Cryptography is a vital part of cybersecurity. Security properties like confidentiality, integrity, authentication, non-repudiation rely on strong cryptographic mechanisms, especially in an always connected, always online world.
Quantum computing and encryption
In addition, cryptography’s applications open up new opportunities and markets: digital signatures or online transactions would not be possible without it. Given its importance, cryptography (encryption) remains a heavily researched field, and even finds its way into the headlines, referred to in high level documents and even legislation.
One such document is the new EU Cybersecurity Strategy (December 2020), which mentions quantum computing and encryption as key technologies for achieving resilience, technological sovereignty and leadership.
With the objective to support the implementation of the cybersecurity strategy and of relevant legislative efforts, ENISA publishes two reports on the topic of cryptography. The first one focuses on the forthcoming disruptions of post-quantum computing on our present cybersecurity infrastructure and how we need to mitigate it.
The second one introduces the cryptographic building blocks used in a majority of digital currencies & crypto-assets, which will fall under the scope of a new EU regulatory proposal.
Post quantum security and why it matters
Quantum technology will enable a huge leap forward in many branches of industry, as it can efficiently resolve problems technologies of today are not able to provide a solution for. However, this technology will be highly disruptive for our current security equipment and systems.
As a matter of fact, scientists commonly agree that quantum computers will be able to break widely used public-key cryptographic schemes. These are the same schemes working behind the green lock in our browser tabs telling us that our data are protected against malicious eavesdroppers.
Similarly, these are also the same schemes allowing us to have digital signatures and designed to implement the Electronic identification (eID) and Trust Services of the eIDAs regulation.
Consequently, data or processes protected by those schemes, such as bank transactions, software updates, digitally signed official documents, patient records and more, will instantly cease to be secure.
This initiative is motivated by the fact that the transition to new quantum resistant cryptographic algorithms will take years, since the related processes are both extremely intricate and financially costly.
The study provides a concise overview of the current progress of the standardisation process of post-quantum cryptography (PQC) schemes. It introduces a framework to analyse existing quantum-safe solutions, classifying them into families and discussing their advantages and shortcomings.
With contributions from top experts in the field, it helps readers navigate an overly complex but also fascinating topic for the future of cybersecurity. The study aims to help decision makers and system designers take up appropriate actions, as soon as possible. To that end, it includes useful quantum resistant techniques that can be implemented in today’s systems until PQC algorithms become standardised and generally available.
Under the hood of crypto assets and the distributed ledger technology
With the creation of a pan-European blockchain regulatory sandbox, the European Union intends to put distributed ledger technologies (DLTs) to the test. Such technologies, also referred to as blockchain technologies, are those on which digital assets such as cryptocurrencies are built upon.
But the applications do not stop there, smart contracts, anti-counterfeit seals, even games, have been based on a few important cryptographic building blocks.
The report aims to further increase understanding around these underlying cryptographic components that compose the blockchain and in extension crypto-assets, digital currencies and the host of applications possible.
As a continuation of an earlier report on the security and challenges of DLTs, this report provides an in-depth explanation of the technical components involved and illustrates their uses into popular deployed instances.