Cryptography: how to protect critical systems in the quantum era

The advent of quantum com­put­ing rep­res­ents a major tech­no­lo­gic­al revolu­tion, but also an unpre­ced­en­ted threat to digit­al secur­ity. First of all, quantum com­put­ing holds great poten­tial in terms of data stor­age and com­put­ing power, as well as mul­tiple applic­a­tions in the fields of sim­u­la­tion and optim­isa­tion, with revolu­tion­ary pro­spects in the chem­ic­al, phar­ma­ceut­ic­al and digit­al indus­tries for example¹. It there­fore rep­res­ents a tech­no­lo­gic­al break­through that could bring many bene­fits to a soci­ety cur­rently facing major eco­nom­ic and soci­et­al chal­lenges².

Asym­met­ric encryp­tion algorithms, com­monly used to secure elec­tron­ic com­mu­nic­a­tions, are par­tic­u­larly vul­ner­able. While con­ven­tion­al com­puters take thou­sands of years to solve these prob­lems, a quantum com­puter could do so in just a few hours, as illus­trated by Shor’s algorithm described in 1994³, which is cap­able of factor­ing large num­bers expo­nen­tially faster than con­ven­tion­al meth­ods. In fact, the fac­tor­isa­tion prob­lem posed by cer­tain encryp­tion algorithms (in par­tic­u­lar RSA) can be trans­formed into a prob­lem of find­ing a peri­od in a func­tion; solv­ing this second prob­lem is accel­er­ated by the super­pos­i­tion of quantum states⁴. Sim­il­arly, Grover­’s algorithm⁵ threatens sym­met­ric encryp­tion mech­an­isms (AES) and hash func­tions (SHA).

The devel­op­ment of machines cap­able of exploit­ing this vul­ner­ab­il­ity could have dis­astrous con­sequences for gov­ern­ments. These could include acts of indus­tri­al espi­on­age, sab­ot­age of crit­ic­al sys­tems, iden­tity theft and even manip­u­la­tion of elec­tions, with sig­ni­fic­ant reper­cus­sions for nation­al secur­ity and social sta­bil­ity. How­ever, in 2025, quantum com­puters are still at the exper­i­ment­al stage. Only organ­isa­tions with con­sid­er­able resources and advanced tech­no­lo­gic­al skills are cap­able of imple­ment­ing these actions⁶. To put it simply, gov­ern­ments need to pro­tect them­selves against powers cap­able of devel­op­ing “nuc­le­ar weapons”.

To deal with this threat, it is imper­at­ive that gov­ern­ments anti­cip­ate and imple­ment a strategy for the trans­ition to post-quantum cryp­to­graphy. This approach involves devel­op­ing encryp­tion algorithms that are res­ist­ant to quantum attacks, thereby guar­an­tee­ing the secur­ity of com­mu­nic­a­tions in the era of quantum com­put­ing. These algorithms must not be based on dis­crete fac­tor­isa­tion or log­ar­ithm prob­lems, which are vul­ner­able to quantum technology.

The US Nation­al Insti­tute of Stand­ards and Tech­no­logy (NIST) has selec­ted three of the most secure and effi­cient post-quantum algorithms fol­low­ing a rig­or­ous selec­tion pro­cess⁷:

• ML-KEM (ori­gin­ally known as Crys­tals-Kyber), designed to secure access to sites via a pub­lic channel.
• ML-DSA (formerly Crys­tals-Dilith­i­um), which gen­er­ates elec­tron­ic sig­na­ture keys for secure doc­u­ment exchanges and communications.
• SLH-DSA (formerly Sphincs+), which gen­er­ates smal­ler pub­lic elec­tron­ic sig­na­ture keys.

The ML-KEM and ML-DSA algorithms are based on the dif­fi­culty of find­ing short vec­tors in a struc­tured Euc­lidean net­work. Fur­ther­more, as explained in an ANSSI (Agence nationale de la sécur­ité des sys­tèmes d’in­form­a­tion) ana­lys­is note⁸, there is a pos­sib­il­ity that a weak­ness will be dis­covered, enabling a rap­id res­ol­u­tion of the cryp­to­graph­ic prob­lem posed. The SLH-DSA algorithm is based on the secur­ity of hash functions.

In addi­tion, ANSSI recom­mends the use of hybrid­isa­tion, which con­sists of com­bin­ing post-quantum asym­met­ric algorithms, still under devel­op­ment, with well-estab­lished and proven tra­di­tion­al asym­met­ric encryp­tion meth­ods. This com­bin­a­tion offers double pro­tec­tion until post-quantum algorithms reach a suf­fi­cient level of matur­ity to guar­an­tee long-term secur­ity on their own.

The trans­ition to these new algorithms requires a great deal of work and will there­fore be gradu­al. It will take sev­er­al years to replace all exist­ing sys­tems with secure solu­tions. To achieve this, a sig­ni­fic­ant invest­ment in the cryp­to­graph­ic skills of the staff respons­ible for pro­tect­ing sys­tems, data and digit­al exchanges must be made now, over a multi-year peri­od. Indeed, a later invest­ment is likely to gen­er­ate very high adapt­a­tion efforts in a par­tic­u­larly con­strained time­frame, with high risks vis-à-vis extern­al entities.

To guar­an­tee the secur­ity of state ser­vices, a thor­ough assess­ment of the risks asso­ci­ated with quantum tech­no­lo­gies must be car­ried out. This involves not only under­stand­ing the cap­ab­il­it­ies of quantum com­puters but also assess­ing the poten­tial impact on exist­ing secur­ity sys­tems. In par­tic­u­lar, it is essen­tial to identi­fy the most sens­it­ive data, pro­cesses and exchanges, so as to focus secur­ity efforts on the most crit­ic­al points. To do this, the deliv­er­ables of the EBIOS (Expres­sion des Besoins et Iden­ti­fic­a­tion des Objec­tifs de Sécur­ité – Expres­sion of Needs and Iden­ti­fic­a­tion of Secur­ity Object­ives) meth­od should be used for the entire inform­a­tion sys­tem under con­sid­er­a­tion⁹.

Post-quantum risk assess­ment requires a glob­al and coher­ent approach. It is vital to adapt exist­ing risk ana­lyses, which are based on the EBIOS meth­od, to incor­por­ate the new threats posed by the emer­gence of quantum com­put­ing. It is also essen­tial to coordin­ate the ana­lyses car­ried out in isol­a­tion for each sys­tem or applic­a­tion. An aggreg­a­tion phase is there­fore neces­sary to obtain a sys­tem­ic view of the risks and define a glob­al secur­ity strategy. This approach makes it pos­sible to identi­fy the inter­de­pend­en­cies between the vari­ous ele­ments of the inform­a­tion sys­tem and to put in place appro­pri­ate pro­tec­tion measures.

The EBIOS meth­od makes it pos­sible to identi­fy not only the risks but also the sens­it­iv­ity of the data held, which is cru­cial if the inform­a­tion sys­tem is to be pro­tec­ted. It is essen­tial to dis­tin­guish between crit­ic­al data, the loss of which could have a vital impact, and data that can be com­prom­ised with few­er con­sequences. This assess­ment will make it pos­sible to pri­or­it­ise pro­tec­tion efforts and ensure that secur­ity meas­ures are adap­ted to the level of sens­it­iv­ity of each type of data.

Con­sid­er­a­tion should also be giv­en to the pos­sib­il­ity of adapt­ing secur­ity pro­ced­ures by revert­ing to phys­ic­al means, such as paper, if neces­sary. This approach can enhance the pro­tec­tion of sens­it­ive inform­a­tion, par­tic­u­larly in high-risk situ­ations. The use of single-use codes is also a prom­ising strategy. These codes, which have an expiry date of one to two months, can enhance secur­ity by lim­it­ing the pos­sib­il­it­ies of unau­thor­ised access.

In con­clu­sion, the quantum threat rep­res­ents a major chal­lenge for the digit­al secur­ity of gov­ern­ments and oper­at­ors of vital import­ance (energy, com­mu­nic­a­tions, trans­port, power, etc.). To meet these threats, it is essen­tial to anti­cip­ate them, invest in innov­at­ive solu­tions, mobil­ise human and fin­an­cial resources and pro­mote inter­na­tion­al cooperation.

Quantum com­put­ing will soon be cap­able of neut­ral­ising cur­rent encryp­tion sys­tems in record time, which means that we need to start adapt­ing quickly and thor­oughly right now. To achieve this, the trans­ition to post-quantum cryp­to­graphy will need to be coupled with robust secur­ity meas­ures and increased aware­ness, which are neces­sary to guar­an­tee our digit­al sovereignty.

Finally, it is vital to take a glob­al approach to the secur­ity of digit­al ser­vices, integ­rat­ing the tech­no­lo­gic­al, sys­tem­ic and human dimen­sions. The emer­gence of quantum tech­no­lo­gies is a major chal­lenge that needs to be addressed along­side cur­rent threats.