NATO Cyber Security Centre experiments with secure network capable of withstanding attack by quantum computers
Scientists have predicted that quantum computers will one day be able to break some commonly used encryption methods.
That’s why NATO and Allies are already testing post-quantum solutions.
Wednesday 02 March 2022, Brussels Belgium: The NATO Cyber Security Centre (NCSC) has successfully tested secure communication flows in a post-quantum world using a Virtual Private Network (VPN) provided by the United Kingdom-based company Post-Quantum. The NATO Cyber Security Centre, which is run by the NATO Communications and Information Agency (NCI Agency), protects NATO networks 24 hours a day, seven days a week.
Post-Quantum provides different algorithms to ensure security, even when facing attackers using quantum computing. A VPN can use these algorithms to secure communications, ensuring that only the correct recipient can read the data. Such software is increasingly relied upon to protect remote connections when working from outside of traditional office environments, but also can be used in ensuring secure communications between mission partners in an operational environment.
“Securing NATO’s communications for the quantum era is paramount to our ability to operate effectively without fear of interception. With the threat of ‘harvest now and decrypt later’ looming over secure communications, this is an increasingly important effort to protect against current and future threats,”said Konrad Wrona, Principal Scientist, NATO Cyber Security Centre.
Post-Quantum is a ‘Hybrid Post-Quantum VPN,’ in that it combines both new post-quantum and traditional encryption algorithms. As it will take many years for the world to completely migrate to a quantum-safe future, it is more realistic to combine these new algorithms with better understood traditional encryption in order to ensure interoperability. The Post-Quantum solution was proposed to the Internet Engineering Task Force (IETF) for open standardisation.
This project was financed by Allied Command Transformation’s VISTA (Versatile Innovation through Science & Technology Applications) framework which aims to utilize the knowledge and research done by NATO enterprise, Nations, academia and industry in order to enable science and technology for accelerated warfare development.
“Over ten years of deep R&D means we are well placed to engineer real-world quantum-safe solutions. This project with NATO is an important milestone in the world’s migration to a quantum-safe ecosystem. Organizations would be wise to take action now,”said Andersen Cheng, CEO, Post-Quantum.
Post-Quantum is a British deep tech pioneer focused on protecting the world’s information from the threat posed by hacking using quantum computers. Founded in 2009, the company has developed a range of quantum-safe software products focused on identity, transmission and encryption to deliver an end-to-end environment secure from quantum attack.
NTS-KEM (now known as Classic McEliece) is the company’s submission to the NIST Post-Quantum Cryptography competition, which seeks to identify algorithms that will form an open source crypto standard used to protect all the world’s digital information. Classic McEliece is the only remaining finalist in the code-based category of the NIST competition, following the merger with the submission led by Professor Daniel Bernstein.
The company is the original author of the Internet Engineering Taskforce (IETF) standards for a Hybrid Post-Quantum Virtual Private Network. These standards can be used by developers to build VPNs capable of withstanding quantum attacks and the firm has also built such a VPN, which is being used in live environments today.
Over the coming years quantum computers will mature to the stage where they can break today’s encryption, rendering email, secure banking, crypto currencies and the world’s communications systems vulnerable. Therefore, all large companies, technology providers and internet standards will need to transition to quantum-safe encryption in good time to avert the most significant cyber security threat to our privacy and the digital economy.