Skip to main content

Filter by topic and date

Filter by topic and date

IETF launches post-quantum encryption working group

23 Feb 2023

As research organizations and tech companies embrace quantum computing, many cybersecurity experts have worried that the upcoming super-powerful machines will be able to crack current encryption methods within minutes, exposing people to surveillance or cybercrime.

PQUIP Blog post

The IETF has responded to these concerns by launching, in January, a new working group, called Post-Quantum Use In Protocols, or PQUIP, that aims to coordinate the use of cryptographic protocols that are not susceptible to large quantum computers.

There are already efforts outside the IETF to develop post-quantum encryption methods, and a handful of IETF working groups have begun work on standardizing revised protocols to meet the quantum challenge. PQUIP aims to support “this growing body of work” at the IETF and facilitate the evolution of protocols, according to the working group’s charter.

The plan is to examine quantum-related concerns and ideas, with PQUIP leaving standardizing to other IETF working groups, noted Sofia Celi, a cryptography researcher at Brave Software and co-chair of PQUIP. The working group aims to discuss and provide suggestions for transition issues, she added.

“The idea of the working group is to be a standing venue to discuss post-quantum cryptography [PQC] from an operational and engineering side,” Celi said. “It is also a venue of last resort to discuss PQC-related issues in IETF protocols that have no associated maintenance on other working groups that the IETF has.”

It is unclear when or if so-called cryptographically relevant quantum computers [CRQCs] will be able to break existing encryption methods, with a few researchers suggesting it could happen as soon as a decade and others predicting fifty years or more. 

As Celi notes, “Experts in the field have given wildly different estimated timelines based on many factors. It is possible that CRQCs might never exist because the error rates for quantum computers might always be too high to build a large enough computer to break current cryptography.”

However, with the possibility that these powerful quantum computers will eventually exist, the IETF and other groups are working to proactively protect Internet communications. She added, “If CRQCs can be built, we want PQC algorithms specified, tested, and deployed well before the first CRQC is operational,” she said.

The good news, Celi said, is that work on post-quantum cryptography is well on its way. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) launched a post-quantum cryptography standardization process back in 2016, and it announced its first group of algorithms in July 2022 for key exchange and signatures, with additional algorithms expected in the future. Other international organizations are also working on post-quantum computing algorithms, she noted.

Most protocols and technologies that provide security or privacy and use quantum-threatened cryptography can be migrated to post-quantum algorithms..

“Many of the algorithms that have been chosen to be standardized by the post-quantum NIST process are usable in today’s systems and networks,” Celi said. However, “these algorithms have some constraints – higher computational costs and larger sizes – that should be carefully considered when integrating them into protocols and technologies.” The PQUIP Working Group, and the other working groups in the IETF, will investigate how to integrate PQC algorithms in today’s protocols.

Discussions are already underway on the PQUIP working group mailing list, with the first meeting is expected to take place at the IETF 116 Yokohama meeting being held 25-31 March 2023.

Share this page