Should you worry? 

Quantum computing and its impact on IT security, encrypted communication and digital signatures are frequently discussed in the media. Panic quickly spreads, because quantum computing has potentially disastrous consequences for the very technology on which our current IT security architecture is based, secure cryptography.   

To understand this topic properly without panicking unnecessarily, it is necessary to delve a little deeper into the world of cryptography and understand what needs to change to make cryptography secure despite new quantum computers.   

This will be a little more detailed, but don't worry, it will remain understandable. 


In a nutshell: We at Procivis have already dealt with this topic in detail and developed a solution that our customers can already use today to make their identity management post-quantum secure.  


What is the difference between symmetric and asymmetric cryptographic methods? And why is this important?  

In cryptography, which is used to encrypt messages, a distinction is made between symmetric and asymmetric methods.  

 In symmetric procedures the parties that encrypt and decrypt a message use the same information, i.e. the same key. This enables high performance, as is the case with AES encryption or hash functions, for example. However, the disadvantage is that the key must be distributed securely, which represents a significant security risk.  

The solution to this problem was found with the introduction of asymmetric encryption in 1976 with the RSA algorithm. Here, the party encrypting a message uses a public key, while the recipient has a private key to decrypt the message. Asymmetric algorithms consist of a key pair - a public and a private key, whereby the public key can be shared, but the private key remains secret and therefore does not have to be shared with anyone.  

Why are asymmetric methods threatened by quantum computing?   

Asymmetric methods work with a trapdoor function (that is easy to compute in one direction, but almost impossible to compute in the opposite direction), this way it is easy to calculate a public key from a private key. However, the reverse process of calculating the private key based on knowing only the public key is extremely complex with today's computing technology. Quantum computers could theoretically simplify and solve these difficult calculations with ease and thus threaten the security of the underlying private keys. Popular asymmetric methods such as RSA and Eliptic Curve are therefore at risk from quantum computers, causing a risk not just for current operations, but for past operations where a public key was shared in the past.  

What can be done about this?   

On the one hand, the security of existing procedures can be increased, larger prime numbers can be used in the RSA procedure, or procedures can be used that are immune to the advantages of quantum computers. Both are already possible today but are associated with disadvantages. On the one hand, performance suffers and on the other, new methods must be developed. New methods are not popular in applied cryptography, as security must first be proven theoretically and mathematically, and there is always a risk of errors creeping in during implementation. This is why people tend to rely on tried and tested encryption algorithms.  


What are the current implications?  

For now, we don't see any danger for conventional methods, as quantum computers are still a few steps away from a computer with sufficient performance. However, surprises and rapid leaps in development cannot be ruled out. The second aspect concerns the availability of such systems and the economic cost of cracking encryption. 


Current effects and long-term considerations  

In the long term (5-30 years) there may well be an impact. If the encrypted data traffic is already stored by one party now, it would be possible to decrypt it in the future. Nobody can say exactly when this future will be. However, this is also a well-known paradigm in the history of cryptography. Encryption is only secure for a limited time and this time is difficult to estimate.  


What does this mean for digital identities and verifiable credentials?   

If conventional signature methods are no longer secure, all previously issued digital identities and credentials would have to be reissued. This could have a significant impact on a country's digital identity, especially as government processes become increasingly digitized.  

What have we done?  

To address these challenges, we have already implemented a process that was selected by NIST as part of a selection process that has been running since 2017. Our customers already have the option of signing and validating their digital proofs and identities (verifiable credentials) using post-quantum cryptography. This ensures that even credentials issued today will be secure in the future of quantum computers and can no longer be decrypted retroactively.   

If you want to use this new quantum-safe technology, just get in touch with us directly. Our team is looking forward to more exciting projects and partners.

This article is based on the original post of Andreas Freitag on LinkedIn.

Wollen Sie mehr erfahren? Bitte kontaktieren Sie uns.

Jetzt kontaktieren
Wollen Sie immer die neusten Updates?

Melden Sie sich für unseren Newsletter an und erhalten Sie die neuesten Informationen von Procivis über unsere Produkte, Veranstaltungen, Angeboten, Neuigkeiten über digitale Identität und Nachweise und mehr.

Wieso Sie sich anmelden sollten:

  • Aufregende Neuigkeiten und Entwicklungen aus erster Hand.
  • Wertvolle Expertentipps und Berichten.
  • Spannende Artikel und inspirierender Content.

Die Anmeldung ist ganz einfach: Geben Sie einfach Ihren Namen und Ihre E-Mail-Adresse ein, klicken Sie auf "Anmelden" und schon bleiben Sie auf dem Laufenden und inspiriert – melden Sie sich jetzt für unseren Newsletter an.

Want the latest updates?

Sign up for our newsletter and receive the lastest news from Procivis about our products, events, promotions, news about digital identity, verifiable credentials and more.

This is why you should subscribe:

  • Be the first to know about exciting news and developments.
  • Gain insights to expert tips and reports.
  • Engaging articles and thought-provoking content.

Signing up is easy: Just enter your name and email address, click subscribe, and you'll be on your way to stay informed and inspired – subscribe to our newsletter now.