Bittium SafeMove® Mobile VPN Software Is Now Quantum-Safe
October 2024 by Marc Jacob
Bittium has implemented the quantum-safe (Post-Quantum Cryptography, PQC) ML-KEM algorithm (previously known as CRYSTALS-Kyber), standardized by the U.S. National Institute of Standards and Technology (NIST), into Bittium SafeMove® Mobile VPN software that is used for encrypting network traffic. With the implementation of the algorithm, SafeMove® Mobile VPN software offers quantum-safe connectivity between a mobile device and an organization’s services to protect the organization’s sensitive data from the threat of quantum computing.
The implementation of quantum-safe algorithms in information security products has become a topical issue as the development of quantum computers advances. The classical algorithms are vulnerable to high-performance quantum computing and quantum-safe algorithms are needed to replace them. Quantum-safe algorithms are based on mathematical problems that cannot be efficiently solved by quantum computing. For example, Finland’s national cryptography working group has outlined that quantum-safe algorithms standardized by NIST, such as ML-KEM, will be added to the national cryptographic criteria used for evaluating encryption products. By starting to use the quantum-safe algorithms, it is possible to avoid the situation where data encrypted with classical algorithms is harvested now for a later analysis with a quantum computer.
The IPsec SafeMove® Mobile VPN uses a so-called hybrid approach for encryption, which means a combination of two different algorithms; a classical public-key algorithm and a quantum-safe algorithm. The advantage of the hybrid approach is that the security of the data is not compromised even if a vulnerability is found in the quantum-safe algorithm while the research of the algorithms and the development of quantum computers still advances. The quantum-safe SafeMove® Mobile VPN connection secures also such network traffic of the user organization that has not yet been updated to be quantum-safe, for example TLS-encrypted (Transport Layer Security) e-mail traffic for which it may still take a long time before it is updated to be quantum-safe.