Post-Quantum enables organisations to protect their data against code-breaking quantum computers. We have built a unique quantum-resistant encryption algorithm that can be applied to existing products and networks. It can be deployed as stand-alone encryption, replacing today’s vulnerable crypto-systems, or in conjunction with current standards, to provide compliance in the present as well as future security.
Our encryption is known as ‘Never-The-Same’, or NTS-KEM. This comes from the fact that the algorithm never generates the same ciphertext twice, even when the plaintext and encryption keys remain constant. Independent security analysis by Royal Holloway, University of London concluded that NTS is secure against chosen-ciphertext attack (CCA).
As part of the NIST standardisation process, we have merged our NTS-KEM with the submission led by Professor Daniel Bernstein. "Classic McEliece" is now the only finalist in NIST’s "code-based" category for standardisation. Professor Bernstein will need no introduction as being one of the top PQ cryptographers in the world and a prolific author and contributor to the crypto community.
Since our algorithm produces varying outputs, our encryption is considered semantically secure. This means that the ciphertext reveals nothing about the plaintext that can be feasibly extracted by computational means.
NTS is based on the McEliece cryptosystem, which relies on injecting random noise into a message. This noise is removed on decryption using error correcting techniques derived from the field of digital and satellite communication. Our co-founder Professor Martin Tomlinson is an expert in this area, having co-invented Tomlinson-Harashima Pre-coding, a data protocol used in many forms of satellite communication.
Post-Quantum has resolved the challenge of large key sizes that made the McEliece system impractical for many use cases. Both public key size and ciphertext size are smaller in NTS than in the standard McEliece cryptosystem. The public key size is reduced by 50% or more, and the ciphertext size is reduced by at least 10%.
The VPN is an essential tool for organisations’ staff, but it provides a route into an organisation’s systems for attackers. The key vulnerabilities are weaknesses in the cryptography securing the connection, and the user login and authentication process.
The current VPN standard, the Diffie-Hellman-based Internet Key Exchange Protocol, is vulnerable to attacks by quantum computers. Organisations need to introduce a quantum-resistant process, while maintaining compatibility with existing systems. Post-Quantum’s system enables quantum-safe key exchange, used if both sides of the connection are compatible with it, with the current standard (IKEv2) available if not.
Complete replacement of current key exchange systems would not offer the necessary assurance in the encryption system, so introducing an additional quantum-safe key exchange gives greater confidence. Our system aligns with NIST’s approach, recognising hybrid modes in which quantum-resistant algorithms are a component of an overall system that is FIPS compliant.
We have developed our system in line with Gartner’s recommendation of crypto-agility (‘Better Safe Than Sorry: Preparing for Crypto-Agility’, Gartner ID: G00323350), to help organisations end dependence on a single protocol. We can ensure a simple transition to the post-quantum era.
Post-Quantum can also enhance the login process, with user-friendly biometrics-based identity verification that cryptographically binds the user’s identity to their session.