This document discusses quantum computing and post-quantum cryptography. It states that a quantum computer with 20 million qubits could break 2048-bit RSA encryption in 8 hours, while 10 million qubits could break some elliptic curve cryptography instances in one day. It also discusses uses of post-quantum cryptography, such as for secure communications, VPNs, and future 6G networks. Implementation challenges include lack of cryptographic agility and backwards compatibility requirements. A proposed framework aims to improve cryptographic agility through logical component separation. The document also discusses machine learning and side-channel attacks on cryptographic implementations.

1. How large should a Quantum Computer be to
break Cryptography?
• Current quantum computers, which would eventually be able to break public key cryptography, are made up of less than 75
qubits. However, due to the relative error per gate and current coherence times, those computers operate at a lower number
than physical qubits.
• There is a consensus that breaking 2048-bit RSA, would take a large-scale quantum computer with 20 million qubits 8
hours, while 10 million qubits are needed in order to break practical instances of ECC in one day [2] *

2. What is post quantum cryptography?
• Quantum computers do not solve all hard problems.
• PQC consist of classical algorithms that:
• Run efficiently on classical computers in terms of time, memory, and communication
• Are hard to break both by classical and quantum computers
• Rely on different mathematical problems that integer factorization or discrete logarithms

3. Use Cases for Post Quantum Cryptography
Short-TermApplicability
1. PQC for Hybrid protocol
2.PQC for end-to-end protocols: End-to-end messaging solutions, secure email applications, and other secure
communications solutions post quantum capable handshake and ratcheting
3.PQC for secure VPN products: This includes implementation of post quantum variant of the handshake (using Kyber
KEM) in with the wire guard VPN protocol
4. PQC for passwordless authentication: Inclusion of newer PQC algorithms into hardware devices or TPMs to aid with the
FID02 initiative for client authentication without username and password.
Medium Applicability:
5.PQC for Transport Layer Security for IoT and CPS: TLS is the single most important cryptographic protocol which will be
broken by quantum computers, and so this is of particular concern given its growing significance for IoT. TII are writing a
clean-room IoT friendly implantation of TLS 1.3 C++ and Rust, particularly adapted to seamless switch from existing
cryptographic primitives to PQ alternatives.
6. PQC for Quantum Key Distribution (QKD) Systems Usage of PQC KEM to authenticate the classical channel in QKD
systems, which uses two communication channels, a classical channel, and a quantum informationally secure
channel. KEM could also be used in tandem with QKD to efficiently generate symmetric session keys
Long-Term Applicability:
7.PQC for 6G and beyond: 6G networks will rely on heterogenous cloud infrastructure to achieve optimal network function
execution, while also focusing on edge computing. Hence 6G core network (6GC) will have an increased reliance on
Transport Layer Security and PKI, which necessitates the inclusion of post quantum cryptography in 6GC
network architecture

4. Implementation Risks Challenges
Lack of information governance framework in most organisations:
• While many cryptographic systems depend on PKI, most organisations fail to develop an information governance framework that is well
documented information assets inventory, in particular cryptographic assets inventory. Developing such tools to maintain such inventories
within the context of a well-defined information governance framework is key.
Lack of Cryptographic Agility:
• Unlike other software cryptographic components and the standards around them lack agility meaning that newer primitives, adaptions, and
structural changes cannot be done without significant impact to the systems infrastructure
• Deployed systems that rely on cryptographic primitives are less malleable and cannot be updated due to the distributed nature and protocol
implications.
• Protocols are often defined and tied closely with to the primitives at the time of design, and protocol updates cannot be done with backwards
compatibility due to the disruptive nature of changes.
• Cryptographic libraries and all dependant implementation traits such as validation tools, hardware support, or hardware accelerator
units, often tie the integrating systems to the cryptographic library, meaning updates to it can only come from the same vendor or open-
source group, in the absence of a unifiedAPI that would make swapping cryptographic libraries as easy as swapping software
components. Each cryptographic library has traits that make it unique and almost impossible to change to replace or change without major
refactoring the entire code base that makes use of internal primitives.
Backwards compatibility and interoperability requirements:
• A main characteristic of a cryptographic components is the need for long term support in many cases PKI root CA’s, archiving or even past
communications done with outdated primitives. Systems such as these require backwards compatibility making it more difficult to phase out
outdated algorithms.
• Having these algorithms present in libraries is a security risk if those algorithms for any newer system or protocol. Aclear algorithm Lifecyle
management and guidelines could prevent this to happen.

5. Cryptographic Agility Unified Framework
A cryptographic component classification scheme enabling logical separation and component reuse.
Facilitates the creation of both agile cryptographic libraries and the underlining components due to the component isolation principles.
Separation of concerns between cryptographic primitives and their higher constructs
Introduces a security abstraction layer of (SA)L as a mean of both creating pluggable cryptographic libraries
Introduces algorithms lifecycle management for legacy, standard and newer cryptographic algorithms
Layered approach ensures logical separation of the API interface higher order constructs and the underling cryptographic primitives
Eliminates direct protocol dependency decoupling the actual cryptographic components and serialization standards
Address both traditional cryptographers as well as modern software engineering principles
Enables collaborative work of cryptographers alongside specialized engineers each with its well delimited role.

6. Machine Learning & Side Channel Attacks
In typical situations:
• Such implementation attack aims at the implementation of algorithms, rather than inherent weakness.
• An implementation cryptanalyst tries to identify the function/ key from time and energy traces collected from a cryptographicsystem
Side Channel Attacks Consist of:
• Computational Timing
• Power Consumption
• EM radiation
• Temperature Variations
Machine learning and side channel attacks
• Investigated machine learning for side channel analysis
• Multiple types of side channel attacks exist include SPA, DPA, profiling attacks, stochastic, attacks, template attacks etc.
• How machine learning recognizes features in leakage signals. How efficient can this be:
• Which type of models, would be most efficient: MLP Multiple layer perceptron or a CNN which is good at learning abstract
representations with higher level signals, data and perform well when it comes to signal analysis when a cipher is known even when
working with
1.Do we need deep learning to extract keys from trace?
2. What accuracy should we target to recover the keys?