How does the post-quantum era threaten your personal data and how to protect it?

It’s a scenario straight out of a sci-fi film for the big world, and yet quantum progress is already here. At the dawn of a new IT era, cybersecurity must reinvent itself if it hopes to continue to effectively protect private data in the years to come. Explanations.

If you are at all interested in cybersecurity, you have probably already read here and there that the most reliable encryption algorithms risk being undermined by quantum computing. The reason: their almost immediate obsolescence, induced by calculation methods that are much faster and more reliable than those offered by today’s computers. But how can quantum computing threaten cryptographic systems as strong as RSA-2048? And what does such an upheaval mean for the future of private data that we exchange in particular via encrypted email services?

What is quantum computing?

It’s a term that can be scary, but it’s actually simpler than it seems. Traditionally, a classical computer works with bits. By definition, the value of a bit can be either 0 or 1. In fact, when a classic processor solves a problem, it performs calculations one after the other until it finds the solution.

A quantum computer, on the other hand, works with quantum bits, or qubits, whose value can be both 0 and 1. This is called quantum superposition. To put it in a way that will perhaps speak more to everyone, it is exactly, on a macroscopic scale, the same principle that governs the thought experiment of “Schrödinger’s cat”: locked in a box with a radioactive source and a vial of deadly gas destined to explode above a certain radioactive threshold, the cat is alive and dead at the same time.

This state of superposition of qubits, that is to say 0 and 1 at the same time, therefore implies that a quantum computer can carry out tasks much more quickly than a classical computer since it can carry out several calculations in parallel. Following this logic, this means, in theory, that a quantum computer is able to find all possible results of a calculation in a single step.

Today, quantum processors are still in their infancy. From a physical point of view, first, since they take up a lot of space and the optics necessary to control the qubits require the articulation of numerous devices operating jointly (lenses, lasers, mirrors, pressure very low to create an artificial vacuum state necessary for the correct positioning of the qubits in space). But also from a technological point of view since, to function, a quantum computer must be able to correct the errors intrinsic to current hardware, which is much less sophisticated, which distort the final result of the calculation, and therefore prevent the resolution of complex problems that a Classic computer cannot solve it.

Ultimately, it is estimated that a quantum computer will be able to manipulate numerous qubits in a massively superimposed state, that is to say a superposition of all possible states of said qubits (0 + 1; 00 + 01 + 10 + 11; 000 + 001 + 010 + 011 + 100 + 101 + 110 + 111; etc.), and therefore to carry out a massively parallel calculation.

What are the risks for private data?

If quantum computing opens up exciting prospects in many fields such as pharmaceuticals, logistics and machine learning, it also raises significant security issues in cryptography.

In 1994, Peter Shor theorized an algorithm capable of factoring any large number into prime factors. Without going into the detail of a very complex procedure and calculation, Shor’s algorithm integrated into a quantum computer directly threatens ECC cryptography techniques (elliptic curves) and asymmetric encryption systems (private key / public key ) that we know today, still widely used to secure various web technologies such as SSL/TLS. We think in particular of the diagram of the RSA-2048 algorithm, which a sufficient number of qubits would manage to break quickly.

Let us temporarily reassure ourselves: quantum computers are still not powerful enough to break such encryption algorithms. It is also believed, for the moment, that symmetrical systems like the AES are resistant to quantum processes.

Despite everything, anticipating progress in quantum computing is a crucial current issue. The machine has been in motion for some time now, and it doesn’t intend to stop there. As proof: hackers and malicious organizations have already started to collect encrypted data, stored until quantum computers are able to break the locks that protect them. This is called a Store Now, Decrypt Later (SNDL) attack. Such a process will certainly take years to complete, but sooner or later, our personal and sensitive data will end up exposed.

How to anticipate quantum progress?

Unless you yourself are a CNRS researcher or a qubit genius, nothing allows us, on our scale, to prepare ourselves for the quantum revolution. On the other hand, we can, and we must, take a close interest in the contextualized developments of software, applications and online services that we use daily with the aim of protecting our privacy and anonymity.

Some companies operating in the cybersecurity sector, such as Proton AG, have already started working on different modes of post-quantum cryptography, and that is a very good thing.

Today, Proton Mail uses the OpenPGP standard to encrypt emails sent and received end-to-end. This standard, considered solid and effective, uses both symmetric encryption algorithms, therefore resistant for the moment, AND asymmetric ones, therefore threatened by quantum progress.

Aware of the danger posed by increasingly efficient quantum computers, the Proton AG teams have been working on post-quantum cryptographic methods in OpenPGP since 2021. The objective here is to understand and define how messages exchanged in the post-quantum era -quantum must be encrypted so that private information remains private, without compromising the interoperability of conversations.

Also based on the observation that post-quantum cryptography is much less documented than classic cryptography (research, analyses, publication of results, etc.), Proton Mail has chosen to begin deploying certain post-quantum technologies in conjunction with already existing technologies. Objective: not to wait until the very last moment, which would mean taking the risk of exposing subscribers’ data the day current encryption methods have been broken by quantum computing.

To summarize Proton’s current advances, the post-quantum encryption systems envisaged will use lattice-based access control algorithms (good security/performance balance). Encryption will be provided by CRYSTALS-Kyber, while signatures will be secured using CRYSTALS-Dilithium, two post-quantum algorithms published by NIST (National Institute of Standards Technology), intended to strengthen cryptographic options against quantum attacks.

To go further, Dilithium will be associated with X25519 and Kyber with Ed25519, two elliptic curve public key systems. The idea is to combine pre- and post-quantum methods to offer Internet users an encrypted messaging service resistant to all types of attacks, current and future.

We also recall that as asymmetric encryption algorithms are considered vulnerable to quantum computing, the current version of OpenPGP must be revised. This is why Proton is actively working on standardizing symmetric key exchanges to encrypt/decrypt messages protected using OpenPGP.

Enough to offer great years of security to Proton Mail and all its subscribers for many years to come.