<img src="https://ad.ipredictive.com/d/track/event?upid=110231&amp;url=[url]&amp;cache_buster=[timestamp]&amp;ps= 1" height="1" width="1" style="display:none">
Post: security, email | Oct 11, 2024

Post Quantum Cryptography (PQC): Here's how email security is changing

Quantum computing is a revolutionary technology that promises unprecedented computational power, capable of solving certain complex problems far beyond the reach of today's computers. While quantum computing holds immense potential for advancements, it also poses significant challenges—particularly to the cryptographic systems that safeguard our emails and online communications. Traditional encryption methods may soon become vulnerable, making the adoption of post-quantum cryptography more crucial than ever. 

Understanding quantum computing

To appreciate why post-quantum cryptography is essential, it's important to understand quantum computing. Traditional computers use bits as their basic units of data, which can be either a 0 or a 1. Quantum computers use quantum bits, or qubits, which can be both 0 and 1 at the same time due to a property called superposition.

Superposition allows qubits to process multiple possibilities simultaneously. While a classical bit can only be in one state at a time, a qubit can represent many states at once. This means a quantum computer can analyze vast amounts of data and solve certain complex problems much faster than traditional computers.

Another key feature of quantum computing is entanglement. When qubits become entangled, the state of one qubit can instantly influence the state of another, no matter how far apart they are. This property allows quantum computers to perform coordinated calculations at speeds unattainable by classical computers.

These capabilities make quantum computers incredibly powerful tools for solving difficult mathematical problems. However, they also pose a significant threat to current encryption methods. Many of the cryptographic systems we use today rely on the difficulty of certain mathematical problems—problems that quantum computers could solve quickly.

Why quantum computing threatens current cryptography

The security of many current encryption systems is based on mathematical problems that are extremely hard for traditional computers to solve. For instance:

  • RSA encryption relies on the difficulty of factoring large numbers into primes.
  • Elliptic Curve Cryptography (ECC) depends on the challenge of solving the elliptic curve discrete logarithm problem.
These problems are considered practically unsolvable for classical computers when using sufficiently large keys. This is why they have been trusted for securing sensitive information like emails, financial transactions, and personal data.

However, quantum computers operate differently. With algorithms like Shor's algorithm, a quantum computer can solve these hard mathematical problems much more efficiently. This means:

  • Factoring large numbers: Quantum computers can factor large numbers exponentially faster, undermining RSA encryption.
  • Solving discrete logarithms: Quantum algorithms can solve these quickly, compromising ECC.

If a powerful enough quantum computer is built, it could decrypt data protected by these systems. This poses a serious threat to:

  • Data privacy: Encrypted emails and files could be accessed without authorization.
  • Secure communications: Confidential conversations might no longer be private.
  • Authentication systems: Digital signatures and certificates could be forged.

The urgency of addressing quantum threats today

Even though large-scale quantum computers aren't mainstream yet, the threat is immediate due to several factors:

  • Data harvesting today, decryption tomorrow: Malicious actors can collect encrypted data now to decrypt later when quantum computing becomes available.
  • Long-term confidentiality: Sensitive information that needs to remain confidential for years is at risk if not protected with quantum-resistant methods.
  • Time required for transition: Developing, standardizing, and implementing new cryptographic solutions is a lengthy process that needs to start now.


Introduction to Post-Quantum Cryptography

To counter these risks, researchers are developing new cryptographic algorithms known as post-quantum cryptography (PQC). These algorithms are designed to be secure against both classical and quantum attacks. The main goals of PQC are:

  • Security: Provide strong protection even in the presence of quantum computers.
  • Practicality: Work efficiently on current computer systems without requiring quantum technology.
  • Compatibility: Integrate smoothly with existing communication protocols and networks.

How Post-Quantum Cryptography works

Post-quantum cryptography (PQC) aims to create encryption methods that are secure against attacks from both traditional and quantum computers. Unlike current encryption algorithms, PQC is based on mathematical problems that even quantum computers find hard to solve.

For example:

  • Lattice problems: These involve complex geometric structures. Quantum computers struggle with problems like finding the shortest vector in a lattice.
  • Code-based problems: These are based on error-correcting codes, where decoding a random code is hard.
  • Multivariate polynomial equations: Solving equations with many variables is tough for quantum computers.
  • Hash functions: Some PQC schemes use hash functions in ways that remain secure against quantum attacks.

Also, there are two types of algorithms:

  • Encryption algorithms: Protect data by making it unreadable without the correct key.
  • Digital signatures: Verify the authenticity of digital messages or documents.


Implementing PQC algorithms

PQC algorithms are designed to run on current computers. This means they don't require new hardware or quantum technology. However, they might:

  • Use larger keys: PQC often needs bigger keys than current systems. Keys are like passwords that lock and unlock encrypted data.
  • Require more processing power: Some PQC methods might slow down systems because they need more computation.


Standardization efforts

In August 2024, the National Institute of Standards and Technology (NIST) finalized its principal set of encryption algorithms designed to resist attacks from quantum computers. These three new standards are now ready for immediate use and are intended to secure a wide range of electronic information, from confidential email messages to online transactions that drive the modern economy.

NIST encourages organizations and system administrators to begin transitioning to these new algorithms as soon as possible. By adopting these standards, organizations can protect their data and communications against future quantum threats, ensuring long-term security and privacy.

Impact of Post-Quantum Cryptography on email security

Email remains one of the most essential communication tools for both personal and professional use. Protecting the privacy and integrity of email communications is crucial. Quantum computing poses a threat to the current security measures that safeguard our emails. Here's how post-quantum cryptography (PQC) impacts email security, particularly in authentication and encryption:

1. Email encryption 

Emails are often secured during transmission using protocols like TLS (Transport Layer Security) or SSL (Secure Sockets Layer), which rely on RSA or Elliptic Curve Cryptography (ECC) for key exchanges and encryption. Additionally, services like PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions) provide end-to-end encryption, also based on RSA or ECC.

Quantum vulnerabilities:

  • Breaking Encryption: Quantum computers running Shor's algorithm could factor large numbers and solve discrete logarithms efficiently, breaking RSA and ECC.
  • Data exposure: Encrypted emails intercepted today could be decrypted in the future once quantum computers become powerful enough.


PQC solutions for encryption:

  • Quantum-resistant algorithms: Implementing PQC algorithms like lattice-based cryptography (e.g., Kyber) for encrypting emails.
  • Hybrid approaches: Combining traditional encryption with PQC to create a transitional security layer until PQC is fully adopted.

2. Email authentication 


The current implementation of DKIM uses RSA or ECDSA to verify the sender's identity and ensure the message hasn't been altered in transit. 

Quantum threats:

  • Forged signatures: Quantum computers could forge digital signatures, making it possible to impersonate legitimate senders.
  • Spam and phishing risks: Increased potential for malicious actors to bypass authentication mechanisms, leading to more effective phishing attacks.

PQC solutions for authentication:

  • Post-quantum digital signatures: Algorithms like Dilithium or Falcon offer quantum-resistant digital signatures. Updating DKIM to use PQC algorithms to maintain domain integrity.

3. Long-term email security


Data retention concerns:

  • Stored emails: Emails saved on servers or backups could be decrypted in the future by quantum computers.
  • Compliance and privacy: Regulations may require certain communications to remain confidential for extended periods.

PQC for long-term protection:

  • Re-encrypting stored data: Updating the encryption of stored emails with PQC algorithms to protect against future quantum attacks.
  • Forward secrecy: Implementing protocols that ensure past communications remain secure even if current keys are compromised.


Preparing for the quantum future

Transitioning to PQC is essential to:

  • Future-proof security: Ensure data remains secure even as quantum computing advances.
  • Protect long-term confidentiality: Safeguard information that must stay private for years to come.
  • Stay ahead of threats: Prevent attackers from exploiting vulnerabilities as quantum technology develops.

Quantum computing promises groundbreaking advancements but poses a serious threat to current encryption methods protecting our emails and communications. Post-quantum cryptography (PQC) offers a vital solution by introducing algorithms designed to resist quantum attacks. With leading companies like Cloudflare, Google, Apple, Signal, etc. already implementing PQC, it's clear that the industry is moving toward a new security standard.

The email industry is already working on frameworks to upgrade existing encryption and authentication standards to PQC algorithms. By taking action today, we can ensure that our digital communications remain secure in the emerging quantum era.

Interested in learning more? 

As we navigate the quantum future, it’s essential to stay informed and prepared. At Halon, we specialize in advanced email security solutions that are ready for the challenges of tomorrow. If you want to learn more about post-quantum cryptography, reach out to us today.  

Spread the news