The Nato Cyber Security Centre (NCSC) has performed successful tests of communication flows secured for a post-quantum world, using a virtual private network (VPN) designed and built by Post-Quantum, a UK-based quantum cyber specialist.
Generally accepted science holds that a quantum computer will in time be able to break most – if not all – current encryption methods, leaving email, secure banking and communications systems vulnerable to disruption from malicious actors. In time, this means all large organisations, technology companies and internet standards will need to transition to quantum-secure encryption. In Nato’s case, this makes preparing networks to withstand such threats an obvious priority.
“Securing NATO’s communications for the quantum era is paramount to our ability to operate effectively without fear of interception,” said Konrad Wrona, principal scientist at the NCSC. “With the threat of ‘harvest now and decrypt later’ looming over secure communications, this is an increasingly important effort to protect against current and future threats.”
The VPN’s creators were the original writers of an Internet Engineering Taskforce (IETF) standard for a hybrid post-quantum VPN, a standard that they claim makes possible a VPN that can withstand a quantum attack.
According to Post-Quantum, its technology blends both post-quantum and traditional encryption algorithms to ensure that data transiting the VPN can only be read by the intended recipient. This is on the basis that it will take a number of years for systems to migrate to quantum-secure technology, so for now it remains more realistic to combine cutting-edge algorithms with more traditional encryption to ensure interoperability into the future. The technology has already been proposed to the IETF for open standardisation.
The Nato project was funded via Allied Command Transformation’s Versatile Innovation Through Science and Technology Applications (Vista) framework, which is tasked with leveraging knowledge and research done by Nato enterprise, nations, academia and industry to “enable science and technology for accelerated warfare development”.
Post-Quantum has developed a suite of quantum-safe software products with a focus on identity, transmission and encryption, delivering end-to-end quantum-secure environments – many of them already being tested by organisations in government, financial services and critical national infrastructure (CNI).
Additionally, the firm is now the only remaining finalist in the code-based category in the US’s National Institute of Standards and Technology Post-Quantum Cryptography competition, which seeks to identify and standardise quantum-secure encryption. It proposes its NTS-KEM (also known as Classic McEliece) algorithm will one day form the basis of an open source cryptographic standard used to protect global digital information.
“Over 10 years of deep R&D means we are well placed to engineer real-world quantum-safe solutions,” said Andersen Cheng, CEO of Post-Quantum. “This project with Nato is an important milestone in the world’s migration to a quantum-safe ecosystem. Organisations would be wise to take action now.”