Axel Posschmann presented at the recent CARDIS 2023 conference a highly interesting view on the development of crypto in context of geo-politics. He starts by sketching the demise of globalization, leading to economic decoupling.
Many countries now realize that globalization can create a dependency on rivals, which can become a threat to the availability of critical resources. There is even a security risk when deterrence is undermined by a one-sided dependency on resource delivery.
This realization accelerates the forming of BLOCs: “a group of countries or political parties with common interests who have formed an alliance.”. These blocs then start making sure they keep unrestricted access to critical resources by ‘friendshoring’.
Nowadays, critical resources go beyond raw materials, they also include high end capabilities, such as chip manufacturing, but even cryptography. Everywhere in the world, governments are creating hurdles for the distribution of cryptographic products. This strengthens the desire and need for different cryptographic solutions, which Axel calls the BLOC cipher.
Independently, and in parallel, a complete overhaul of cryptography has started with the advent of Quantum Computers. These machines are expected to develop in strength and get the capability to break contemporary cryptographic protections. The search for improved algorithms is in full swing, and new proposals are slow to gain trust. With the large number of proposed algorithms, the world’s tech capabilities are spread thin in reviewing, implementing, and testing them. Unfortunately, this problem is only enlarged by the deglobalization where each BLOC favors their own approach.
Is this a problem? Well, first it is worth to note that economic decoupling is not new. This happened in the cold war. Before the AES algorithm became globally popular many years ago, the dominant symmetric key encryption was the DES, which was never fully trusted. As the DES had been developed in the US, and its design considerations were never published, many people feared the presence of backdoors. Therefore, many countries (and organizations!) developed their own alternatives. It is only since the past three decades that cryptographic innovation has been dominated by independent and international academic research.
On the other hand, although we survived the cold war, we live in a different world now, with different needs. Global commerce and trade require secure communication. International payments became fully digital, privacy and confidentially is a must for both civilian and business communication, and contracts need integrity protection to be trusted. Virtually all internet communication uses encryption, and we would no longer be able to do without. If the world cannot agree on new global PQC standards, then our digital communication will no longer cross the BLOC borders, and we will truly return to the cold war practice of decoupled economies. We have a shared responsibility to continue working on mutually accepted standards, and keep the world connected.
At Riscure we have been building PQC knowledge across multiple technologies and are working to deliver the first dedicated security testing solution in our Inspector product. We are committed to extending our PQC offer, until all relevant algorithms and methods are available to our customers.