The security of many software programs and an untold quantity of data relies on the fact that they are encrypted. A public key is used to encrypt the content, and then a private key is used to decrypt it. If any eavesdropper does not know this key then they must work it out, a long and tedious process with today's computers. Whether this key relates to a temporary code for an online purchase by debit card or a communication between a staff officer and a soldier in the field, the time spent gaining access to it renders it obsolete or less valuable. A good encryption is therefore one that blocks intruders for long enough.
But the computational power of quantum computers means that encryptions currently considered totally secure will be broken in next to no time at all. Given the imminent arrival of quantum computers, which should attain sufficient power to compromise the security of communications in the next 15 years, developing a new form of cryptography and incorporating it into communication protocols has become a major objective. And what's more, it is an objective that is already here, since some data communicated today must still be difficult to access tomorrow.
Provide post-quantum encryption keys
It was to withstand post-quantum computational capabilities that Cryptonext Security was set up in Paris in June 2019, after three years of preparation. The two founders, Ludovic Perret and Jean-Charles Faugère, come from Polsys, the research team jointly affiliated with Inria and the Sorbonne. This team is renowned internationally as one of the best at resolving nonlinear systems using exact algorithms. These are very effective algorithms for solving systems of algebraic and polynomial equations.
One of the practical applications of these algorithms is their use in cryptology. They can generate encryption keys that go beyond all computational capabilities (including those of a quantum computer) by making it necessary to solve systems of algebraic or linear equations that have a colossal number of solutions, while at the same time imposing constraints on the right solution for decryption.
"Mathematically, traditional public-key cryptography is based on the concept of factoring large numbers," explains Jean-Charles, managing director of Cryptonext Security. "Now we need to find new problems that are extremely complicated to solve. An example would be systems of large nonlinear equations."
The race for standardisation
However, within the technology that will be applied some day in the future for public-key encryption, several methods are possible, and these need to be standardised. This process is under way via a competition launched by NIST (the US National Institute of Standards and Technology). It will determine which technologies perform best and thus which ones will represent the standards of tomorrow. Of the 80 solutions that lined up to start with, 26 now remain.
In this "race for standardisation," Cryptonext Security is well positioned, with its software based on the resolution of algebraic equations competing in the semi-finals.
Having an algorithm among the finalists is recognition of the quality of our work," says a thrilled Ludovic, chief executive of Cryptonext Security. "And by taking part in this definition of standards, we can anticipate and be one step ahead with our software.
No time to lose!
Yet we cannot wait for standards to be adopted to integrate the solutions of tomorrow. From the lightbulb in the living room to the onboard computers in vehicles, not to mention mobile phones, when the time finally comes, billions of connected objects will need to be updated to be quantum-ready. And it is essential for stakeholders to see very far ahead. For instance, the onboard systems on planes are not certified after approval.
"So we have incorporated different technical solutions into our software that are compatible with current standards as well as those of the future," explains Jean-Charles. "What we offer could be thought of today as an additional layer of security. But with the advent of the quantum computer, the first layer, the one currently considered safe, will become meaningless!"
The end user is unaware of the encryption solutions that come into play when they use connected devices, and the increasing complexity of encryption will not change that, stresses Ludovic. We already offer our solutions to companies that are careful about confidentiality and security when exchanging data via the internet, such as banks, or the army when it sends encrypted information to communicate with one of its planes.