As quantum-powered cyberattack threats become more real every day, liberal democracies and autocratic regimes race to develop quantum-safe encryption. But Europe risks becoming a spectator.
With the recent Christopher Nolan film about the father of the atomic bomb, J. Robert Oppenheimer, a comparison of the race to build an atomic bomb in the 1940s with the race for quantum-safe algorithms is frighteningly similar.
Although robust encryption is the backbone of securing the digital world at large and supporting the world’s global commerce, quantum computing could render the encryption commonly used to secure and protect data obsolete.
On the one hand, China, the United Arab Emirates and Russia are among the nations that want to create their own ecosystem of quantum-safe cryptographic standards and algorithms.
Conversely, the US National Institute of Standards and Technology (NIST) introduced standards to identify post-quantum encryption algorithms and the National Security Agency (NSA) released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) for requirements for quantum-resistant algorithms.
“The standardization process is well underway, and it’s fair to say that most scientists are happy with most of the decisions made by NIST,” Dr Bart Preneel, cryptographer and cryptanalyst who teaches at the Katholieke Universiteit Leuven, told EURACTIV.
Relive the race for the atomic bomb
The magnitude of a transition in a post-quantum world is likely to affect every internet user. The risks of breaking common encryption range from compromising financial transactions, to exposing medical records, via exposing national security secrets.
“Crypto is not cryptocurrency. People are not really aware when they are using crypto.” Dr. Axel Y. Poschmann, quantum technology expert and head of product innovation and security at PQShield, told EURACTIV.
Cryptography is a component of virtually every aspect of the digital realm.
This is why nations are now racing to develop quantum-powered algorithms for breaking encryption and for post-quantum encryption. Similar to the Manhattan Project in 1942, the benefits of gaining a head start in quantum computing are both strategic and financial.
The development of the atomic bomb led to a catastrophic outcome – the bombings of Nagasaki and Hiroshima and a standstill of world powers due to fear of mutual destruction.
Quantum-powered cyberattacks and decryption algorithms will certainly lead to a similar impasse as they can lead to unacceptable risks to any adversary’s society while fueling a constant arms race.
Of particular importance is the protection of critical national infrastructure, which ranges from defense systems, nuclear power, telecommunications, infrastructure, energy and transport, to health care and financial transactions.
With the advancement of quantum technologies, this type of data is at risk of interception and future decryption.
While cryptography was an element of geopolitics in the past and only available to military units, “now it seems it’s becoming an element of geopolitics again,” Poschmann said.
The importance of quantum computing in the geopolitical context is highlighted by recent US sanctions aimed precisely at crippling China’s access to semiconductors fundamental to developing quantum computers, and more export restrictions may follow.
These international tensions reflect technological standards, which have become increasingly politicized, with the US and China using them to push their agenda. But just like with the atomic race, Europe risks being sidelined.
“As has happened in the past with other cryptographic standard developments, the contributions of EU researchers has been the largest, partly funded by the European Commission,” Preneel said, adding that decisions are made by US NIST.
EURACTIV understands that quantum cryptography is likely to be high on the agenda of the next European Commission. The EU already sponsors the European High-Performance Computing Joint Undertaking (EuroHPC JU).
The disunity of Europe
Although the EU contributes to research in this area, it has not taken the initiative to shape the technical standards in this strategic area, despite the European Standardization Strategy promising a more muscular approach to standardization.
In the latest report by ENISA, the European Union’s cybersecurity agency, NIST was recognized as a leader, while calling on “governments, industry and data protection officials, as well as other standards bodies – to gain sufficient understanding of post-quantum encryption to make informed decisions.”
According to Preneel, some European countries are reluctant to give power to Brussels and prefer the decision to be made by Washington, meaning the EU has been largely absent from this debate.
Meanwhile, France and Germany are cautious about adopting either NIST or CNSA 2.0. NIST is considered the least robust because it focuses on efficiency, while CNSA 2.0 was developed by the NSA, which has an “abusive track record of backdoors,” Poschmann added.
“They (Germany and France) have decided to push as well for slower algorithms with larger keys,” Preenel noted. Larger keys provide more secure encryption but are also less efficient. The key lengths pursued by Berlin and Paris may be suitable for protecting strategic infrastructure, but are unlikely to be used for commercial applications.
Missing the quantum cryptography train would mean that Europe remains dependent on the US for its security, despite all EU talk of strategic autonomy and technological sovereignty.
(Editing by Luca Bertuzzi/Zoran Radosavljevic)
Read more with EURACTIV
#Europe #sidelined #quantum #computing #race