There are two answers. One is to use quantum cryptography, which is, again, provably unconditionally secure but requires infrastructure that may not be available for these applications.
The other is to use different purely classical systems that are currently being developed. Some of them are in fact fully developed but are still under scrutiny to assess their security. There is a very significant effort at NIST in the United States to try to standardize so-called post-quantum cryptography. A large number of proposals were sent to NIST from all around the world, and then there were several rounds where....
It was an open thing. It was totally open to the whole community. People submitted their proposal to NIST. All of these proposals were open. Other people, much of the same people, were taking a shot at other people's proposals, so many of them were shut down. There are still some surviving. NIST is expected at some point to make a recommendation not of one winner, as they did for AES, but in terms of “here are a few that we think look pretty good”. Again, that's knowing that there is absolutely no hope to ever prove security for these purely classical systems.
When NIST makes its recommendation of what to use, then the question becomes whether we just want to follow the recommendation given by a foreign government, even though friendly, or whether we want to have, as I think we should, more Canadian expertise. We should not take NIST's recommendation at face value and use that immediately. It would also be assessed at a Canadian scale.
But if it's urgent, I mean, still, it's not because NIST has not yet given its recommendations that security is not needed today. I guess the best thing to do is what Professor Simmons said, which is to use several of them. We don't know which ones are secure. Maybe none of them are secure. But if you use many of them for really high-security applications and use many of them to establish secret keys, and then you combine these keys in a secure way, which we know how to do, then the resulting key will be as secure as the strongest of these systems. Here's an unusual case where the security of the whole is as secure as the strongest, not the weakest, link, which is very comforting.
Now, you cannot do that on the Internet for the average person. It would take way too much time for a normal transaction. But for a national security application, that might be the way to go at the moment, until we have a better idea about which of these are more secure, really, and should be used.
At the moment, that's the best we can do—combined with quantum cryptography, if you can afford it, and if you have the infrastructure to do that.