Ayesa is set to develop advanced cryptography resistant to quantum cyberattacks

The project, funded by the Spanish National Cybersecurity Institute (INCIBE) through Next Generation EU funds, aims to create solutions able to withstand the attacks quantum computers will be able to launch within the next five years.

The increasing use of quantum computing is giving us new ways of encrypting information, but also poses a threat if used against traditional cryptosystems.

To prevent this, Ayesa is working on an an advanced cryptography platform able to withstand these kinds of cyberattacks, which may be a reality within the next five years. The project, part of the Strategic Public Innovation Procurement Strategy and funded by the Spanish National Cybersecurity Institute (INCIBE), is being carried out by a joint venture created by Ibermática and ITS, subsidiaries of Ayesa.

The platform will be made up of a software suite and services that will allow the agile migration of current pre-quantum security systems to realistic post-quantum ones in the industrial sector to be managed, evaluated, planned, deployed and validated.

As such, the main functional purpose of the project is to develop, integrate and deploy a range of quantum-resistant key management tools and algorithms in order to allow for migration to an environment able to withstand quantum attacks.

Dr Aitor Moreno, head of the Quantum Computing Department at Ayesa, explains: ‘Although we don’t believe that there will be quantum computers with enough power to pose a threat to current cryptosystems in less than five years, there is the risk of adversaries harvesting encrypted information now and decrypting it when quantum technology allows for this’.

Faced with this very real threat, Ayesa is working on developing new robust methods of cryptography, such as post-quantum cryptography (PQC), in addition to key exchange methods based on quantum properties (QKD).

Dr Moreno goes on to note: ‘These technologies will form the foundation of the quantum-safe internet. As such, what is needed is a gradual migration to a new quantum-safe environment. However, the context in which this will be carried out is extremely complex and involves various stakeholders (companies and individuals), devices (computers and even IoT equipment with less features) and technologies (signatures, encryption, communications, DLT/blockchain, etc.). This will take a considerable amount of time and be extremely costly. Solutions are thus needed that will facilitate this migration, minimising risk and maximising its benefits for all involved’.

As part of the project, Ayesa will begin by undertaking an analysis of the vulnerabilities, adaptation and framework of available PQC/QKD systems as well as aspects relating to updates and their key management systems. The company will also undertake research into PQC and QKD, as well as develop a hybrid model for QKD, VQKD and classic post-quantum encryption systems.

Lastly, it will carry out an analysis and evaluation of the integration of QKD/PQC algorithms on a demo platform and deploy it on a real QKD/VQKD configuration in a real industrial setting, in addition to upscaling the solution developed.

This will allow anomalies and quantum denial-of-service attacks to be identified prior to the demo platform going live. The aim is to offer the highest level of protection based on cryptographic key encryption available, providing companies and stakeholders with an environment that enables them to create, deploy and keep control over their data.

Dr Moreno concludes: ‘In the next two years we’re going to see a new ‘year 2000 problem’ as practically all IT and OT encryption systems are going to have to be migrated before deadlines set by governments around the world. This remains an extremely complex issue, but it is our responsibility to be ready for it’.

^{The services and work described in this press release have been co-financed by the Spanish National Cybersecurity Institute (INCIBE). The contract has been funded by the Recovery, Transformation and Resilience Plan, made possible by the EU Recovery and Resilience Facility. The opinions expressed herein belong to the authors and do not necessarily reflect those of the co-financing entity.}