Thales pilot hybrid cryptography for digital security vulnerable to quantum attack
- Thales, the leader in advanced technologies, successfully experimented with end-to-end encrypted phone calls and tested them to be resilient in the Post Quantum era.
- The pilot was performed with the Thales ‘Cryptosmart’ secure mobile app and 5G SIM cards installed in today’s commercial smartphones, testing a mobile-to-mobile call, voice/data encryption, and user authentication.
- Any data exchanged during the call is set to be resistant to Post Quantum attacks thanks to a hybrid cryptography approach, combining pre-quantum and post-quantum defense mechanisms.
Feb 24, 2023 – Thales has created the first real-world application of Post Quantum Cryptography (PQC) in its flagship secure ‘Cryptosmart’ mobile app, leveraging 5G SIM for PQC. In the pilot, hybrid cryptography (pre and post-quantum crypto) was used in a phone call between two devices to protect the information exchanged during the call. Thales has invested in and tested post-quantum cybersecurity technologies over the last decade in order to prepare for these emerging threats.
Even if today’s quantum computer prototypes (computers that can perform certain tasks much faster than today’s computers on a large scale) are still far from posing a threat to public key cryptography, it is critical to begin investigating resilient solutions. For example, there is a variant of “store now, decrypt later” attacks that consists in storing today’s exchanged data and messages in order to decrypt these messages once Quantum Computers are available. This means the majority of digital infrastructure security based on public key cryptography (PKC) may already be vulnerable to a quantum attack.
Such threats are relevant for scenarios involving highly sensitive information, such as classified information exchanged over an encrypted phone call. To address these threats, Thales created a proof of concept to test the scalability and quality of its solutions, which range from 5G SIM cards to secure communication software.
A branch of encryption known as post-quantum cryptography examines methods that are resistant to attacks from quantum computers. Since they rely on challenging mathematical issues that quantum algorithms can efficiently answer, current widely used public-key techniques are susceptible to quantum computing. In post-quantum cryptography, new algorithms are created based on various difficulties that are challenging for both classical and quantum computers.
This first real-world quantum-protected mobile solution, which combines Thales’ ‘Cryptosmart’ application and its 5G SIM, employs hybrid cryptography, as recommended by the NIST (National Institute of Standards and Technology). ‘CRYSTALS-Kyber’, one of the four algorithms selected by the NIST, is the PQC algorithm natively implemented in the 5G SIM and used by the Cryptosmart application to encrypt communication.
“Building defences against threats that do not yet exist may appear to be a daunting task. That is exactly the prospect that the global cybersecurity community faces with the impending arrival of quantum computing. The post-quantum era is still years away, but as quantum computing becomes more prevalent, practicing crypto agility now with such pilots and trials are helping Thales and its customers get prepared”said Philippe KERYER, Executive Vice President Strategy & Technology at Thales.
Thales is a global leader in advanced technologies, investing in digital and “deep tech” innovations — connectivity, big data, artificial intelligence, cybersecurity, and quantum computing.