top of page

Taiwan needs early quantum-safe migration to stay in the game

Taiwan advised to attract post-quantum cryptography talent, make migration cost as low as possible

TAIPEI (Taiwan News) — With more countries developing post-quantum cryptography (PQC), it has become necessary to make the transition to post-quantum encryption as soon as possible, and Taiwan is no exception as the country has seen a sharp increase in cyberattacks.

Dr. Yang Bo-Yin (楊柏因), research fellow at the Institute of Information Science, Academia Sinica, recently spoke with Taiwan News, and suggested the government form a consensus about the post-quantum transition and fund talent acquisition that can properly address the threats associated with quantum computers, which will easily be able to break cryptography currently used to protect our most sensitive data.

Sensitive data exposure

Looking at the future of cryptography, Yang said that in 30 years the words “post quantum” might no longer be in use as any crypto system that fails to withstand quantum decryption will all have been phased out.

When asked about when quantum computers could start breaking existing public-key cryptography, Yang said it’s still under debate. “It could be five years, ten years, or longer,” Yang replied.

He said there are tons of valuable and sensitive data that needs to be secured long-term, from government agencies, banks, to medical institutions. “Migrating from a non-quantum resistant public-key scheme to quantum-resistant public-key cryptography algorithms, will take at least around five to ten years, during this time institutions are vulnerable to cyberattacks that leverage quantum computers,” Yang added.

While cryptography sounds like something detached from everyday life, in information security applications, such as in full storage encryption in PC and handheld hardware, financial IC cards, and end-to-end encryption in SMS software, which everyone uses whether they know it or not, people are actually surrounded by cryptography applications today.

Yang said some national-level players are identifying and collecting sensitive encrypted data that they can crack once quantum computers are available.

To improve cybersecurity, the U.S. issued a National Security Memorandum in 2022 requesting all federal agencies and their contractors to switch to quantum decryption-resistant technology as possible by 2035. "Many thought this was too slow, but to make this happen earlier would require a lot more talent and resources than is available," he put.

How PQC started

"Post-quantum cryptographic algorithms didn’t just appear today; they were first introduced in 1978, when Robert McEliece developed such an asymmetric encryption algorithm. After Shor showed classical public-key cryptography - RSA and Elliptic Curves Cryptography - to be crackable using quantum technology in 1994, some people realized the need for new cryptography."

In 2003, the term “post-quantum cryptography” was coined to differentiate quantum-resistant crypto systems from conventional ones. It is not a brand-new discipline, nor does it only deal with brand-new crypto systems. It has only seen increased attention in the last 7 to 8 years.

In 2006, a group of researchers of post-quantum cryptography got together and held the first PQCrypto – an annual conference on post-quantum cryptography. It is not the top-rated or most famous conference but still attracts plenty of academic and industry interest.

"Yang talked about the progress of IBM in quantum computing, which has been one of the frontrunners. IBM scientists simulated quantum bits with seven hydrogen atoms in a large molecule 25 years ago. They were able to run Shor’s quantum integer-factoring algorithm to factor the number 15 as three times five. The number of qubits has only increased into the hundreds today. This does not sound like a big quantitative advance but present-day qubits are scalable as in trapped atoms or superconducting elements, so qualitatively there has been a big leap forward.

Yang said he has researched quantum-safe cryptography for 20 years. He said part of the reason for working on quantum-safe cryptography is simply the beauty of the research and intellectual curiosity, which is partly a religious issue, sort of like why some people climb mountains – because the mountain is there."

Mindset needs to change

Yang believes that both the theory and the practice of post-quantum cryptography need to be studied, and Taiwan’s strength in semiconductor manufacturing should be a key strength which makes it possible for Taiwan to develop a strong industry presence in PQC, a playground that Taiwan cannot afford to be absent from.

Yang made three suggestions for the government. The first is to build consensus among stakeholders and the public, second is that the government should take a proactive role by not only clearing legal hurdles but also making software safe, efficient, and free to all parties, and third is to attract overseas scientists and engineers to work in Taiwan by providing generous financial incentives.

“We have to compete with Silicon Valley firms in acquiring quantum-safe cybersecurity talent and the compensation offered by the public sector should be generous enough to lure them to work in Taiwan,” said Yang. He used salaries at Google, IBM, and Amazon as examples, saying experienced R&D personnel are usually paid much more than their peers in Taiwan. Yang said higher salaries need to be offered across Taiwan’s information security sector, among others.

Yang said spending on talent and high-performance computing (HPC) needed for post-quantum cryptography research is much less costly compared to spending in the biomedicine, biochemical, and pharmaceutical sectors. “Fourteen years ago, I spent NT$1 million on a high-performance computing server and the machine was just retired,“ Yang said. “The sunken cost for post-quantum cryptography is not as high as for pharmaceuticals, where a single tube of reagents could run tens of thousands New Taiwan Dollars, but you also can’t expect to see returns in a short period of time,” he added.

"Another problem is that everyone inevitably treats security as a cost. Of course, it takes time and money to achieve security, but we have to make everyone aware that spending on security is both cost effective and also a “must,” Yang said. “You will endure ever rising costs from ever increasing security issues if you fail to offer a safe cryptography environment from the beginning.”

Actions needed

Yang advised government agencies, like in the U.S., to start demanding that in seven to 10 years contractors adopt quantum decryption-resistant technologies as part of a push in the transition to post-quantum cryptography in private sectors. A contractor will not switch to post-quantum unless pushed, if for nothing else, because the supply of programmers who could do a post-quantum system is smaller.

The government should also be making it more worthwhile for businesses adopting post-quantum technologies, because losses from being hacked would be so much more than what you would have paid out in transitioning to PQC. This is also why the government should be making much of the software safe, efficient, and free to all parties."

Yang encouraged public and private sector information security officers to make an action plan with a schedule to phase out old, non-quantum-resistant or insecure crypto systems and replace them with secure and post-quantum alternatives at a pace commensurate with their risks. To lower the cost incurred in transitioning to post-quantum cryptography, the government should spend resources on producing efficient and formally verified free post-quantum libraries for all to use and indemnify their use.

As for who to emulate in post-quantum cryptography, Asian countries are not very proactive in forming their own PQC ecosystems. Only in South Korea do we see that research teams are now competing to develop their own quantum safe cryptography standard. China also runs its own competition, although it will likely choose a state-backed national standard rather than one developed by any Chinese university or private sector company.

Yang said the Post-Quantum Cryptography Standardization Conference held by the National Institute of Standards and Technology (NIST) is designed to standardize one or more quantum-resistant public-key cryptographic algorithms, which usually end up as a global standard. That explains why the NIST competition is the most anticipated event among public-key cryptography specialists around the world.

Yang shared his own experience participating in the NIST competition last year. His team’s “Rainbow” multivariate signature scheme, which was based on the Unbalanced Oil and Vinegar (UOV) scheme, made it to the finals, but was eliminated after being elegantly cracked by young Belgium scholar Ward Beullens.

Yang did not view the defeat a complete waste of time. He said any new cryptography algorithm after being proposed will be parametrized for security and practicality, then enough people need to be convinced to use it practically. This was the case for both UOV and Rainbow, which shared most properties and implementation components.

It was natural to ask him at this point why UOV wasn't proposed instead. "Rainbow had made some efficiency-related modifications, the decision to do that being proven conclusively wrong by Beullens. However, UOV is still the front-runner in this round," he replied.

Stay abreast, stay safe

Yang said he preferred not to view quantum-safe crypto as an “advanced deployment,” but rather a necessary chore because everyone else is moving forward. “For each bet you make investing in quantum safe cryptography, there is always a risk that this could fail, but if you make no attempt, you are destined to lose the game,” Yang said.

Yang called on the public and private sectors in Taiwan to assess their encryption systems and switch to safer ones. Aside from Elliptic-curve cryptography (ECC) and Rivest–Shamir–Adleman (RSA), outdated algorithms like SHA-1 (Secure Hash Algorithm 1), MD5 (Message-Digest Algorithm) are still in use in many places, and Yang called for them to be phased out as soon as possible.

“Taiwan is already behind; we have to leverage our strengths in hardware to stay abreast of the post-quantum transition,” Yang concluded.

News Source:


bottom of page