To resist the “quantum threat”, developing quantum-resistant cryptographic algorithms will be the general trend

China National Radio Shanghai June 12th News (Reporter Feng Li) The 10th China (Shanghai) International Technology Import and Export Fair opened at the Shanghai World Expo Exhibition and Convention Center on June 12. The Commercial Cryptography Exhibition and Cryptography Application and Innovation Development Conference focused on the integration and innovation of new technologies such as quantum computing cryptography, cryptography technology and artificial intelligence, blockchain, privacy computing, and zero-trust systems, as well as demonstration application scenarios, attracting dozens of well-known cryptography-related companies to participate.

With the promulgation and implementation of a series of laws and regulations such as the “Cryptography Law” and the “Regulations on Commercial Cryptography Management”, my country's commercial cryptography has accelerated its integration with various fields of the digital economy and digital society. Influenced by the new digital economy model, the application demand for commercial cryptography in important areas related to national economy and people's livelihood, such as government affairs, finance, and communications, has grown rapidly, and it also plays an important role in emerging fields such as smart cities, cloud computing, Internet of Vehicles, and industrial Internet.

Zhang Xiaoyu, deputy general manager of Geer Software, said in an exclusive interview with a reporter from China National Radio that cryptographic technology is more about the underlying work and is difficult to be seen by users in daily life. Whether for personal or national information security, quantum-resistant cryptography (also known as post-quantum cryptography, abbreviated as PQC in English) is very important.

Having been deeply involved in the cryptography industry for many years, Zhang Xiaoyu has a clear understanding of the “past and present” of cryptographic algorithms and has a deep insight into the development trends of cryptographic technologies at home and abroad. In Zhang Xiaoyu's view, with the development of quantum computing at this stage, the adoption of quantum-resistant cryptography in the future is a major trend in the industry. At the same time, if traditional cryptographic algorithms are switched to quantum-resistant cryptographic systems, it will not only “affect the entire system”, but also require a lot of cost support. How to solve the cost and seamless migration of various systems is actually the most important issue for all customers and cryptographic companies.

“In August 2023, the National Institute of Standards and Technology (NIST) of the United States officially announced the third round of draft standards for post-quantum cryptography (PQC) algorithms, and the fourth round of draft standards for algorithms will also be released to the public in the second half of this year. In 2022, the National Security Agency (NSA) of the United States issued a call for organizations of all sizes to migrate to quantum secure encryption by 2035.” Zhang Xiaoyu said that quantum computing technology is developing at an accelerated pace, and with each additional quantum bit, the computing power of a quantum computer increases exponentially by 2.

“In this situation, the traditional public key cryptography system is vulnerable. If other countries have set up a 'protection wall' in advance and our country has not, there will be no 'secrets' about the information security of our individuals and the country. It is really important and urgent to accelerate the layout of quantum-resistant cryptographic algorithms and resist the 'quantum threat'.” Zhang Xiaoyu said.

The following is the specific content of the interview with Zhang Xiaoyu by the reporter of China National Radio:

CNR: What is quantum-resistant cryptography technology? What are the core differences between it and traditional cryptography technology?

Zhang Xiaoyu: Post-quantum cryptography is also known as quantum-resistant cryptography, or Post-quantum Cryptography (PQC). Post-quantum cryptography is a new generation of cryptographic algorithms that can resist attacks by quantum computers on existing cryptographic algorithms.

The so-called “post” is because with the emergence of quantum computers, most of the existing public key cryptographic algorithms (RSA, Diffie-Hellman, elliptic curves, etc.) can be broken by sufficiently large and stable quantum computers, which can be called “pre-quantum” algorithms. New cryptographic algorithms that can resist such attacks can survive after quantum computing breaks through the critical point, so they are called “post-quantum” cryptography. Some people also call it “anti-quantum cryptography”, which means the same thing.

The security of the public key cryptography algorithm (RSA) relies on the difficulty of solving mathematical problems. Some people say: Wouldn’t it be safer to increase the length of RSA from 1024 to 2048 bits or even longer? For quantum computers and algorithms, this is futile unless the length is increased to 1GB or longer. But in this case, the cost is extremely high and the algorithm cannot be used. Unlike the RSA algorithm, quantum-resistant cryptography relies on new mathematical problems, such as those based on algebraic lattices or multivariable functions.

China National Radio: In the field of cryptographic technology innovation, what innovations and applications has Gel Software made, and what cryptographic technology achievements has it achieved?

Zhang Xiaoyu: Geer Software is a company with a long history in the field of cryptography technology. It has been established for more than 20 years since 1998, which is rare in China. In the early days, cryptography technology was probably mostly done by research institutes in China, but after the company founder learned about the application and progress in this area abroad, he believed that it was a direction with development potential.

Over the past 20 years, from the advent of Windows hosts to mobile Internet and then to “cloud” technology, the entire IT environment has undergone tremendous changes, but the goal of Geer Software has remained basically unchanged. Of course, as a company engaged in cryptography, we always pay attention to changes in cryptography and cryptographic technology.

Nowadays, when people apply for bank cards, there is usually an IC card chip on the card, which contains the password. Around 2000, the company established a root key system for IC cards for the People's Bank of China, and later participated in the formulation of various cryptographic industry standards. Overall, we entered the cryptographic industry relatively early.

At the same time, our products cover a wide range of fields. In the past 20 years, Gel Software has adhered to the research and development concept of “self-developed and controllable key technologies, and secure and easy-to-use cryptographic products”, and has successively developed products such as security authentication gateways, digital certificate authentication systems, server cryptographic machines, cloud server cryptographic machines (cryptographic modules), signature verification servers, timestamp servers, and key management systems. It has gradually formed a series of product portfolios covering cryptographic foundations, identity management, access control, data security, and other fields, which constitute the product system of Gel Software. The company has won two national second prizes for scientific and technological progress, which can be seen as a recognition of Gel's innovation capabilities by the country.

CNR: How does GEL Software apply quantum-resistant cryptography technology to actual products?

Zhang Xiaoyu: At present, we have five core products that actually support quantum-resistant cryptographic algorithms, including cryptographic machines and key management systems. This means that our products have already realized the characteristics of resisting “quantum threats”, but we are also waiting for national standards. The algorithm standards in the United States are scheduled to be officially released in August this year. Our products will continue to be fine-tuned while waiting for the standards, and the company's products will be officially released after the relevant standards are released.

According to many experts, China's standards may be a little late because we started late, so we must speed up the process now.

CNR: What innovative measures has GelSoft taken in the research and development of quantum-resistant cryptographic technology?

Zhang Xiaoyu: For ordinary individuals, quantum-resistant cryptographic technology is actually not noticeable at all, just like when people use mobile phones to pay, they don’t feel the cryptographic technology involved. All they feel is that they have swiped their face or pressed their fingerprint. So more of the work of cryptographic technology is actually reflected at a lower level, and it is not actually visible to users. For example, our equipment provides quantum-resistant cryptographic algorithm capabilities and is deployed on the user side, which may not be noticeable to the public in daily use. For example, when people log in to online banking, they may still open it as usual, but the algorithm used for network connection has been replaced, which will not affect your daily usage habits.

CNR: What are the current difficulties and bottlenecks in the field of quantum-resistant cryptography?

Zhang Xiaoyu: The advantage of Geer Software is that we understand various application scenarios. We think adding an algorithm is not particularly difficult because we have implemented many algorithms. The most difficult thing is how to seamlessly migrate users' historical systems and historical data. Users already have a large number of systems in use, and we cannot ask users to stop using the traditional algorithms they are using and rebuild a new one. We actually hope that user data can be smoothly transferred over.

CNR: What role will quantum-resistant cryptography play in the field of information security?

Zhang Xiaoyu: From a national perspective, quantum-resistant cryptography is a very important core technology. From an enterprise perspective, on the one hand, how can enterprises protect their own security, and on the other hand, how can cryptographic enterprises protect the information security of other enterprises? We need to provide products and solutions. Especially the second point, a large number of financial transactions actually rely on cryptographic algorithms. Otherwise, if the electronic insurance policy purchased today is found to be forged 20 or 30 years later, it will definitely cause social chaos.

CNR: What are the development trends of quantum-resistant cryptography?

Zhang Xiaoyu: Because Geer Software has a long history of development, we have gone from having no industry standards to having standards. In the future, we will enter a new period, which means we will have to do another round of algorithm migration, from traditional cryptographic algorithms to quantum-resistant cryptographic algorithms. I think the cryptographic industry needs to take another step forward.

As science and technology have developed to the stage of quantum computing, it is imperative to adopt quantum-resistant cryptography. This is particularly important and urgent. At the same time, the process of switching cryptographic algorithms actually has a lot of costs. How to solve this cost and seamlessly migrate various systems is actually the most important issue for all cryptographic companies.

GER Software

We are one of the earliest manufacturers in China to develop and launch the Public Key Infrastructure (PKI) platform, one of the first designated production and sales units of commercial cryptographic products in China, a Class A qualified unit for computer information system integration involving state secrets approved by the State Security Bureau, and a core member of the National Information Security Standardization Technical Committee. The company is the responsible unit for the financial sub-project of the National “863” Plan Information Security Demonstration Project, and one of the leading units of the National Science and Technology Support Plan Commercial Cryptography Infrastructure (ECC) project. The company has twice won the second prize of the National Science and Technology Progress Award, the National Cryptography Science and Technology Progress Award and the Shanghai Science and Technology Progress Award. The company's registered capital is 231 million yuan.