Cybersecurity has become one of the hottest topics in the modern digital world. How to make cybersecurity solutions trustworthy is a highly relevant question. Cybersecurity solutions make use of cryptographic mechanisms, so trusting in these solutions means trusting in cryptography. Cryptography helps the world build trust. Without cryptography, trusting any information that is processed, distributed and stored is impossible. From this point of view, cryptography plays the role of a “root of trust”.
However, cryptography itself relies on trust. Cryptographic mechanisms need to be trusted, but there are many barriers. In recent years, a substantial amount of research on quantum computers has been reported and this has drawn enormous attention from the cryptographic community, governments and the cybersecurity industry.
Quantum computers can solve mathematical problems that are difficult or intractable for conventional computers, such as the factorisation problem and the discrete logarithm problem. For the factorisation problem, you are given the product of two large prime numbers and asked to find these numbers. The discrete logarithm problem involves modular arithmetic (numbers wrap around, as in a clock, where hours run from 0 to 11 and back to 0 again – this is written as “mod 12”). Given three very large integers (g, y, p) where y is equal to (g x g x … x g) mod p, find how many gs are involved (this is the discrete logarithm). Current public-key cryptographic solutions rely on these computationally hard problems to make them secure. If large-scale quantum computers become reality, they will be able to break most of the cryptographic public-key algorithms currently in use. Therefore, these public-key cryptographic algorithms need to be replaced to protect against a potential future quantum computer.
Currently available quantum-resistant algorithms are based on five different computationally hard problems, which have been used to build algorithms for a range of cryptographic applications, including public-key encryption and digital signatures. These algorithms are all difficult to implement efficiently, and avoiding side-channel attacks in their implementation is more demanding. The security analysis of many algorithms is still not rigorous. This is an active research area that is full of challenges.
In 2016, the US National Institute of Standards and Technology (NIST) asked for submissions for post-quantum algorithms in asymmetric encryption and digital signatures for standardisation. On 5 July 2022, after three rounds of testing and review, the NIST announced the first group of four post-quantum algorithms selected for standardisation. The NIST’s choices of two lattice-based signature schemes and one lattice-based key encapsulation mechanism (KEM) scheme, along with a symmetric setting signature scheme, give the cryptographic community sound choices with which to begin the transition from today’s cryptography to that suitable for the quantum age, although more algorithms are still being evaluated by the NIST. Many international standard bodies are also involved in the development of post-quantum cryptography standardisation activities.
Cryptography is useable in a broad range of applications. It can be used to help build trust in applications; this is achieved by using trusted computing technologies, including authentication and attestation. However, adding trusted computing technologies to any application is challenging, without then requiring quantum-resistant solutions. These are extremely interesting problems and along with many academic and industrial partners, the University of Surrey is working in this area:
Surrey served as a technical leader of the EU Horizon 2020 project, FutureTPM. A Trusted Platform Module (TPM) is a tamper-resistant component that is embedded in a host computer platform and acts as a root of trust. It also provides many cryptographic-related services, including authentication, attestation, and secure storage. TPMs have been embedded in billions of computer platforms. Since 2016 it has been a requirement that systems running Windows 10 should have a TPM 2.0 present and enabled. In the FutureTPM project, we have developed and identified a list of quantum-resistant cryptographic algorithms, which are suitable for inclusion in a future TPM. Some of these algorithms are taken from the NIST’s post-quantum cryptographic standardisation activities, and others are developed by our project consortium. We have also implemented these algorithms to test their performance. We have presented our project results to the Trusted Computing Group (TCG), which is an international industrial standard body and develops TPM specifications.
Surrey has been involved in several other EU Horizon projects as a technical partner. These projects are using cryptography and trusted computing technologies for a number of different applications:
• ASSURED – building trust in information and communications technology.
• SECANT – providing security and privacy protection in healthcare ecosystems.
• CONNECT – securing digital connectivity between vehicles and between vehicles and transport infrastructure.
• REWIRE – providing new trust management mechanisms for the auditability and certification of software and hardware.
• ENTRUST – making medical devices, for example glucose sensors, secure.
(These projects are funded by the UK government Horizon Europe guarantee and administered by UKRI.)
Anonymous digital signatures
We need post-quantum anonymous digital signatures to protect users’ privacy. For example, the current TPM has a Direct Anonymous Attestation (DAA) signature scheme, which is used for authentication and attestation of a user’s computer platform without identifying them. This type of digital signature provides a good balance between security and privacy. However, the existing DAA schemes supported by TPMs are not quantum-resistant. Surrey has been working on such signatures for some time and we do have several post-quantum DAA designs, but further work is needed to make them practical.
At Surrey we are proud of the work we have undertaken to accelerate the transition to post-quantum cryptography. We look forward to continuing our research in the field, to ensure that the benefits of a new era of computing can be felt by all.