Post-quantum cryptography and email security
Encryption is the basis for secure electronic communication. Be it private or business, effective cryptography ensures that sensitive data is only accessible to the people for whom it is intended. By encrypting your communication, you protect sensitive data from illegal access. If quantum computers could render many cryptographic systems useless in the future, what is needed for secure post-quantum cryptography?
Today’s cryptosystems
The cryptosystems used today for encryption are mostly asymmetric, which means that, in contrast to a symmetric cryptosystem, the communicating parties do not require a shared secret key. In this so-called public key cryptography, both parties generate their own key pairs, which consist of a secret part (private key) and a non-secret part (public key).
The public key can be used to encrypt the data to be transmitted for the owner of the private key. With the private key, the owner can decrypt the encrypted data, generate digital signatures or authenticate themselves.
Well-known asymmetric cryptosystems include elliptic curve cryptography and RSA.
The RSA method, for example, is based on the fact that it is generally difficult to break down large numbers into their prime factors. Cryptographic keys are usually agreed using a public key procedure (asymmetric) in order to then encrypt messages using a symmetric algorithm such as the Advanced Encryption Standard (AES).
How long will public-key cryptography remain secure?
Even if it is not possible to break the current public key procedures with today’s means, this will no longer be the case when quantum computers have exceeded a certain performance limit and are available. As early as 1994, Peter Shor presented an algorithm that can break asymmetric encryption. However, this algorithm cannot be implemented on classical computers.
The development of a quantum computer on which Shor’s algorithm can be implemented “appropriately” would render asymmetric cryptography useless. Symmetric cryptosystems such as AES are currently considered quantum-safe and could not be broken by a quantum computer with Shor’s algorithm. However, this would be possible with the help of a quantum computer that uses the Grover algorithm.
Quantum computers are not yet available
A quantum computer that is capable of breaking cryptographic procedures is therefore not yet available. However, development has picked up speed. A study by the BSI considers cryptographically relevant quantum computers to be rather unlikely at present. However, the study points out that there is a need for action for cryptographic applications that process information with long confidentiality periods and high protection requirements: Collecting data in advance in order to decrypt it later with the help of a quantum computer (“store now, decrypt later”) has already been recognised as a problem and a major threat.
Quantum computers threaten cryptographic processes
The security of cryptographic processes is therefore threatened by quantum computers, and the use of a practical quantum computer would break the security of everything from email encryption and online banking to today’s instant messaging apps.
Apple and Signal have already presented their approaches to post-quantum cryptography (PQC), with which they want to ensure that messages exchanged via iMessage and Signal are also protected in the age of quantum computers.
Security requires standards
As mentioned above, individual providers of proprietary solutions are already implementing their approaches to quantum-safe cryptography based on their own research. We at NoSpamProxy are also keeping a close eye on developments in the field of quantum computing and would like to start developing our own solutions today.
However, as a provider of a security solution that uses proven standards such as S/MIME and TLS, we are dependent on such standardisation. We cannot simply pick an algorithm and implement it in our product without a completed standardisation process. The committees responsible for S/MIME and TLS must first make a decision before we can start implementation.
The search for the post-quantum standard is underway
And there is a standardisation process: A selection process has been underway at the National Institute of Standards and Technology (NIST) since 2016, which aims to find quantum-safe algorithms in several rounds and elevate them to standard status.
The fourth round of the process is currently underway. Apple, Signal and other providers have currently decided in favour of using the CRYSTALS-KYBER algorithm for the key agreement process. AWS also supports the BIKE and SIKE algorithms. It is interesting to note that CRYSTALS-KYBER does not currently appear in the current round of NIST procedures. However, neither does the grid-based algorithm FrodoKEM, which is currently recommended by the BSI as the “most conservative choice” as it has been added to the list of alternative methods. Another BSI recommendation, the code-based Classic McEliece, is already in round four of the NIST process. Just to remind you, we are only talking about a selection of key agreement algorithms here. Digital signing methods include other methods not mentioned here.
In any case, it is laudable that all of the providers mentioned have opted for a hybrid approach, meaning that quantum computer-resistant methods are only implemented in combination with “classic” methods (RSA and ECC).
Once the NIST selection process has been completed, it is up to the aforementioned committees to incorporate the decision made by NIST into the corresponding RFCs. This will take further time.
Flexible in spite of standards
Although we use standards, there have been situations in the past where we have been able to react flexibly. One example is Efail, a threat that we were able to mitigate by adapting the S/MIME standard.
Another example is the AES mentioned above, which is used in NoSpamProxy in two places, firstly for the encryption of data stored on the web portal and secondly for our key management service. AES is currently considered to be pragmatically secure, meaning that no practically feasible attack is known. Should this change, we are also able to react quickly and make adjustments, because in these cases there is no second party that needs to communicate with us.
As already mentioned, we are reliant on standardisation. Nevertheless, there are opportunities to make adjustments so that NoSpamProxy remains the best and most advanced email security product in this time of transition. We will make these decisions depending on the situation, and always with the aim of protecting your email communication in the best possible way.
Not yet using NoSpamProxy?
With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!
