TAIPEI (Taiwan News) — Not many people are dedicated to the study and application of quantum-resistant or post-quantum cryptography (PQC) in Taiwan, but one young data scientist at Academia Sinica believes engagement in the field is attainable, despite its apparent complexity and knowledge barrier.

Assistant Research Fellow at Academia Sinica’s Research Center for Information Technology Innovation, Tung Chou (周彤), has for the past decade been focused on the field of quantum-resistant encryption. He started as a programmer before delving into quantum-safe cryptography.

Chou suggested that those with an interest in cryptography should begin with a branch of knowledge they specialize in. For example, Chou said, mathematicians can leverage their expertise in mathematical analysis, while broadening knowledge from research papers outside their area of specialization.

"I invested a significant amount of time in reading research papers, integrating theory and practice to eventually nail down my focus in post-quantum cryptographic research," Chou said.

He encouraged cryptography researchers to step out of their comfort zone and delve into diverse disciplines and topics. “I reached out to professors of different specialties on various cryptography topics throughout my graduate studies, invested a significant amount of time in reading research papers, exposed myself to various disciplines which I am not familiar with, and that altogether inspired me to create efficient cryptographic algorithms. It is a rewarding journey,” he said.

Chou believes that in Taiwan, Academia Sinica researchers have been the most dedicated group studying PQC, but he hopes more new blood, outside the country's top research institution, is brought into the field. His observation is based on his participation seven years ago in an American cryptography contest when the contestants were diverse and came from both academia and industry.

PQC learning journey

Chou’s learning journey consisted of two phases: master's degree studies under Academia Sinica Research Fellow Yang Bo-yin (楊柏因), who guided him to solve multivariate polynomial equations intended for launching attacks on cryptosystems, including multivariate cryptography, and PhD studies in the code-based public-key cryptosystem introduced by McEliece in 1978. In addition, in 2017, he competed on a team at the Post-Quantum Cryptography Standardization competition, hosted by the National Institute of Standards and Technology (NIST). His role was to optimize software and improve the public-key generation algorithm.

“The McEliece cryptosystem has remained remarkably stable over 40 years, surviving numerous attacks and garnering confidence among academics and experts in cryptography. It was naturally the first choice that many NIST's contesting quantum-resistant cryptography algorithms have leveraged over the past 20 years, though there were variations made to compress public keys," Chou said.

"The conservative code-based cryptographic algorithm is known for its fast speed of executing the encryption and decryption, and it is applicable on desktop and mobile devices," he added.

However, McEliece has a drawback — its key sizes are very large. Chou explained that in public key cryptography, two keys are used. "One key is used for encryption (public key), and another is used for decryption (private key)." The one for encryption (public key) can be accessed by anyone for viewing and encrypting, while the encrypted data can be sent back to the holder of the private key.

In general, the size of the public key is large and comes with many restrictions while encrypting, Chou said. "The public key size is around one megabyte, so transmitting public keys can be expensive for mobile devices,” he said.

When asked whether the key size can be trimmed to solve the problem, Chou said it remains a topic of debate. "There have been NIST PQC contestants trying to shorten the large public key size by modifying its mathematical structures, but whether it comes at the expense of its safety is still unknown," he said.

However, Chou said he prefers that the key remains at its current length. The algorithm has been unbreakable for over 40 years, Chou said, which demonstrates the cryptography community’s unshakable belief in it.

"I do not know whether the NIST would announce McEliece as a cryptographic standard to resist the advent of quantum computers, but I do hope the post-quantum cryptosystems can be extensively applied in various devices in the future," he said.

Better early than late

In Taiwan, the ecosystem is still being built up as the talent pool for post-quantum cryptography has room for improvement, and the legal hurdles should be removed to make the ecosystem robust, Chou said. In Europe, on the other hand, a strong post-quantum cryptography ecosystem already exists, which gathers mathematicians, algorithm experts, and those who are good at securing devices from hackers, from stealing data on encrypted mobile devices.

There are businesses dedicated to promoting PQC, which has been around for decades. Thanks to their efforts, people living in Taiwan, unknowingly, enjoy financial and internet services secured by cryptography, such as accessing the internet and using ATMs.

However, Chou warned there is a lot of software and hardware that still adopts outdated cryptographic algorithms, putting their sensitive data at risk. He called on businesses and government institutions for early migration to quantum-safe cryptography to keep data safe from quantum algorithm-based attacks in the future.

He uses the Hypertext Transfer Protocol Secure (HTTPS) as an example, which is an encrypted and secure version of the HTTP protocol, saying HTTPS is, however, not encrypted based on quantum-safe technology.

Chou recommended government and education institutions, businesses, and big tech companies assess their cryptographic systems, adapt their hardware and software, and phase out old systems for new ones, in particular, those storing sensitive and important data. It will be too late to migrate to the new cryptographic system when quantum computers become a reality.

Chou said that although some people might think that quantum computers will be ready in 10 or 20 years, and they can start to work on the migration then, "it is a problematic mindset,” he warned. "We believe that bad actors are gaining access to currently encrypted data and would decrypt it at a later time using a quantum computer," Chou said.

He advises all parties to rethink their data security and decide what should be protected over a longer time frame and begin planning for migration to a quantum-proof space.

Chou said, "As a cryptography professional, I do hope everyone's data can be protected by this powerful algorithm, regardless of their socioeconomic status. The PQC should be extensively introduced into all devices nationwide as early as possible.”

“I understand there is a long way to go because the cryptographic protocol is not Taiwan’s strong point, but we have to run fast," Chou concluded.