Japanese ICT company Fujitsu announced that it had conducted successful trials to evaluate the widely-used RSA encryption for possible vulnerability to code-cracking by quantum computers. Fujitsu conducted the trials in January 2023 using its 39 qubit quantum simulator to assess how difficult it would be for quantum computers to crack existing RSA cryptography. Fujitsu researchers discovered that a fault-tolerant quantum computer with a scale of approximately 10,000 qubits and 2.23 trillion quantum gates would be required to crack RSA, which is much higher than current quantum computing capacities.
A new IBM report titled Security in the quantum computing era highlights that quantum computing has the potential to affect encryption. Currently used data encryption mechanisms such as public-key cryptography (PKC) can become vulnerable: using quantum computing protocols, bad actors can easily decrypt data. The report suggests the need to plan for quantum-safe cryptography and crypto-agility.
Meanwhile, Chinese scientists have claimed they are capable of breaking encryption by using ‘a universal quantum algorithm for integer factorization that requires only sublinear quantum resources’. They argue that their method would break the RSA-2048 scheme – a public key cryptosystem used widely by governments, tech companies, the defence sector, and app developers for data security – with the use of a 372-qubit quantum computer. However, several encryption experts are sceptical about this claim.
US President Joe Biden has signed the Quantum Computing Cybersecurity Preparedness Act into law. The law is designed to secure federal government systems and data against the threat of quantum-enabled data breaches. It sets out a number of obligations for federal agencies to prepare their migration to quantum-secure cryptography.
Apple announced that it would fully encrypt backups of photos, chat histories, and most other sensitive user data in its cloud storage system worldwide. The US Federal Bureau of Investigations (FBI) responded with concerns over end-to-end encryption hindering their investigative capabilities, requesting ‘lawful access by design’ in the age of ‘security by design’.
Apple also stated that it would make iPhones compatible with physical security keys connected to the phone, allowing consumers to require them for access to their accounts from new devices. This is envisaged to be rolled out worldwide next year.
In an interview for TIME magazine, Signal’s President Meredith Whittaker confirmed that the communication app is preparing for post-quantum cryptography. The company is investing in research to update the Signal protocol for quantum safe cryptography. The ambition is to roll out the protocol before it becomes necessary, but it still will take some time to be finalised.
The German Fraunhofer Institute, the German Federal Printing Bureau, and Infineon Technologies AG have presented the first demonstrator for an electronic passport that meets the security requirements of the quantum computing era.
The technology is based on a solution for contactless data transfer between the electronic passport and the border checkpoint terminal. The solution is based on a quantum computer-resistant version of the Extended Access Control (EAC) protocol and also secures biometric data during authentication.
The system was created under the joint research project ‘PoQuID’, funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK).
This report published by the European Union Agency for Cybersecurity (ENISA) discusses quantum-resistant cryptographic algorithms and proposes to design new cryptographic protocols as well as to integrate post-quantum systems into current protocols.