Ericsson: Quantum technology and its impact on security in mobile networks
(Ericsson) Ericsson has published a comprehensive review of quantum technology and its impact on security in mobile networks. While today’s systems will remain secure against crypto-breaking quantum computers for many years to come, they do present a serious potential risk further into the future. To address this risk, new post-quantum algorithms that can easily be added to existing equipment and protocols are already in the final stages of standardization.
Ericsson CTO Erik Ekudden’s view on quantum technology: The quantum technology of the future may have the potential to break some of the cryptography that provides security in today’s mobile networks. While the risk is only theoretical at present and there is no way of knowing for certain if crypto-breaking quantum computers will ever actually exist, I encourage all communication service providers to prepare for that possibility. With the ability to decrypt communication, forge certificates and install fraudulent firmware updates, a quantum attacker could do enormous damage.
The article begins with a concise overview of the risks posed by quantum technology and goes on to explore the post-quantum cryptography solutions currently being standardized by organizations such as the US National Institute of Standards and Technology and the Internet Engineering Task Force. The article is available for download in PDF here.
Topics in the Ericsson document:
Terms and abbreviations
Timeline for public-key cryptography and quantum computers
Risks presented by quantum technology
Migration toward post-quantum cryptography
Potential key encapsulation mechanism and digital signature candidates
Post-quantum cryptography algorithm deployment
Quantum impact on symmetric cryptography
Quantum key distribution
Quantum random number generator
While we do not expect quantum computers with the ability to attack current cryptography to emerge for many years to come, we strongly encourage communication service providers to start planning the process of migrating to post-quantum cryptography. With the support of vendors including Ericsson, standards-developing organizations such as the US National Institute of Standards and Technology, the Internet Engineering Task Force and the 3GPP are working on new, post-quantum algorithms and updated protocols that can easily be added to existing equipment and interfaces. Currently in the final stages of standardization, these algorithms will be available in the next couple of years to help our industry mitigate potential future threats against mobile infrastructure and services.