Quantum Attacks
Classical cryptography generally uses computationally difficult problems, such as large number factorization; discrete logarithms; or large search spaces, to maintain security. Even the best classical computer systems would take enough time to solve a well-chosen problem that the attack becomes impractical. As an example, a brute force key search attack, which tries to guess the key for an AES cipher by trying values sequentially, would need to try 2256 different values in the worst case to break a 256-bit AES key. This would take about 1.16*1068 seconds or 3.67*1060 years to break even at a guess rate of one per nanosecond. RSA and other asymmetric algorithms offer similar guarantees.
Quantum Computers are able to use strings of Quantum Bits (Qubits) to effectively represent a superposition of many possible values at once, though only one result can be measured. This theoretically allows many possible strings to be evaluated at once if a mechanism for measuring the correct value can be found. This sort of quantum parallelism allows the computational limits of some previously impossible problems to be bypassed. Shor’s algorithm, for instance, allows a sufficiently powerful quantum computer system to factor very large numbers; such a device is referred to as a Cryptographically Relevant Quantum Computer, or CRQC. [2] This would effectively solve RSA, the most common public key encryption algorithm. Many common asymmetric systems are vulnerable to the same or similar techniques. While the technology for a CRQC is not currently available, it is likely to be in the near future.
AES
Secure SIP is protected using TLS, most often with AES symmetric encryption. SRTP is also most often protected using AES. AES, or Advanced Encryption Standard, is a common and effective cryptography tool used to encrypt data. It is a lightweight algorithm in terms of complexity and computation requirements, and so it is often used in embedded applications. Given that it is a symmetric algorithm, AES is already robust against most quantum attacks. The best quantum-based attack against AES, in fact, is speeding up a brute force key search attack with Grover’s Algorithm, which provides a speedup to unordered search tasks, cutting the time required to find the correct key. Grover’s algorithm has been shown to be optimal for such tasks [1]. This can, however, be mitigated with longer key values.
Though AES itself is resistant to quantum attacks, it is vulnerable to key extraction. AES is a symmetric algorithm, meaning that encryption and decryption are both performed with the same key. This means that an encrypted communication channel must have a copy of the key at both ends to be able to send coherent data.
If two agents are communicating for the first time, they will then need to decide a shared key. If this is done in an open channel, it is possible for a listener or unrelated party to extract the key from the network traffic, allowing them to read the encrypted messages. To prevent this, keys are usually determined with a Key Encapsulation Mechanism (KEM). Often, this is performed with an asymmetric encryption algorithm such as RSA. This type of algorithm, however, is much more vulnerable to quantum attacks than AES.
Post-Quantum Algorithms
Fortunately, there are already standards in place for some post-quantum encryption. The NIST released a set of three standards for quantum-safe cryptography in 2024. These standards focus on KEM and digital signature implementations [3]. While the digital signature standards are useful for authentication and data integrity purposes, FIPS-203 ML-KEM is the most relevant to AES implementations.
ML-KEM, or Module-Lattice-Based Key-Encapsulation Mechanism, is a quantum safe KEM that can be used to synchronize key values securely across an untrusted channel. The security guarantee for this algorithm comes from the difficulty of a class of problem called Module Learning with Errors (MLWE). This involves preserving the secret key as a solution to a set of linear equations with random errors included. These errors make it difficult to extract the solutions, but relatively simple to check a given solution. This class of problem is not made significantly easier through any current quantum algorithm. Given the safety to both types of systems, ML-KEM can be used to generate and share AES or other symmetric encryption keys in place of existing KEM systems to provide quantum safety to existing cryptography solutions.
How does Post-Quantum Cryptography apply to VoIP, SIP and SRTP?
Using post-quantum algorithms can protect key exchange for Secure SIP, thus creating a secure channel to be used to exchange symmetric keys for protecting both SIP And SRTP. AES is considered PQ safe, and since TLS and SRTP are generally used with AES as the encryption algorithm, it is the key exchange that really needs to change. TLS using ML-KEM FIPS-203 is the currently recommended method. There are other thoughts in the industry regarding the use of Quantum Safe algorithms alongside classical algorithms – to protect against future quantum computers, but also the possibility that the current PQ algorithms might be found to have a weakness. VOCAL follows closely standardization and recommendations related to VoIP, PQA, and related technologies and can offer the latest Post-Quantum algorithms for SIP and SRTP. We also implement custom solutions that match our customers specific needs. Please contact us and let us show how we can help with your project.
References
[1] https://arxiv.org/abs/quant-ph/9711070
[2] https://arxiv.org/abs/quant-ph/9508027
[3] https://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved