Quantum computing, the QUBIP project between sovereign digital identity and post-quantum cryptography
In Turin, the LINKS Foundation is coordinating the European initiative to develop use cases for secure surfing and secure telecommunications, in open source. An open lab for the future quantum internet has just been presented in Naples.
Quantum computing systems have not yet entered everyday life, but they have already begun to have concrete effects on one of the most delicate layers of the global digital infrastructure: cybersecurity. Asymmetric cryptography, which today protects communications, digital identities, financial transactions and online services, relies on encrypted systems that a sufficiently powerful quantum computer could solve in times compatible with those of a cyber attack. Therefore, the scientific community is working on new cryptographic standards designed to withstand even this scenario. These cryptographic algorithms, known as post-quantum, are now a reality. After an international competition that lasted several years, the NIST (National Institute of Standards and Technology) in the United States selected and standardised a number of schemes, with different levels of security and computational cost.
The turning point today is no longer about the mathematical robustness of these solutions, but how they can be integrated into digital systems that have been running for decades and can neither be broken nor rewritten from scratch. "For a long time, the challenge has been purely mathematical, i.e. defining problems that are resistant to quantum attacks," explains Andrea Vesco, Head of Cybersecurity Research at Fondazione LINKS, a non-profit research centre located on the Engineering Campus of the Politecnico di Torino. "The problem is an engineering one: we need to understand how to migrate operational infrastructures, which deliver critical services, to new cryptographic mechanisms without compromising reliability, performance and compatibility. The Internet is not a system that can be 'stopped' to make an upgrade'.
It is in this line of action that QUBIP - Transition to Post-Quantum Cryptography, a European project coordinated by Italy that aims to develop real-life use cases, fits in. The approach is not to propose new theoretical protocols, but to take systems already in operation and accompany them, component by component, towards a new security architecture. The chosen contexts are those in which cryptography is a structural requirement: secure web browsing, digital manufacturing environments and software platforms used by telecommunications operators. QUBIP brings together many experiences and intelligences: in addition to LINKS and PoliTo, the Spanish National Research Council, the Polytechnic University of Madrid and the University of Tampere in Finland, Red Hat for open source software, Fundación Cibervoluntarios and realities such as Telsy, Security Pattern, Telefónica and Smart Factory.
Browsing and digital identity in the post-quantum era
The most advanced test bed concerns so-called quantum secure internet browsing, i.e. the entire chain connecting the user to a remote server. Digital certificates, signatures, encrypted channels, server infrastructure and basic software are rethought to work with post-quantum algorithms and, in many cases, with hybrid solutions combining classical and quantum cryptography. "We have broken down the system into functional blocks and migrated them one at a time," says Vesco. "From the end user's point of view, the experience remains the same, because the transition is transparent. Behind the scenes, however, each choice has an impact on response time, computational load and scalability, aspects that become crucial when we are talking about millions of simultaneous connections."

