Gordon Moore provided the famous law that bears his name. As early as 1965, Intel’s co-founder, based on empirical observations, had predicted that the number of transistors in a microprocessor would double every 24 months. The American engineer had set a limit though: the size of atoms.

Quantum physics, which studies the behavior of atoms, is set to replace Moore’s Law by moving into another dimension. Applied to computing, the superposition and entanglement properties of particle states make it possible to envisage unrivaled computing power for certain types of calculation.

IBM, Google, Microsoft, Baidu… A large number of private players have entered the race for quantum supremacy. In other words, the point at which a quantum computer will be able to solve a problem much faster than its conventional counterpart.

This quantum leap can be used to discover new medication, refine weather forecasts, or revolutionize cryptography.

If the promise of a quantum computer won’t not happen before a decade or so at best, the question of its use, and above all its misuse, is already an issue.

What if this quantum power fell into the hands of cyber-criminals or rogue states?

In this so-called post-quantum world, quantum computers could undermine the encryption keys we use every day which are based on symmetrical cryptography (the quantum force can “break” 128-bit AES keys, while 256-bit keys remain secure). This is the case for many protocols such as SSL/TLS, which we use to secure our web browsing.

Quantum computing could therefore break into public-key encryption, and not only expose newly stolen data, but also sensitive information previously intercepted by cyber-criminals who had not, until now, succeeded in decrypting it. This is the “harvest now, decrypt later” principle.

As the deadline isn’t so far off, the quantum threat must be taken into account now. In a comprehensive scientific opinion published in April 2022, the French National Agency for Information Systems Security (ANSSI) takes stock of the quantum threat. It also proposes a forecast schedule for migration to post-quantum cryptography, i.e. cryptography designed to withstand the future quantum computers.

Quantum power can be used to enhance security. Quantum Key Distribution (QKD), erroneously called quantum cryptography, is already able to produce a random secret key known only to the sender and the recipient. The purpose is to encrypt and decrypt messages using a traditional symmetrical cryptographic protocol. The ANSSI does not consider it “an appropriate countermeasure to mitigate the quantum threat”.

The next step is Post-Quantum Cryptography (PQC). It is a set of conventional cryptographic algorithms, including key creation and digital signatures, “providing conjectured security against the quantum threat”.

For the ANSSI, PQC is the most promising way forward. Post-quantum algorithms offer “various trade-offs between key size, signatures or key creation exchanges, computational complexity, and security assurance”.

Another upside is that they can be run on conventional devices and computers. In this PQC family, the ANSSI cites structured or unstructured Euclidean networks, error-correcting codes, isogenies between elliptic curves, multivariate polynomial systems, and hash functions.

These post-quantum algorithms are young, however, and can also be broken. “Crypto agility” is therefore needed by being able to change algorithms rapidly, and by adopting hybrid encryption that combines old and new algorithms.

In the USA, in July the NIST (National Institute of Standards and Technology) published a selection of four winning algorithms from a campaign to standardize post-quantum cryptographic algorithms that began in 2016. These four algorithms will be the baseline for the drafting of U.S. federal standards. As the NIST is international in scope, these future American standards will de facto be used as international industry standards.

The ANSSI considers that “even though this new post-quantum toolbox may seem convenient for developers, the level of maturity of the post-quantum algorithms present in the NIST campaign should not be overestimated“. In the Agency’s opinion, there’s a lack of cryptanalytical hindsight, and we’re still only at the research stage.

Even if France can’t compete with the USA and China in the quantum field, our country is implementing a particularly ambitious national strategy.

Published in January 2021, it provides for a total investment of 1.8 billion euros over 5 years. 156 million euros of the France 2030 plan will be used for the development of post-quantum cryptography.

In its opinion, the ANSSI notes that“the strong academic interest in this topic is historically present in France. Which is why the French community is actively involved, not only in the design and security analysis of primitives, but also in the analysis of their implementations”.  A national group of academics, industrials and ANSSI researchers has been set up under the “Regroupement de l’Industrie française pour la sécurité post-quantique” or Risq banner.

These initiatives are a step in the right direction. Similarly to other areas of cybersecurity, the sovereignty issue will be crucial.