As quantum-powered cyber attack threats become more real every day, liberal democracies and autocratic regimes are racing to develop quantum-safe encryption. But Europe risks being a spectator.
With the recent Christopher Nolan film about the father of the atomic bomb, J. Robert Oppenheimer, a comparison of the race to build an atomic bomb in the 1940s with the race for quantum-safe algorithms is frighteningly similar.
While robust encryption is the backbone of securing the digital world as a whole and underpins the world’s global commerce, quantum computers may render the encryption normally relied upon to secure and protect data obsolete.
On the one hand, China, the UAE and Russia are among the nations eager to create their own ecosystem of quantum-safe cryptographic standards and algorithms.
Conversely, the US National Institute of Standards and Technology (NIST) introduced standards to identify post-quantum encryption algorithms, and the National Security Agency (NSA) released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) for requirements for quantum-resistant algorithms.
“The standardization process is well underway, and it’s fair to say that most researchers are happy with most of the decisions that NIST has made,” Dr. Bart Preneel, a cryptographer and cryptanalyst who teaches at the Katholieke Universiteit Leuven, told EURACTIV.
Relive the race for the atomic bomb
The magnitude of a transition in a post-quantum world is likely to affect every internet user. The risks of breaking common encryption range from jeopardizing financial transactions, to publishing medical records via revealing national security secrets.
“Crypto is not cryptocurrency. People don’t really realize when they’re using crypto.” Dr. Axel Y. Poschmann, expert in quantum technologies and head of product innovation and security at PQShield, told EURACTIV.
Cryptography is a component of virtually every aspect of the digital sphere.
This is why nations are now racing to develop quantum-powered algorithms for breaking encryption and for post-quantum encryption. Like the Manhattan Project in 1942, the benefits of getting a head start on quantum computing are both strategic and financial.
The development of the atomic bomb led to a catastrophic result – the bombing of Nagasaki and Hiroshima and the standstill of world powers due to fear of mutual destruction.
Quantum-powered cyberattacks and decryption algorithms are bound to lead to a similar stalemate, as they can lead to unacceptable risks to each adversary’s society while fueling a constant arms race.
Of particular importance is the protection of critical national infrastructure, which ranges from defense systems, nuclear power, telecommunications, infrastructure, energy and transport, to health care and financial transactions.
With the advancement of quantum technologies, this type of data is at risk of interception and future decryption.
While cryptography was a feature of geopolitics in the past and only available to military units, “now it looks like it’s becoming a feature of geopolitics again,” Poschmann said.
The importance of quantum computers in the geopolitical context is highlighted by the latest US sanctions, which are precisely aimed at crippling China’s access to semiconductors fundamental to the development of quantum computers, and more export restrictions may follow.
These international tensions echo technical standards that have become increasingly politicized, with the US and China using them to push their agendas. But as with the nuclear race, Europe risks being sidelined.
“As has happened before with other cryptographic standard developments, the contributions of EU researchers has been the largest, partly funded by the European Commission,” said Preneel, adding that decisions however is made by the American NIST.
EURACTIV understands that quantum cryptography is likely to be high on the agenda of the next European Commission. The EU already sponsors the European High-Performance Computing Joint Undertaking (EuroHPC JU).
While the EU contributes to research in this area, it has not taken the initiative to shape the technical standards in this strategic area, despite the European Standardization Strategy promising a more muscular approach to standardisation.
In the latest report by ENISA, the EU Agency for Cyber Security, NIST has been recognized as having a leading role, while calling on “governments, industry and data protection officers as well as other standards bodies – to acquire sufficient understanding of post-quantum cryptography to make informed decisions”.
According to Preneel, some European countries are reluctant to give power to Brussels and prefer the decision to be made by Washington, meaning the EU has been largely absent from this debate.
At the same time, France and Germany are cautious when it comes to adopting either NIST or CNSA 2.0. NIST is considered the least robust because it focuses on efficiency, while CNSA 2.0 was developed by the NSA, which has an “abusive backdoor track record,” Poschmann added.
“The [Germany and France] have decided to also push for slower algorithms with larger keys,” Preenel noted. Larger keys provide more secure encryption, but are also less efficient. The key lengths pursued by Berlin and Paris may be suitable for protecting strategic infrastructure, but are unlikely to be used for commercial applications.
Missing the quantum cryptography train would mean that Europe remains dependent on the US for its security, despite all the EU talks of strategic autonomy and technological sovereignty.
[Edited by Luca Bertuzzi/Zoran Radosavljevic]
Read more with EURACTIV
#Europe #sidelined #quantum #computing #race