Tuesday, December 24, 2024
Home > News > Bitcoin News > Torben Pryds Pedersen: The Future of Cryptographic Security in the Age of Quantum

Torben Pryds Pedersen: The Future of Cryptographic Security in the Age of Quantum

Modern cryptography is still a relatively young scientific discipline, but its history shows a significant pattern. Most developments are based on research that took place years or even decades before. There’s a good reason for this glacial pace of movement. Just as drugs and vaccines undergo years of rigorous testing before they reach the market, cryptography applications must be based on proven and thoroughly analyzed methods. 

Blockchain is one such example of the development cycle in action. Satoshi Nakamoto’s work on Bitcoin was the application of principles first described by David Chaum in the early 1980s. Similarly, recent deployments of multiparty computation (MPC) for securing private keys or sealed-bid auctions make use of ideas developed around the same time. Now, as the threat of quantum machines looms over modern computers, the need for newer and stronger forms of cryptography has never been greater. 

Torben Pryds Pedersen is chief technology officer of Concordium and was previously head of Cryptomathic’s R&D division. 

Nobody knows precisely when or if quantum computers will prove capable of cracking today’s encryption methods. However, the threat alone currently drives extensive work in developing alternatives that will prove robust enough to withstand a quantum attack. 

A compressed timeline

Finding a replacement for existing encryption methods isn’t a trivial task. For the past three years, the National Institute of Standards and Technology (NIST) has worked to research and advance alternative algorithms, or the backbone of any cryptographic system. This July, it announced a shortlist of 15 proposals in an ongoing project looking for quantum-resistant encryption standards.. 

But many of these proposals are unattractive due to unworkable key sizes or overall efficiency. What’s more, these alternatives must undergo sufficient testing and scrutiny to ensure they withstand the test of time. 

I’m sure we’ll see further developments in this area. However, the development of better cryptographic algorithms is only one piece of the puzzle. Once an alternative is defined, there’s a much bigger job in ensuring that all existing applications get updated to the new standard. The scope of this is massive, covering virtually every use case on the entire internet, across all of finance and in blockchains. 

See also: What Google’s ‘Quantum Supremacy’ Means for the Future of Cryptocurrency

Given the scale of the task, plans and measures to migrate existing data must be in place long before the quantum threat becomes a reality. 

Digital signatures for self-sovereign data

Governments and banking institutions are not naive. According to the 2020 UN E-Government Survey, 65% of member governments are thinking seriously about governance in the digital age, according to the agency’s own metrics. Personal data privacy is a growing concern, reflected by the inclusion of data protection mechanisms and methods for digital signatures on the development agenda for e-government applications. 

The technology behind digital signatures is generally well-understood by governments. For example, in Europe, the eIDAS regulation puts a responsibility on organizations in member states to implement unified standards for electronic signatures, qualified digital certificates and other authentication mechanisms for electronic transactions. However, there’s also a recognition on the part of the European Union that updates will be required to protect against the quantum computer threat. 

It seems likely that future methods for protecting personal data will be steered by the principle that users own their own data. In the banking world PSD2, a payments directive for how financial institutions treat data, has been a catalyst for this principle. Once users hold the rights to share their own data, it becomes easier to facilitate data sharing across multiple banking institutions. 

Cryptography plays a significant role in the principle of self-sovereign data today, but I believe we will see this concept become more prevalent in Web 3.0 applications. Ideally, users will control  their data across any Web 3.0 application, providing full interoperability and ease of use. 

Enhancing security and trustlessness with multi-party computation

Similar to the rise of digital signatures, there will be more applications of multiparty computation. From being a purely theoretic construction 30 years ago, we now see MPC applied in more real-world use cases. For example, several institutional-grade asset security platforms, including Unbound Tech, Sepior, Curv and Fireblocks, are already using variations of MPC to keep private keys secure. 

Blockchains have yet to fulfill their true potential, evidenced by the lack of compelling use cases.

Michael Casey – MPC Explained: The Bold New Vision for Securing Crypto Money

Regardless of the use case for cryptography, the user experience will be a critical driver for adoption. A lack of usability has been a massive problem for most cryptography applications so far – and this is also true for blockchains. Most platforms are simply infrastructural solutions and, as such, involve a high degree of friction for end users. 

Ultimately, blockchain applications need to become as usable as the internet and smartphone applications are today. Usability and quantum-proof security are essential for the future of government, commerce and Web 3.0. 



Source