Villanova Professor at the Forefront of Work to Tackle Quantum Threats
Jiafeng Xie, PhD, associate professor of Electrical and Computer Engineering, is working to strengthen security against threats posed by quantum computers.
Securing Our Future Against Quantum Threats
Security and privacy are values that everyone cherishes. No tech user wants their personal information getting into the wrong hands, which is why we have security measures in place to protect our private data: face ID to unlock our phones, two-factor authentication to log into banking apps and fingerprint technology to securely enter any system—from a computer to your front door. Encryption codes are used on each of these platforms to encode private data and allow only authorized users to access it. These measures are put in place to protect us, but new advancements in technology could soon challenge these secure systems that we have come to know and trust.
Quantum computers are extraordinary machines capable of solving problems far beyond the scope of today’s standard computers. Although these computers are not commercially available, scientists harness their power for experimentation and data storage. Quantum computers excel in scientific development, but they may also prove to be a threat to existing technology that we use in our daily lives. Experts predict that by 2035, quantum computers could crack the very encryption codes that secure everyday transactions and data.
Jiafeng Xie, PhD, associate professor of Electrical and Computer Engineering at Villanova University, is at the forefront of this battle, using his Security and Cryptography Lab to strengthen security measures against the threat of quantum computers.
The Rise of Post-Quantum Cryptography
Since quantum computer advancements are accelerating at an unprecedented pace, post-quantum cryptography (PQC) has emerged as a critical area of research and development. Scientists who study PQC are working to come up with new algorithms to encode our sensitive data, with a goal of being installed after quantum computers crack our current encryption systems. Without these new algorithms, once quantum computers break our current codes, sensitive data—whether personal, corporate or governmental—could be left vulnerable to malicious actors.
The core problem of our current encryption system lies in the foundation of public-key cryptosystems. Public-key cryptography is a method of encryption where the user logs into a system using their own private “key”, and the back end of the system has a “key” as well. A “key” is a large numerical value that scrambles data so that it appears random. When a user logs in, their “key” can decrypt private information held by the public “key” in the system to ensure a secure login.
This security method is safe right now, but these systems rely on mathematical principles that, while secure against classical computing attacks, are vulnerable to the immense processing power of quantum computers.
At the heart of the vulnerability is Shor's algorithm, developed by MIT computer scientist Peter Shor in 1994. As Dr. Xie explained, “Shor invented an algorithm to solve prime factors of an integer that can supposedly run on a quantum computer. This algorithm, if run on a large-scale mature quantum computer, can easily solve all these existing cryptosystems' mathematical formulation, which is a problem."
The realization of this potential threat has spurred an increased focus on the development of post-quantum cryptography over the past decade. The goal is clear: "We want to have some sort of cryptosystem that is resistant to quantum computer attacks," says Dr. Xie.
In 2016, the National Institute of Standards and Technology (NIST) began the process of standardizing post-quantum cryptography. In July 2022, NIST selected four algorithms to continue on to the standardization process, where they are currently being tested for safety and security against quantum computers. The standardization process for these new algorithms is intensive, and two of the candidates that were announced for testing have already been broken during the process. Scientists are in a race against time to increase the diversity of their algorithms and come up with alternate options for standardization.
The urgency of this shift to post-quantum cryptography is underscored by recent government action. The White House released a national security memo in 2022 stating that the U.S. government must transition to quantum-resistant algorithms by 2035. This directive emphasizes the critical nature of post-quantum cryptography in maintaining not just personal but national security.
Villanova’s Security and Cryptography Lab
Once a new algorithm is selected by NIST, it will need to be embedded into various platforms that need to be secured—this is where Dr. Xie’s Security and Cryptography Lab comes in. This lab is actively conducting research into how the newly selected algorithm can be implemented in the most effective and resourceful way. The lab team is working on developing techniques for this new algorithm so that it can be embedded into many different types of platforms, including credit cards and fingerprint technology.
However, there are significant challenges in this process. As Dr. Xie explains, "Different platforms have different constraints. A chip-based credit card, for example, has limited space for embedding new encryption systems. If the implementation technique is too large, it simply won’t work.”
Another arising issue from this research is security. During the application of this new algorithm, there's a risk of information or security leakage, so Dr. Xie is always on the lookout for developing security issues that could cause problems down the road.
The Future of Post-Quantum Cryptography
The implications of PQC are widespread and extend far beyond academic research. As Dr. Xie points out, "All existing cryptosystems, as long as they have some sort of function—for example, signing in or entering a password for login—all of these systems are vulnerable to quantum attacks."
This vulnerability affects everything from banking systems to small-scale security measures like fingerprint door locks.
The scope of this transition is massive, requiring updates to encrypted systems across all sectors of technology. His goal is to ensure that these new cryptographic systems are flexible enough to be applied to everything from small devices like credit cards and drones to large-scale infrastructure like data centers and military equipment.
Although researchers are hard at work now, the future of post-quantum cryptography is not without uncertainties. Dr. Xie raises an important question: "When quantum computers become available, will the algorithms we develop today be broken?"
While the newly developed algorithms will theoretically be secure, vulnerabilities can emerge when implementing any kind of new security system. These potential vulnerabilities highlight the importance of conducting this research now so that the new algorithms can go through intensive testing prior to being implemented.
Despite these challenges, Dr. Xie emphasizes the importance of being prepared for this new reality. "Society as a whole needs to be prepared with this kind of knowledge,” he says. “A new era is coming. With our current security systems, we need to have revolutionized change. On the other hand, we should not be panicked. We just need continued support to do more related research in this field.”
More extensive research is required to ensure that our privacy is protected as we enter a new era of quantum computing, but labs like the Security and Cryptography Lab at Villanova are a step in the right direction. Although the “years to quantum” clock is ticking down, researchers like Dr. Xie are well on their way to ensuring that our digital infrastructure remains secure in the face of evolving technological threats.