The NATO Cyber Security Centre (NCSC) has completed its test run of secure communication flows that could withstand attackers using quantum computing.

Konrad Wrona, principal scientist at the NCSC, told ZDNet that it is becoming increasingly important to create protection schemes against current and future threats.  

“Securing NATO’s communications for the quantum era is paramount to our ability to operate effectively without fear of interception,” Wrona said. 

“The trial started in March 2021. The trial was completed in early 2022. Quantum computing is becoming more and more affordable, scalable and practical. The threat of ‘harvest now, decrypt later’ is one all organizations, including NATO, are preparing to respond to.”

The NCSC, which is run by the NATO Communications and Information Agency (NCI Agency), protects NATO networks around the clock and works with UK company Post-Quantum to conduct the test. Allied Command Transformation’s VISTA framework financed the project.

Post-Quantum provides organizations with different algorithms to ensure security even if attackers are using quantum computing. A VPN can use algorithms to secure communications, ensuring that only the correct recipient can read the data, the company claimed. 

Wrona said the NCSC does not have a follow-on contract with Post-Quantum but sees the potential of technologies like what Post-Quantum offers and will continue to look into the technology. 

Andersen Cheng, CEO of Post-Quantum, called Post-Quantum a ‘Hybrid Post-Quantum VPN’ because it combines both new post-quantum and traditional encryption algorithms. Cheng said that because it will take many years for the world to completely migrate to a “quantum-safe” future, it is more realistic to combine these new algorithms with better understood traditional encryption in order to ensure interoperability. 

They noted that this kind of software is increasingly relied upon to protect remote connections when working from outside of traditional office environments and can be used to ensure secure communications between organizations in an operational environment.  

Cheng founded Post-Quantum 12 years ago and said his team had spent a decade developing encryption capable of withstanding a quantum attack.

His team has focused on building useable commercial grade ‘quantum-safe’ products like the Hybrid VPN system NATO tested. 

“Our encryption algorithm NTS-KEM (now known as Classic McEliece, after merging with the submission from renowned cryptographer Professor Daniel Bernstein and his team), is now the only ‘code-based’ finalist in the National Institute of Standards and Technology (NIST) process to identify a cryptographic standard to replace RSA and Elliptic Curve, for public-key cryptography (PKC). We’ve also designed a new specification for a quantum-safe VPN as part of the Internet Engineering Taskforce (IETF),” Cheng said. 

“We have undertaken work for a number of high-security stakeholders, such as NATO, but the challenges posed by quantum computers are universal. Everything that we do over the internet today — from buying things online to online banking to nation-state communications — is encrypted. Once a functioning quantum computer arrives, that encryption can be broken. This means that, almost instantly, bank accounts will be emptied, Bitcoin wallets will be drained, and entire power grids will be shut off.”