Security. Data encryption forced to reinvent itself

A countdown has begun in the minds of many cryptography experts, one imagines accompanied by an anxiety-inducing beep. While they may not be certain of its duration, they know its destination: the moment T when current asymmetric encryption methods will become as effective as a cardboard lock, because there will be a quantum computer capable of breaking them. The catastrophe even has a name, one that would make clean rooms shudder: the Cryptocalypse.

How much time do we have left? Between ten and fifteen years, according to a study by the German Federal Office for Information Security (BSI). In reality, the threat already exists, in the form of a retroactive attack possibility. One could imagine a malicious actor intercepting and storing the communications of a state or company, which they would decrypt as soon as they had a sufficiently powerful quantum computer .

In France, the French National Agency for Information Systems Security (ANSSI) is beginning to sound the alarm after noting the vulnerability of a majority of vital operators. Last month, the European Union urged its member states to immediately switch to post-quantum cryptography, starting by 2030 for certain sensitive uses. The switch has already begun. If you surf the web with the Chrome browser, you're probably unknowingly using post-quantum encryption.

“If the cryptography we currently use were to be broken, the consequences for digital infrastructure would be devastating,” insists the EU roadmap. No more data confidentiality, no more secure transactions, no more electronic signatures or reliable authentication systems: a nightmare. To avoid this scenario, post-quantum cryptography uses other algorithms to encrypt data, against which quantum computers have no advantage. Four algorithms have been selected by the US National Institute of Standards and Technology (NIST) to become the new global standards for cryptography. Among them is a largely French algorithm, FN-DSA (formerly Falcon), co-developed by Thales with various partners.

The principle of cryptography is to make data incomprehensible by modifying it using mathematical operations. This is called encryption. To perform the reverse operation, you need to know the key, which is presented in the form of a sequence of alphanumeric characters. An attacker can obviously try any key imaginable. But with a conventional computer, it would take several billion years to break an algorithm like RSA 2048, widely used in e-commerce. A quantum computer with a million qubits, on the other hand, could overcome it in a few days, according to an estimate by Google.