The recent paper published by Shanghai researcher Yilei Chen in April 2024 had initially caused a stir in the quantum industry. Chen’s claim that a quantum computer could find the shortest vectors in a lattice in polynomial time raised concerns about the viability of lattice-based cryptography. This discovery could have potentially rendered current encryption methods obsolete, causing experts to question the security of post-quantum cryptography (PQC) efforts.
However, further analysis of Chen’s paper revealed an error in the methodology, alleviating some of the fears surrounding lattice-based cryptography. At the RSA Conference 2024’s Cryptographers’ Panel, leaders in the field discussed the implications of the paper and its potential impact on PQC algorithms being standardized by NIST. Adi Shamir, co-creator of the RSA algorithm, cautioned that the error in Chen’s paper had raised doubts about the security of PQC algorithms but emphasized the need for continued research and testing in the field.
Tal Rabin, a senior principal applied scientist at AWS, urged the industry to persevere in their search for PQC solutions and to scrutinize proposed algorithms for their resilience against potential attacks. While the error in Chen’s paper had momentarily caused concern, Craig Gentry, CTO at TripleBlind, expressed optimism about the future of PQC, noting that the lack of a viable attack method indicated a return to the status quo.
Debbie Taylor Moore, vice president of cybersecurity at IBM Consulting, reassured that there was no need for panic, as the collaborative effort to develop PQC solutions continued to progress. However, Rabin emphasized the importance of increased testing and scrutiny of NIST PQC algorithms in light of the error in Chen’s paper.
Looking ahead, C-suites are advised to consider their post-quantum migration efforts, even though quantum computing may not be fully realized for another five to 10 years. The potential threat of attackers harvesting encrypted data now to be decrypted later using PQC algorithms is a critical concern. Experts recommend adopting a hybrid cryptographic approach, incorporating PQC alongside current encryption methods to fortify data protection.
Moreover, organizations are advised to refrain from using public-key cryptography for data that requires long-term encryption. Instead, the adoption of secret key cryptography is recommended for safeguarding sensitive information over extended periods. By implementing these precautions and continuing to advance PQC research, the industry aims to strengthen cybersecurity measures in anticipation of future technological advancements.