Engineering News

Xiao Wang Part of Group Investigating Post-Quantum Security

Hackers with quantum computers could threaten the security of general internet users

Quantum computers could one day change the face of technology. Their raw power may have the ability to perform tasks regular computers could never approach.

While that muscle brings potential, it also presents challenges. Hackers with quantum computers could threaten the security of general internet users, making it important to standardize the cryptography that will be used in the next 20 to 30 years. 

Xiao Wang

A team including Northwestern Engineering’s Xiao Wang, assistant professor of computer science, is in a competition to combat that issue. 

The group is taking part in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization Process. The contest began in 2017 with 69 different candidate algorithms, but three years later, the submission process is down to 15.

Wang’s group’s algorithm, named Picnic, is designed to provide security against attacks by quantum computers, in addition to attacks by classical computers. The goal for Picnic, Wang said, is to come up with digital signatures that are secure against quantum computers, while at the same time achieving a practical balance between efficiency and security.

Currently, when a website is opened with HTTPS, there’s an authentication process making sure the site is legitimate. Usually, the cryptographic algorithms assuring authenticity are based on a hardness assumption like factoring large numbers into prime factors. With contemporary computers, that is not easy to hack through. For quantum computers, that can be done with relative efficiency, meaning they can break prime factorization easily.

“We need to come up with new schemes that are secure against quantum computers,” Wang said. “Picnic is built purely on top of symmetric-key primitives, so it does not rely on public-key cryptography, and that makes the system very robust.” 

Because of the COVID-19 pandemic, the review period has been extended, adding another six months to the process. By 2022, NIST is planning to release the first standard for quantum-resistant cryptography when the winner will likely be announced.

Along with Wang, the group includes members from Aarhus University, AIT Austrian Institute of Technology GmbH, Cornell Tech, DFINITY, Georgia Institute of Technology, Graz University of Technology, University of Maryland, Microsoft Research, and the Technical University of Denmark.