MEPs call for urgent ‘quantum safe’ encryption standards – Arqit CEO comments
April 2024 by David Williams, CEO of Arqit
Members of the European Parliament have called for immediate action to establish a new ‘post quantum’ data encryption standard. In a letter, the MEPs urge the European Commission to develop regulations to protect against quantum computers being used for malicious purposes. Unlike classical computers, quantum computers can solve complex mathematical problems at an exponential rate, and this threatens to break legacy encryption methods that are widely used across the world.
David Williams, CEO of a British encryption firm Arqit, has made the following comments in response:
“The quantum threat to encryption is not imminent, it’s already here. ‘Store Now, Decrypt Later’ attacks are on the rise, with hackers harvesting data for future decryption with quantum technology. Unfortunately, the new NIST post-quantum algorithms lack standardisation and a mature understanding of their security. This leaves many network operators in search of an effective defence. Compounding the issue, alternatives like Rainbow and SIKE were already compromised, and a potentially viable attack methodology for Lattice algorithms was published by Beijing University last week.
“Symmetric encryption is the gold standard for post-quantum protection. It involves parties sharing a key created by randomness not maths for encryption and decryption, strengthened by dynamic rotating authentication. This approach not only prevents today’s man-in-the-middle attacks but also future-proofs against quantum risks. Even if a key is carelessly exposed by the user, the window of vulnerability is minimised because the key can rotate every second. When implemented as part of a zero-trust framework, this system is completely future proof, helping enterprises avoid the disruption of constant upgrades as quantum computing advances.
“Organisations like NSA & NIAP have mandated symmetric encryption across classified use cases, signalling a global shift in cryptographic strategies. It’s imperative for businesses to harden their networks immediately, embracing symmetric key agreements as part of a crypto-agile approach.”