Skip to main content

Quantum Cryptography

It's easy to get in the weeds on cryptography and quantum cryptography and forget exactly what it is that's happening and why we're worried. This is how I try to explain it to my friends and coworkers:

Modern cryptographic algorithms are built on specific mathematical computations that are easy to do in one direction and very difficult to do in the opposite direction. Almost fifty years ago cryptographers discovered prime factorization is one of these computations that allows the creation of private and public key pairs that can be used to securely communicate information with someone you have never met before (Diffie & Hellman, 1976).

Typically the expensive public and private key asymmetric process is used at a login or initiation of a conversation to exchange a random string that both sides share to perform a much less (CPU) expensive symmetric encryption for their conversation (Rescola, 2018). For example you might establish a session with your VPN provider at login and then use the same random symmetric key for hours and many gigabytes of traffic.

So now consider that quantum computers threaten to make prime factorization and other tough math very easy. That means that there's no longer a secure way to exchange a symmetric key with someone you've never met in person. It also means that any VPN session that someone was able to intercept and save to storage can be fully decrypted down to the last packet and replayed to extract all your network traffic including passwords and content.

This is what the NIST and other post-quantum cryptography initiatives are trying to prevent. Potential solutions tend solve for this by having more asymmetric conversations that share more symmetric keys over the course of a session to increase the complexity of decoding any conversation after the fact (Marlinspike, 2016), or more complex mathematics which wrap the prime factored keys in additional complexity (Barnes et al, 2022).

References

Barnes, R. L., Bhargavan, K., Lipp, B., & Wood, C. A. (2022, February 1). RFC 9180: Hybrid Public Key Encryption. https://www.rfc-editor.org/rfc/rfc9180.html

Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654. doi:10.1109/tit.1976.1055638

Marlinspike, M. (2016, November 20). The Double Ratchet algorithm. Signal Messenger. https://signal.org/docs/specifications/doubleratchet/

Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. https://doi.org/10.17487/rfc8446