Understanding the Quantum Threat: Chapter 2
In the previous blog post, we discussed why cryptographically relevant quantum computers will likely soon exist. This might suggest a wait-and-see approach, but in actuality, most organizations should have already begun preparing for the quantum threat. To understand the urgency, it is important to recognize the scope of the problem, its direct threat to confidential information, and its implications for hardware-accelerated cryptography.
Quantum Computing Threatens the Entire Communication Infrastructures
It is difficult to underestimate the extent of this problem. Unlike previous cryptography vulnerabilities, the quantum threat does not simply affect one cryptographic implementation, specific parameters of an algorithm, or even a particular algorithm. There is no simple patch that will eliminate the risk. It is all-encompassing and fundamentally threatens the cryptography underlying the entire secure communications infrastructure. Quantum computing will result in the demise of all currently standardized algorithms in one of the two largest branches of cryptography, namely, public-key cryptography. The quantum threat also degrades the security of all the algorithms in the other major branch of cryptography, symmetric-key cryptography.
To overcome the quantum threat, the National Institute of Standards and Technology (NIST) is nearing the end of a process to standardize new public-key algorithms that will not be vulnerable to quantum attacks. These new algorithms are called Post Quantum Cryptographic (PQC) algorithms, because they will remain secure after the existence of a large-scale quantum computer.
Most importantly, it is not as simple as half of our applications can be easily made safe against the quantum threat by increasing the symmetric-key parameters because most communication infrastructures require both types of cryptography. Symmetric algorithms are not generally used to establish a connection, because they rely upon both parties having a shared secret. For example, to browse a website, you usually use public-key cryptography to establish a trust-worthy connection and share a secret key first, and then use highly efficient symmetric-key encryption to download large amounts of information quickly. In other words, to have an entire quantum-safe communications infrastructure, it is necessary to replace all public-key algorithms with new PQC algorithms and increase the parameters of symmetric algorithms.
Full Cryptographic Migrations are Complex
This is not the first large-scale migration. The migration to elliptic curve cryptography – also a migration of public-key cryptography – lasted about a decade. The migration to quantum-safe public-key cryptography will be even more complicated than the migration to elliptic curve cryptography. Unlike elliptic curve cryptography standards, which were released in a single batch, the PQC standards will continue to trickle out over the next several years.
To compound the problem, most systems have been designed assuming that cryptography is static and will not need to be upgraded. A modern approach is to design a crypto-agile system – where the ability to easily and seamlessly update cryptography is built at the application level.
The ubiquity of public-key cryptography and the lack of crypto-agility means the PQC migration will take most large organizations years to address. When completing your migration to PQC, we also recommend updating your systems to be crypto-agile to address future concerns simultaneously.
Current Threat to Long-term Confidentiality
Although quantum computers still need to be more powerful to break cryptographic algorithms, it would be misguided to consider this a future problem. For any organization with information requiring long-term confidentiality, this quantum threat is a major concern today. Malicious actors are already harvesting confidential information that is openly transmitted (using current encryption protocols), intending to decrypt this data once large-scale quantum computers become available. This type of attack is often called a harvest and decrypt attack and follows the "hack now, decrypt later," "steal now, decrypt later," or "store now, decrypt later" strategy.
This long-term information that an adversary may be interested in can include trade secrets, client information, financial records, etc. While it is too late for data that has already been stolen, further leaks are avoidable by updating the transmission of sensitive material to utilize quantum-safe algorithms as quickly as possible.
Quantum-Safe Hardware-accelerated Cryptography
We generally think of codes and other algorithms when we think of cryptography. However, in today's world, much of the cryptography utilizes hardware acceleration. This is particularly true on constrained devices. With the boom of IoT, hardware-accelerated cryptography has become commonplace. While PQC can run on classical computers, the only way to achieve the hardware speed-ups we have seen with other cryptographic algorithms is to design specialized PQC hardware. For this reason, hardware migrations to PQC have tighter timelines due to their lengthy design time. This is doubly true for long-lived applications in hard-to-reach locations.
Post-Quantum Cryptography
It is reasonable to wait for NIST to finish publishing standards for PQC before replacing the public-key algorithms. However, organizations should start preparations now. We recommend organizations complete the following steps:
- Categorize Your Cryptography: Even a medium-sized organization utilizes a variety of cryptographic algorithms. Identifying and categorizing all these algorithms is an extensive task and is best done with a dedicated scanner such as InfoSec Global’s AgileSec™ Analytics.
- Implement Crypto-agility: In the past, developers assumed that classical cryptography would be secure for the foreseeable future, and the algorithms were normally hard-coded in a way that made them difficult to replace. The modern idea is to use an agile implementation, where the specific algorithm can be replaced easily. It can be done using InfoSec Global’s Cryptographic Agility Management Platform. The beauty of this is that upgrading to a crypto-agile solution can be done now, even though NIST has not yet standardized the replacement PQC algorithms.
- Upgrade Parameters: As mentioned earlier symmetric-key cryptography can be made secure against quantum computers by upgrading to larger parameters. As a temporary measure, public-key cryptography can be made more resistant to quantum attacks by upgrading to larger parameters. Once the cryptographic algorithms have been categorized and a crypto-agile solution has been implemented, this step should be easily achieved.
- Identify Vulnerabilities: It is important to make a plan that prioritizes applications according to their risk level. For example, applications that deploy long-lived hardware in hard-to-reach locations are most at risk. Information with long-lived confidentiality requirements should be protected as soon as possible. InfoSec Global would be happy to help your organization with this step.
- Experiment: In August 2023, NIST released draft standards of three PQC algorithms. There may be small changes to these algorithms before NIST’s final publication of the standards, however, this is a good time to run contained experiments with the new algorithms to ensure your migration will run smoothly.
- Start Migration: Assuming your organization has implemented a crypto agile solution, it should be simple to upgrade the public-key cryptography once NIST has completed its standardization process of quantum-safe algorithms, starting with your most vulnerable systems.
To plan your cryptographic migration, contact us at info@infosecglobal.com. To learn more about these new quantum-safe algorithms, read next week’s blog, "What is This New Quantum-safe Cryptography and Why Should We Trust It?".