Post-Quantum Cryptography

Despite large scale quantum computing being several years away from being a practical reality, federal government experts are deservedly concerned about the cybersecurity implications today.

Federal agencies need to start their quantum safe transition strategy now.

This was underscored in May 2022, when the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems (NSM 10) provided requirements and timelines for Quantum-Resistant Cryptography. In particular, the memo notes that “America must start the lengthy process of updating our IT infrastructure today to protect against this quantum computing threat tomorrow.”

The memo continues by underscoring that, “Central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards.”

Today’s non-PQ (post-quantum) encryption absolutely will break (or be broken) in the future, affecting security aspects such as authentication, code-signing, and digital signatures.

The Quantum Challenge: Data’s Necessary Expiration Date

Today’s encrypted data has an expiration date. All data that is encrypted today using classic PKI-based cryptography is quantum vulnerable, with little if any protection against potential vulnerabilities that may become apparent later. Meanwhile, however, all of that data also has a time for which it must remain secure.

The data that we encrypt today is already decaying, because its risk of exposure increases over time. When encrypted data (using current algorithms) is transmitted over the network it becomes vulnerable to interception. Anyone with access to that data through surveillance, eavesdropping, or hacking can harvest the data and store it until such a time that a quantum computer can decrypt it.

Recommended Quantum Safe Transition Strategy

When preparing for a quantum-safe encryption strategy, there are four things to keep in mind:

1. Quantum is coming. National Security Memo 10 emphasized the United States’ commitment to continued technological and scientific leadership in quantum computing. Alongside the potential benefits of quantum computing are the acknowledged risks to the economy and national security since quantum computing will make PKI-based classic cryptography obsolete. NIST has recently concluded a six-year effort and announced its selection of four quantum-safe algorithms designed to resist attacks from future quantum computers.

2. Know your risks. As we’ve already explained, long-term data is at risk to harvesting and early attacks. IT managers and other network professionals must assess their organizations’ use of vulnerable cryptography, the expiration date of their encrypted data, and the crypto-agility maturity of their IT infrastructure.

Several sources are available to understand risks and to plan ahead. NIST offers a publication titled “Getting Ready for Post-Quantum Cryptography” to help monitor standards development, and perform risk assessment of where public-key crypto may be used in the infrastructure. It’s essential to understand whether a network’s equipment is crypto-agile.

The National Cybersecurity Center of Excellence (NCCoE) has recently launched its “Migration to Post Quantum Cryptography” Project. Understanding that replacement of cryptographic algorithms is both technically and logistically challenging, the NCCoE is undertaking a practical demonstration of technology and tools that can provide a head start on executing a migration roadmap in collaboration with a public and private sector community. Thales Trusted Cyber Technologies is among the handful of technology collaborators selected to participate in this project.

Another excellent source of information is the NSA Post-Quantum Cryptography FAQ, which provides an excellent summary on the subject.

3. Focus on crypto-agility. This requires flexible upgradeable technology and a hybrid approach of classic and quantum-resistant crypto solutions.

Remember that crypto-agility is not about quantum; it’s about being able to face the reality that all algorithms fail with time. Many systems today make it difficult to rotate keys, to choose different sizes/parameters, and to change mechanisms or key algorithms. These are all required for protocols to be versioned, negotiated and not to fail when presented with unknown options. They are essential for crypto-agility, and it’s important to work with providers with solutions that embrace those needs.

4. Start today. This cannot be under-stated, which is why National Security Memo 10 made a point of it. Organizations must begin to design a quantum-resistant architecture today to protect against the emerging quantum threat. With IT infrastructure equipment often being deployed for years or decades without hardware replacement, it is important to make sure currently deployed hardware was developed with crypto-agility principles in mind, to receive software or firmware updates once post-quantum crypto algorithms and protocols are standardized. It is also important to check with equipment providers to see what beta or technology preview firmware they have available for testing in non-production systems, that implements pre-standardized quantum-resistant cryptographic algorithms. Testing will help identify performance or interoperability issues early and provide time to address the issues and mitigate the identified risks.