of view, cryptography plays the role of a “root of trust”.

However, cryptography itself relies on trust. Cryptographic mechanisms need to be trusted, but there are many barriers. In recent years, a substantial amount of research on quantum computers has been reported and this has drawn enormous attention from the cryptographic community, governments and the cybersecurity industry.

Quantum computers can solve mathematical problems that are difficult or intractable for conventional computers, such as the factorisation problem and the discrete logarithm problem. For the factorisation problem, you are given the product of two large prime numbers and asked to find these numbers. The discrete logarithm problem involves modular arithmetic (numbers wrap around, as in a clock, where hours run from 0 to 11 and back to 0 again – this is written as “mod 12”). Given three very large integers (g, y, p) where y is equal to (g x g x … x g) mod p, find how many gs are involved (this is the discrete logarithm). Current public-key cryptographic solutions rely on these computationally hard problems to make them secure. If large-scale quantum computers become reality, they will be able to break most of the cryptographic public-key algorithms currently in use. Therefore, these public-key cryptographic algorithms need to be replaced to protect against a potential future quantum computer.

Currently available quantum-resistant algorithms are based on five different computationally hard problems, which have been used to build algorithms for a range of cryptographic applications, including public-key encryption and digital signatures. These algorithms are all difficult to implement efficiently, and avoiding side-channel attacks in their implementation is more demanding. The security analysis of many algorithms is still not rigorous. This is an active research area that is full of challenges.

In 2016, the US National Institute of Standards and Technology (NIST) asked for submissions for post-quantum algorithms in asymmetric encryption and digital signatures for standardisation. On 5 July 2022, after three rounds of testing and review, the NIST announced the first group of four post-quantum algorithms selected for standardisation. The NIST’s choices of two lattice-based signature schemes and one lattice-based key encapsulation mechanism (KEM) scheme, along with a symmetric setting signature scheme, give the cryptographic community sound choices with which to begin the transition from today’s cryptography to that suitable for the quantum age, although more algorithms are still being evaluated by the NIST. Many international standard bodies are also involved in the development of post-quantum cryptography standardisation activities.

Cryptography is useable in a broad range of applications. It can be used to help build trust in applications; this is achieved by using trusted computing technologies, including authentication and attestation. However, adding trusted computing technologies to any application is challenging, without then requiring quantum-resistant solutions. These are extremely interesting problems and along with many academic and industrial partners, the University of Surrey is working in this area:

Quantum-resistant algorithms

Surrey served as a technical leader of the EU Horizon 2020 project, FutureTPM. A Trusted Platform Module (TPM) is a tamper-resistant component that is embedded in a host computer platform and acts as a root of trust. It also provides many cryptographic-related services, including authentication, attestation, and secure storage. TPMs have been embedded in billions of computer platforms. Since 2016 it has been a requirement that systems running Windows 10 should have a TPM 2.0 present and enabled. In the FutureTPM project, we have developed and identified a list of quantum-resistant cryptographic algorithms, which are suitable for inclusion in a future TPM. Some of these algorithms are taken from the NIST’s post-quantum cryptographic standardisation activities, and others are developed by our project consortium. We have also implemented these algorithms to test their performance. We have presented our project results to the Trusted Computing Group (TCG), which is an international industrial standard body and develops TPM specifications.

EU Horizon

Surrey has been involved in several other EU Horizon projects as a technical partner. These projects are using cryptography and trusted computing technologies for a number of different applications:
• ASSURED – building trust in information and communications technology.
• SECANT – providing security and privacy protection in healthcare ecosystems.
• CONNECT – securing digital connectivity between vehicles and between vehicles and transport infrastructure.
• REWIRE – providing new trust management mechanisms for the auditability and certification of software and hardware.
• ENTRUST – making medical devices, for example glucose sensors, secure.
(These projects are funded by the UK government Horizon Europe guarantee and administered by UKRI.)

Anonymous digital signatures

We need post-quantum anonymous digital signatures to protect users’ privacy. For example, the current TPM has a Direct Anonymous Attestation (DAA) signature scheme, which is used for authentication and attestation of a user’s computer platform without identifying them. This type of digital signature provides a good balance between security and privacy. However, the existing DAA schemes supported by TPMs are not quantum-resistant. Surrey has been working on such signatures for some time and we do have several post-quantum DAA designs, but further work is needed to make them practical.

At Surrey we are proud of the work we have undertaken to accelerate the transition to post-quantum cryptography. We look forward to continuing our research in the field, to ensure that the benefits of a new era of computing can be felt by all.

Topics in this article : ,
Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.