１．Introduction

The communication we engage in on the Internet is kept highly secure by utilizing public-key encryption.
Public-key encryption includes RSA encryption (used for data transfer between web browsers and web servers, virtual private networks (VPNs), etc.) and elliptic curve cryptography (used in some cryptocurrencies, key management, and security infrastructure). These encryption methods are commonly used and familiar to us. However, the development of quantum computers worldwide poses a potential risk of decrypting existing public-key encryption.If public-key encryption were to be decrypted by an attacker with access to a quantum computer, they would be able to eavesdrop on protected communications and forge digital IDs.

This forgery could lead to unauthorized access to user accounts and personal information, fraudulent transactions using the user's name or signature, creation of counterfeit signatures, invasion of privacy, and leakage of confidential information.While it is thought that it will take some time before quantum computers become practical, the threat they pose has already begun. There is a risk that highly confidential and long-term valuable data like genomic data could be stolen through attacks called SNDL (Store Now, Decrypt Later) or HNDL (Harvest Now, Decrypt Later), where communications are intercepted before quantum computers are practical and decrypted after they become so. Therefore, new cryptographic techniques are needed to protect the security of communications.

2. What is PQC?

Post Quantum Cryptography (PQC), a type of public key cryptography, represents the next generation of quantum-resistant cryptographic algorithms for encryption and authentication.

PQC is designed based on "mathematical difficult problems'' such as lattice-based cryptography, making it difficult to decrypt even with quantum computers.
It is necessary to transfer the public key cryptography of the existing IT system to PQC to prevent the decoding of encryption by quantum computers.
Because public key cryptography is used for the exchange of encryption keys and authentication (digital signature) to encrypt and decrypt communications, all the systems performing key exchange and authentication are subject to the transition to PQC.

In the United States, which has been quick to address the risk of cryptographic decryption by quantum computers, efforts are underway to introduce PQC.
The National Institute of Standards and Technology (NIST) is evaluating the standardization of cryptographic algorithms to be adopted as PQC and plans to release standardization documents in 2024.

NIST is expediting the final standardization of four PQC algorithms and plans to publish standardization documents by 2024.
The currently standardized algorithms include Crystals-Kyber, Crystals-Dilithium, Falcon, and SPHINCS+, all of which are based on lattice-based cryptography.

Additionally, considerations for adopting PQC are also progressing within the U.S. government.
The CyberSecurity and Infrastructure Security Agency (CISA) , the Department of Homeland Security, has established "the PQC initiative" to promote the transition to PQC.
The PQC Initiative aims to facilitate a timely and organized migration to PQC.
During the transition period, it will encourage cooperation among various government agencies to support the transition to PQC by critical national infrastructures and suppliers.
The PQC Initiative conducts risk assessments and supports resource planning, adoption of new standards, and awareness reform.
It is evident that the U.S. government is taking the threat of quantum computers seriously, and it is necessary for industry players in various countries, not just other governments, to respond without delay.

3. SoftBank's efforts towards practical implementation of PQC

SoftBank has been conducting joint demonstration experiments with Sandbox AQ in the United States, since 2022.
Through this collaboration with Sandbox AQ, which has been at the forefront of early implementation and security evaluations of PQC cryptographic algorithms, SoftBank has initiated activities to introduce new encryption technologies.
In these joint experiments, the aim is to evaluate the performance and processes of implementing PQC for early social implementation of quantum computer-resistant security.

March 2022:SoftBank and Sandbox AQ Collaborate for Early Implementation of Quantum-Resistant Next-Generation Encryption

Concluded a partnership agreement with Sandbox AQ to work towards practical implementation of a VPN using PQC

Furthermore, SoftBank has focused on assessing the impact of PQC implementation on existing communications.
During the verification, a hybrid approach combining classical encryption, which has been traditionally used for key exchange and digital signatures, with PQC was adopted.
This hybrid approach lowers the barriers to adoption as PQC, while it ensures security against quantum computers, may still raise concerns in the market due to the lack of substantial track record of newly adopted encryption methods standardized for PQC. This hybrid approach is expected to be widely adopted in communication protocols such as TLS (Transport Layer Security) in the future.
However, there were concerns that the encryption process would become more complex in the hybrid approach, potentially leading to significant degradation of existing communication performance in terms of increased encryption and decryption time, processing load on devices, and communication overhead.
Therefore, SoftBank conducted evaluations to assess the impact on communication performance by employing hybrid key exchange and digital signatures using classical encryption and PQC for communication between smartphones and servers.
The results confirmed its practicality within an acceptable range.

February 2023:Confirmed the usability of post-quantum cryptographic algorithms.

Recently, from November to January, SoftBank conducted verification of its cryptographic migration solution to discover vulnerabilities in communications, networks, devices, and applications in both Internet-based environments and municipal networks.
During this validation, we monitored the vulnerabilities in communication and certificates used on municipal networks.
As a result, we discovered multiple servers using cryptographic methods that are currently not recommended.
For such servers, it is necessary to support the latest encryption method by updating the application program. In addition, the vulnerability of the certificate that exists on the terminal was also detected.
As a result, we were able to demonstrate the functionality of discovering cryptographic vulnerabilities within networks, terminals, and applications on a unified platform.
Discovering vulnerabilities in the cryptography currently used in operation is a very important item for planning the transition to PQC.
It is mandated in 2022 in the United States for government agencies in the inventory maintenance of systems using cryptography.
For this reason, investigating networks, terminals, and applications and discovering vulnerabilities related to ciphers is the first step in PQC practical use.

Moving forward, we plan to conduct verifications regarding the application of unified policies and the remediation of vulnerabilities, aiming to facilitate rapid transition activities toward PQC.

4. Closing Remarks

At SoftBank, in preparation for the advent of the quantum computing era, we will continue to promote activities, research, and verification towards building more robust and secure information security systems. We will strive daily toward swift migration to PQC.