TechWatch’s Emily McDaid talks to CSIT’s Sarah McCarthy about cryptography and the need for secure digital ID in a post-quantum world.
I’m surprised a doomsday Hollywood blockbuster hasn’t been made about this yet. Imagine a world where everyone’s private information – bank details, passports, everything – became instantly unlocked and readable all at the same time.
There is a very real, looming threat to the security algorithms that hold safe your personal data: quantum computers. Once they’re invented, they will be able to break standard cryptography algorithms, rendering our most private types of data – finances, government accounts and the like – unsecured. Researchers at CSIT are hard at work to stop this happening, as explored in this previous TechWatch article.
Establishing digital identification is one of the crucial pieces of this cryptographic puzzle, because data needs to be accessible by the right people, not by the wrong people.
Sarah McCarthy a research assistant at CSIT and a final-year PhD student, met with me to discuss her work on lattice-based cryptography. She said: “These lattices are based on harder maths problems that can’t be broken by quantum computers, and our work focuses on making practical, efficient permutations of these new algorithms.”
Some forms of cybersecurity would be too ‘heavy’, requiring too much computational power to work on lightweight IoT devices. McCarthy and her team are in the process of analysing possible permutations that are both secure and light enough. They are working through analysing 70 submissions to the National Institute of Standards and Technology’s Post-Quantum Cryptography project to determine which security solutions are efficient.
In a post-quantum world, the concept of secure digital ID will be critical. McCarthy said: “One of the projects establishes user ID as a public key, so there’s no need for certificate management, which can be quite an intensive component of encryption. This was created by one of the partners in the SAFEcrypto project and we’ve established that it has practical applications, that it doesn’t need power-heavy computing, that processing times are fast enough to work in the IoT.”
To put this into real life, McCarthy discussed self-driving cars. “Automated cars have engine control units, which are small pieces of hardware in the car. They need to be able to run encryption and decryption instantly; for instance, if two cars are talking to each other and one needs to do an emergency stop.”
Do you have that running on a car? “We have demonstrated that it runs on the piece of hardware akin to what would be in the car,” she said.
‘You only want certain people to be able to open and read certain files’
– SARAH MCCARTHY
Another type of digital ID project is file access. “Another example is file systems within companies – you only want certain people to be able to open and read certain files. Using lattice-based cryptography, we can introduce hierarchy so management can access all the data, whereas people below the ranks can only reach certain pieces of data. It’s dependent on your digital ID.”
McCarthy explained the benefits of lattice-based algorithms: “The identity-based encryption (IBE) scheme I have implemented is two orders of magnitude faster than older implementations of pairing-based (existing) schemes, and five times faster encrypt, and 12 times faster decrypt, than the proof of concept.”
How likely is it that quantum computers will be able to break the algorithms faster than you can come up with them? “There’s a reason why a lot of the cryptography schemes are undergoing so much analysis: to ensure there are no underlying vulnerabilities in these schemes,” she warned.
“With standard lattice using a matrix of integers, they have proven to be secure; they cannot be broken by quantum computers. However, they require a huge amount of mathematics. To shorten this need, we use ring lattices. They are defined by vectors that make the multiplication much faster.
“However, there’s a strong assumption being made that this extra structure won’t help the quantum computer break the problem. Unless someone proves this is a vulnerability, they’ll be used because they’re much faster to create,” she concluded.
By Emily McDaid, editor, TechWatch
A version of this article originally appeared on TechWatch