Model of the quantum chip suspension of a Quantum System Two quantum computer, on display during the opening of IT company IBM's first quantum data center on October 1, 2024, in Ehningen (Baden-Württemberg), Germany. DPA/PICTURE ALLIANCE VIA GETTY
Indeed, a new era is dawning in the digital world. Modern technologies like "Signal" and "postquantum" have made it possible for web browsers like Google's Chrome, Microsoft's Edge, and Mozilla's Firefox, as well as messaging apps like Apple's iMessage and Signal, to secure communications. This adjective indicates that a quantum-type computer—a device that exploits basic properties of matter and permits certain operations that are not possible in a reasonable amount of time for modern supercomputers—cannot be defeated by the encryption used to render the messages exchanged unintelligible to a spy.
The American standardization agency NIST has been driving an innovation race to replace these weak points for the past ten years. And in 2022, following intense competition, NIST acknowledged the strengths of many systems in terms of both authentication (making sure the machine you're communicating with is the correct one) and confidentiality (encryption). That is, the two pillars of digital transactions.
Noise and denoise
"In fact, post-quantum is simply the new cryptography. This is the reality today," adds Carlos Aguilar Melchor, who has taken a leave of absence from the University of Toulouse to join SandboxAQ, a subsidiary of Alphabet, Google's parent company. "Finally, the postquantum is uncorrelated with the question of the quantum computer. It's here and it's becoming the norm," confirms Adrian Thillard, also at PQShield.
The "hard" problem at the core of ML-KEM, the first post-quantum method that NIST has kept, is OS. The latter included the HQC algorithm to its list of encryption algorithms in March. According to Philippe Gaborit, a professor at the University of Limoges and co-author of HQC, "HQC and ML-KEM have similarities that explain their selections, but enough differences to say that, if an attack works on one, it won't work on the other." Error-correcting codes are used by HQC. The researcher, who is proud of the French roots of this proposal that will become a global standard, adds, "We'suffered' to develop this algorithm, so the attacker will also suffer!" To assist with its deployment, the startup Portyq was recently established.
New features
Other algorithms for authentication or signatures are also being considered. NIST has restarted a selection process, but has already retained three. Because these are the ties that enable two machines interacting with one another to be certain that they are who they say they are, without a spy assuming the identity of one, the urgency is less pressing. Only if these algorithms were "broken" by quantum computers—which are not yet in existence—would the system be jeopardised. One of these key management systems is now compatible with these standards, according to a February announcement from Google.
Thus, the field is growing quickly. "There are still a lot of difficulties, particularly when putting these algorithms into practice, which calls for a bit more computation. According to Ludovic Perret, "or to keep researching their solidity using what is known as 'quantum cryptanalysis'." SIKE, a proposal during the NIST choices, was shelved in 2022 upon the discovery of an attack. Similarly, when it was announced in April 2024 that a quantum algorithm could solve the challenging vector network problem, a wave of dread swept through the world. However, 10 days later, a mistake was discovered, rendering the proposal outdated.
It's also not easy to implement. For instance, the PQShield teams had to modify the communication protocol for Signal to accommodate keys that were ten times larger.
"The advantage of these new algorithms is also that they bring new functionalities," explains Damien Stehlé, a co-author of ML-KEM and a worker at the South Korean company CryptoLab. For instance, it is creating homomorphic encryption, which enables actions on encrypted data without the need to decode it. More privacy protection is ensured by this. Post-quantum solutions may also be applied to protocols in which only a portion of the key is known, enabling computations to be dispersed across several locations without collecting all the information in one location. or assist in computerised vote certification.