Ericsson report: Quantum technology and its impact on mobile network security

In the face of quantum computers that may crack codes, although today's systems will remain secure for many years to come, they do bring serious potential risks to the future. Recently, Ericsson, the world’s third largest telecommunications equipment manufacturer, released a short report "Ensuring Mobile Network Security: Post-Quantum" and pointed out that in order to cope with this risk,  new post-quantum cryptographic algorithms that can be easily added to existing devices and protocols are already in the final stage of standardization.

Ericsson Chief Technology Officer Erik Ekudden said: "Future quantum technology may break some of the encryption technologies that provide security in today’s mobile networks. Although the current risk is only theoretical, and it is impossible to determine whether the quantum computer that cracks the password is real. It will exist, but I encourage all communication service providers to be prepared for this possibility. With the ability to decrypt communications, forge certificates, and install fraudulent firmware updates, quantum attackers can cause huge damage."

The report first briefly outlines the risks brought by quantum technology, and then discusses the post-quantum encryption solutions that organizations such as the National Institute of Standards and Technology (NIST) and Internet Engineering Task Force (IETF) are currently advancing standardized.

Public key cryptography and the development of quantum computers

Over the past 50 years, cryptography has evolved from military and diplomatic purposes to a rich and widely used tool to create complex encryption solutions for multiple applications. Taking the information and communication technology industry as an example, the effective combination of symmetric and public key (asymmetric) encryption technologies is essential for the security of almost all products, services, and interfaces in use today.

Modern critical infrastructure (such as 5G) is implemented using the zero-trust principle, where encryption technology is used for confidentiality, integrity protection, and identity verification at many logical layers of the network stack, usually from the device to the software in the cloud. The encryption solutions currently in use are based on well-known primitives, provably secure protocols, and state-of-the-art implementations to safely resist various side-channel attacks.

The first signs that modern cryptography is facing serious quantum challenges appeared in 1994, when the mathematician Peter Shor proved that quantum computers can effectively factorize large integers and solve the discrete logarithm problem. This is considered a problem that ordinary computers are difficult to solve. . Unfortunately, Shor's results also show that if a sufficiently large and strong enough quantum computer can be built, then today's public key cryptography-which relies on these thorny problems-will be broken.

At present, many organizations in the industry and academia are participating in the manufacture of quantum computers, but the gap between today's quantum computers and those computers that may threaten the current public key cryptography is huge. It is believed that it takes millions of qubits to use Shor's algorithm to crack today's public key cryptography. Today's quantum computers usually have about 100 qubits at most and do not have the robustness required to perform Shor's algorithm.

Although the future development of robust quantum computers is complicated and uncertain, it should not be judged based on simple indicators such as the number of qubits. Assuming that the number of qubits grows like Moore's Law, it will take 25-30 years to expand from 100 qubits to millions of qubits. Recently, researchers have claimed to have reached quantum supremacy, but this does not tell us any substantive information-at what speed the gap between today's quantum computers and hypothetical machines that may threaten public key cryptography is narrowing.

The timeline of public key cryptography and quantum computers:

in 1976, Diffie-Hellman key exchange

In 1977, RSA encryption system

In 1978, code-based encryption technology

In 1979, encryption technology based on hash (hash)

In 1980, realized that quantum computers can simulate things that classical computers cannot.

In 1984, quantum key distribution

Elliptic Curve Cryptography (ECC) in 1985

In 1994, Shor quantum algorithm

In 1996, Grover quantum algorithm

In 1996, multi-variable quadratic equation encryption

In 1998, lattice-based encryption

In 1998, a quantum computer with two physical qubits

In 2001, the first quantum key distribution network

In 2011, super-singular elliptic curve homology encryption

In 2015, the National Security Agency (NSA) announced plans to transition from the B/CNSA kit to a new kit capable of resisting quantum attacks in the "not too distant future"

In 2017, NIST announced the post-quantum cryptography (PQC) standardization plan

In 2018, the IRTF Encryption Forum Research Group and NIST standardized the signatures (XMSS and LMS) based on the full-state hash

In 2019, a quantum computer with 53 physical qubits

In 2022, NIST announced the target date for the first standardized PQC algorithm and the target date for the NSA to update the CNSA suite with PQC

2022-23, the target date of the NIST PQC draft standard

In 2024, target date for the final NIST PQC standard

The risks of quantum technology

Some commentators believe that the development of quantum computing may lose momentum due to lack of short-term applications or slow progress. Nevertheless, from a security point of view, the consequences of the success of such a machine will be very serious. Anyone who uses public key encryption technologies such as RSA and Elliptic Curve Cryptography (ECC) should start preparing now, in case they will one day make this. Of large-scale machines.

After all, not only can quantum attackers decrypt communications, they can also forge certificates and install fraudulent firmware updates. This will completely destroy the security of most consumer electronics, corporate networks, industrial Internet of Things and critical infrastructure. To make matters worse, the information encrypted with public key encryption technology today may be recorded by attackers and used in attacks when large-scale and robust quantum computers appear in the future.

Fortunately, there are alternatives for very long signing keys, such as those used in firmware updates. The signature based on the full original hash has good security and has been standardized by the Internet Engineering Task Force (IETF) and the National Institute of Standards and Technology (NIST). However, the signature based on the full original hash has a serious limitation. Because they are Stateful, they are only suitable for very specific applications.

Backward migration of quantum cryptography

NIST's post-quantum cryptography (PQC) standardization is the most important ongoing project to protect public key encryption technology from the threat of quantum computers. The purpose of the project is to standardize new algorithms that are considered safe for quantum computers. After standardization, these new primitives can replace the public key ciphers used today for key exchange, public key encryption, and digital signatures. The new algorithm is usually as fast as today's ECC, but the public key, key encapsulation, and signature are much larger. NIST's goal is to publish the first draft standard of the new PQC algorithm in 2022-2023.

The influence of quantum cryptography on symmetric cryptography

Our most important symmetric cryptographic tools (AES, SNOW 3G, SHA2, SHA3, etc.) are still safe in front of quantum computers. This also applies to authentication, key generation, encryption, and integrity in 3G, 4G, and 5G that rely entirely on symmetric encryption.

In conclusion

Although we do not expect quantum computers capable of attacking current cryptographic technology to appear in the next few years, we strongly encourage communication service providers to start planning the process of migrating to post-quantum cryptographic technology. With the support of vendors such as Ericsson, standards development organizations such as the National Institute of Standards and Technology (NIST), Internet Engineering Task Force (IETF), and 3GPP are working to develop new post-quantum algorithms and updated protocols that can Easily add to existing equipment and interfaces. Currently in the final stage of standardization, these algorithms will be available in the next few years to help our industry alleviate potential threats to mobile infrastructure and services in the future.

link:https://www.ericsson.com/4ae3c7/assets/local/reports-papers/ericsson-technology-review/docs/2021/ensuring-security-in-mobile-networks-post-quantum.pdf