2021-12-20

Interview with Robert Poznański on the topic: Post-quantum cryptography will enhance the security of trust services.

SSL certificates, electronic signatures, or vaccine passports are all solutions that require state-of-the-art security. Indeed, successful cyber attacks in these areas can have a very severe impact on our personal as well as professional lives. Attacks that may be carried out in the near future using quantum computers constitute one of the increasingly serious threats in this context. These devices will have tremendous computing power, thus becoming a challenge to the algorithms currently used in trust services. The answer to this threat is post-quantum cryptography – a technology increasingly used in Western Europe and the United States, but still not fully available in Poland. Will this change? Will Polish users be able to use these security types before quantum computers become widely available?

The first quantum computers were developed about 30 years ago, but for a long time they did not find wider application. What has changed that we expect to see them in the commercial market over the next decade?

Robert Poznański: Work was still underway to increase their computing power, which, unlike traditional computers, is based on a completely different unit of memory – the qubit (quantum bit). Qubit, with its ability to assume multiple states simultaneously, will offer entirely new computing capabilities. For example, the Sycamore quantum processor created by Google executed mathematical calculations in just 200 seconds that would have taken the fastest classic computer 10,000 years to complete. Quantum systems in operation today have more than 50 qubits, while IBM plans to have a 1,000 qubit computer up and running by 2023, and with values like that, we can expect this project to be commercialized.

In what areas might such computers find application?

This technology is an opportunity for the pharmaceutical industry, for example, where research into cures for hitherto incurable diseases can be conducted using this technology, or the financial industry, particularly the investment area. Unfortunately, the capabilities of such massive computing power can also be used to break asymmetric cryptography algorithms that are used in certification services, e.g. electronic signatures, SSL certificates, etc.

So as we develop quantum technology, we must at the same time take care of solutions that will protect us from its possibilities?

In 2016, the U.S. National Institute of Standards and Technology (NIST) announced a competition for cryptographic algorithms that will resist attacks using quantum computers. At this point, about 10 different post-quantum cryptography solutions have qualified for the third stage of the competition. NIST plans to complete its work in 2023. In parallel, the originators of the algorithms, e.g. IBM, work on their improvement and prepare implementations in hardware (e.g. in HSM devices) and in the form of programming libraries.

Do Polish technology companies plan to use these security types in their products?

Asseco was one of the first companies to become active in this field. We plan to migrate asymmetric cryptography algorithms (which, as I mentioned, can be vulnerable to attacks using quantum computers) to this technology. A dedicated working group has been established within our team to coordinate and support the migration. The goal of the work is to prepare services and implement post-quantum algorithms for widespread use, as well as to increase market awareness and prepare our customers for the coming changes. The technology under development will bring a new dimension of security to Certum brand products offered by Asseco, including SimplySign electronic signature and SSL certificates.

Thank you for the interview!

Thank you.