Download eBook - Post quantum computing and crypto agility

INTRODUCTION

Quantum computing is appearing in the news with increasing frequency, but the concept behind the headlines is not new. Working off theories of quantum mechanics proposed in the early decades of the 20 century, physicist Richard Feynman first introduced the possibility of quantum computers to model physical principles as early as 1981.

Today, more than 40 years later, the commercial availability of quantum computing is becoming a reality, as tech companies continue to announce successive steps toward live deployments. These advances are triggering a paradigm shift, giving scientists tremendous power and new tools to solve complex problems in healthcare, financial services, automotive, manufacturing and nearly every other sector. At the same time, these advances in quantum computing are also set to undermine the cryptographic algorithms that provide the backbone to many of today’s cybersecurity standards.

PQC 1 PIC

While experts used to consider that quantum computers may crack current encryption methods as soon as 2030¹, the current trend seems to provide a bit more leeway. In any case, most of the industry leaders align on the fact that cybersecurity as we currently know it will not resist later than 2040, putting digital societies and economies at significant risk.

As corporations and nation states spend millions of dollars on the development of quantum computing technology, governments and supranational organizations have begun sounding the alarm and readying themselves for a new era of cyber threats.

In November of 2024, the National Institute of Standards and Technology (NIST) released a report showcasing the selected PQC resilient algorithms and their associated transition timelines²...

Yes, these security implications are cause for concern. But they are not cause for fear or, worse, paralysis. As with all disruptive technologies, preparation is the best defense. All organizations, particularly those with a heavy reliance on trusted transactions or transactions involving sensitive data, should note that quantum computing is coming and begin the process to achieve post-quantum readiness.

The following diagram from McKinsey & Company illustrates which industries are at immediate risk of a quantum-powered attack and within the next 5 years.

In the following pages, we explore why adopting a strategy for cryptographic agility today can help your organization strengthen security now while preparing for the rise of quantum computing and the new era of Post-Quantum Cryptography (PQC).

Our aim is to equip readers with the knowledge and resources needed to support the creation of an actionable plan to protect your data and assets and secure the future of your organization against the threat of quantum attacks.

WHAT THREAT DOES QUANTUM COMPUTING POSE TO SECURITY?

Currently, most cybersecurity systems use symmetric and asymmetric encryption algorithms to ensure confidentiality, integrity and authenticity of transactions. When implemented properly, these types of algorithms create encryption that is difficult to break with today’s technologies. In fact, some estimate that it would take 300 trillion years for existing computers to decrypt a message encrypted with a 2,048-bit RSA key; an appropriate quantum computer, on the other hand, has the potential to achieve the same in a matter of seconds³.

The ability to protect sensitive data and communications and to authenticate people and processes are not the only things at risk. Cryptocurrencies and other blockchain-based applications are also based on public key encryption. No organization, no matter how big or small, is immune to the threat.

WHAT IS POST-QUANTUM CRYPTOGRAPHY?

Post-Quantum Cryptography (PQC) is the cryptographic research community’s answer to the threats posed by quantum computing. The National Institute of Standards and Technology (NIST) defines the goal of PQC as the development of “cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks”⁴.

Although PQC research has been ongoing for years and the standardization process for PQC algorithms is well under way, it’s important to acknowledge that there is currently no way of predicting which PQC algorithms will persevere. There is a saying in the cryptographic research community that an algorithm cannot be deemed fully trustworthy until it has withstood 20 years of public scrutiny. Therefore, as we will discuss in the following pages, achieving agility and the ability to switch algorithms will play a key role in preparing cryptographic systems for a post-quantum world.

ACHIEVING QUANTUM READINESS

To achieve quantum readiness and mitigate against the potential implications of these mounting security threats, organizations must be aware of—and address—a number of challenges that can act as barriers to effective PQC.

LACK OF CONTROL

To make the transition to PQC, organizations will need to overcome a number of technological roadblocks, such as bandwidth, space, and power consumption in constrained environments. In addition to these challenges, a lack of policy control represents another significant barrier to transitioning to PQC. To be effective, cryptographic tools must be governed by policy to ensure they are used consistently and appropriately across the entire organization.

Manually implementing and enforcing policy successfully, however, requires developing, documenting and maintaining appropriate standards, training application developers and performing labor-intensive and error-prone code reviews and audits. When cryptographic policy needs to be updated, it often requires large quantities of existing code to be checked, updated, reviewed, recompiled, retested and redeployed.
RAPID DEPLOYMENT

Correct use of cryptographic tools can be at odds with an organization’s need to innovate and quickly launch new products or services. An overly cautious approach to security can blunt a business’s competitive advantage and risk profitability. Yet the consequences of poor cryptographic key management or wrongly applied algorithms can cause catastrophic vulnerabilities, putting sensitive data at risk.
HARVEST NOW, DECRYPT LATER

A troubling reality is that data already encrypted by methods based on classical cryptography can be accessed and stored by bad actors until they obtain quantum technology that can break the encryption. This is known as a “store now, decrypt later” (SNDL) attack.

The threat of SNDL attacks means that organizations warehousing data with a long shelf life must be particularly aware of the risk of delaying their shift to PQC. Every day that goes by presents an opportunity for data to be harvested.

WHAT IS THE SOLUTION?

To address the threat of quantum computing, quantum-resistant cryptographic algorithms have been developed by the cryptographic research community. These algorithms are set to replace the RSA - and the elliptic curve-based methods currently used. Many of these algorithms have been analyzed and tested for a number of years – and a first set of candidates has been selected and publicly announced by NIST⁵:

Digital Signature scheme / Asymmetric Encryption shall now use ML-DSA, SLH-DSA, HBS-LMS or HBSXMSS depending on the level of security vs performance that is required.
Symmetric Encryption algorithms remain unchanged, but they key length needs to be increased for safety.
Key Encapsulation mechanism shall use ML-KEM, with HQC as a back-up algorithm.

PERFORMANCE IMPACT OF TRANSITIONING TO PQC ALGORITHMS

There is an impact on the increase of security though. We are currently estimating that migrating to PQC algorithm will have a medium to significant impact on the overall performance of a system:

Picture 14png PERFORMANCE COMPARISON BETWEEN STANDARD AND PQC CRYPTOGRAPHIC ALGORITHMS: Based on Cryptomathic's internal measurements, in relative value against SECP256R1 algorithm

Those results clearly outline that some impacts are to be expected on overall performance, there for a migration shall account for the company's internal targets in terms of security level and performance, for all impacted applications and services.

It is therefore of paramount importance to ensure that the migration to PQC is part of a global strategy and treated as a whole enterprise program.

In addition, there is no guarantee that any of the currently-favoured quantum-resistant algorithms will stand up to quantum computing. With cryptoanalysis ongoing, new findings may render some or all of these algorithms less secure than previously believed. As we previously mentioned, this is nothing new as cryptographic algorithms need to stand up to scrutiny and may need to be replaced over time. Organizations must be prepared to continuously adapt as cryptography evolves.

How is this possible? The answer is found in cryptographic agility.

INTRODUCING CRYPTOGRAPHIC AGILITY

In simple terms, cryptographic agility is the capacity for an information security system to adopt an alternative to its original encryption method or cryptographic primitive without notable change to system infrastructure.

Like changing a lightbulb without rewiring your whole home, cryptographic agility allows organizations to modify and switch out the cryptographic primitives on the fly—without changing or even revisiting the application using the cryptographic functionality. This includes algorithmic updates, hybrid schemes (such as HMAC, encryption and signing), key lengths, and modes.

Introducing this type of agility into their infrastructure enables organizations to switch between cryptographic primitives algorithms seamlessly and without interruption to the systems that use cryptography to protect data.

BENEFITS OF CRYPTOGRAPHIC AGILITY

When organizations achieve cryptographic agility, they gain the option and flexibility to protect sensitive data and assets against new attacks, both classical and quantum-technology based. A cryptographically agile framework can switch to a new encryption method based on quantumresistant algorithms at speed. It can also combine encryption methods and create longer keys to meet changing standards or evolve in line with the discovery of new quantum-proof algorithms.

Policy

In addition to easy switching, cryptographic agility supports organizations in the quest to create and apply policy to govern the use of cryptography. By enabling security decisions and cryptographic key management in the hands of a select few security decision-makers in charge of policy, cryptographic agility guides the correct and effective management of algorithms across the organization and allows changes to be made whenever necessary, without significant disruptions to applications and the services they provide.

Improved Efficiency

To ensure the creation of strong cryptographic keys, and to protect them from misuse, many organizations rely on dedicated Hardware Security Modules (HSMs). Though highly secure, HSMs often require specialist skills to configure and manage, and can be costly and time consuming when scaling a service or application. A cryptographically agile approach can dramatically reduce costs associated with rapid deployment and scaling by taking advantage of economies of scale. This allows organizations to achieve a high-level of security for new applications. With the advent of the cloud, alternatives to traditional HSM infrastructures are also popping up, allowing users to take advantage of both cloud HSMs, as well as other new technologies, such as secure enclaves.

Future-proof

In summary, a cryptographically agile approach allows organizations to future proof their security strategy by providing the mechanism to address potential threats quickly and effectively as they appear.

CRYPTOAGILITY MATURITY ASSESSMENT

A crypto-agility assessment measures an organization’s alignment to a crypto-agility maturity model as a structured benchmark to evaluate an organization’s current capabilities and readiness to respond to cryptographic threats and requirements.

The assessment maps an organization’s existing cryptographic systems, processes, and policies to the different levels defined in the maturity model—typically ranging from ad hoc and static environments to highly agile and automated cryptographic infrastructures.

Crypto-agility is meant to be a journey and the highest level called “managed” is infers that processes and tools are in place to allow an organization to adjust to a new cryptographic standard in advance of when needed. It will be up to the organization to determine if an organization needs to be at “managed” for each aspect of the framework.

There are usually several sections in the assessment, each being the subject of an evaluation of its maturity level:

GOVERNANCE & LEADERSHIP
CRYPTOGRAPHIC INVENTORY & ASSET COLLECTION

As emphasized in NIST’s recent cybersecurity guidance, organizations must “identify all instances of cryptography, assess their purpose, and evaluate their risk” in preparation for the post-quantum era (NIST CSWP 39, 2024). Financial regulators such as FINRA also encourage firms to maintain detailed cryptographic asset inventories as part of their cybersecurity frameworks (FINRA Cybersecurity Bulletin, 2024).
CRYPTO-AGILITY IN BUSINESS

This readiness includes budgeting for quantum-safe upgrades, adapting third-party contracts, educating key decision-makers, and aligning crypto-agility with risk management, compliance, and competitive business strategies. NIST highlights that strategic planning for crypto-agility is an enterprise concern, not just a technical one (NIST CSWP 39, 2024). Similarly, FINRA recommends that financial services firms assess their preparedness to address cryptographic vulnerabilities holistically, ensuring leadership and business units are fully engaged (FINRA Cybersecurity Bulletin, 2024).
VENDOR & SUPPLY CHAIN
REGULATIONS & STANDARDS
KEY MANAGEMENT

It is a cornerstone of any organization's crypto-agility strategy. Cryptographic keys are the lifeblood of digital security, enabling encryption, digital signatures, authentication, and secure transactions. An organization's ability to centrally manage, rotate, retire, and replace keys—especially across complex, hybrid, or multi-cloud environments—directly impacts its ability to be crypto-agile.

You could add to the list Education and Workforce awareness, Financial-grade API standard compliance (FAPI) or any other business-specific regulatory ecosystem that is relevant in the scope of your company’s activities.

INTRODUCING CRYPTOMATHIC’S CRYSTALKEY360 KEY MANAGEMENT SYSTEM

Cryptographic agility can’t be achieved without the right technology to support it.

Correct management of cryptographic assets and HSMs are critical to secure a business’s digital assets.

When architecting and delivering security applications, businesses often end up inefficiently duplicating cryptographic infrastructure.

Supporting an increasing number of siloed projects results in a loss of oversight and an increased risk of data exposure. The associated costs across multiple business units can also become unsustainable.

Cryptomathic’s CrystalKey360 (CK360) delivers all the benefits of cryptographic agility by offering a cryptographic platform that simplifies application integration while ensuring the highest availability and utilization of HSMs.

HOW DOES CK360 FACILITATE CRYPTOGRAPHIC AGILITY?

With CK360, changes can be made to key-length and algorithm support in the event of a significant breakthrough in post-quantum cryptanalysis without major disruptions to applications and the services they provide.
The policy ensures that correct algorithms and keys are used based on application-specific cryptographic parameters and pertaining to explicitly permitted use only.
Policy enforcement enables dynamic changes to cryptographic parameters of individual applications without the need for changing the application itself.
The CK360 platform shares HSM resources between applications, facilitating policy enforcement and HSM management.
Since CK360 is vendor-independent and can support the transparent addition and removal of HSM resources without impacting service, CK360 will be able to switch between HSM brands depending on who provides PQC algorithms first.

CK360 improves the management and monitoring of HSMs while also streamlining and strengthening the process of deploying cryptographic applications. With CK360, a business can assert total control over its cryptographic estate, delivering increased efficiency, cost savings and confident compliance.

10 STEPS TOWARD POST-QUANTUM READINESS

Since every organization will be impacted by post-quantum computing, every organization needs to begin planning now to mitigate the threat. Use the following checklist to determine your organization’s readiness and create an effective strategy to realize true cryptographic agility.

Assess

1) Take stock of your entire security strategy.

2) What cryptographic tools do you use?

3) Who has control over them?

4) What is the lifecycle management policy?

5) Create a comprehensive inventory of your cryptographic tools

Prioritize

6) Determine what is your most valuable data.

7) Which data has the longest shelf life?

Plan for action

8) Make plans to migrate your most valuable data and data with the longest shelf life to PQC first.

9) Prepare to follow NIST guidelines for PQC algorithms but be prepared to adopt changes on the fly.

10) Adopt a cryptographically agile strategy

cryptomathic_symbol_core_positive_transparent

PREPARING FOR THE RISE OF QUANTUM COMPUTING

With A Cryptographic Agility

INTRODUCTION

WHAT THREAT DOES QUANTUM COMPUTING POSE TO SECURITY?

WHAT IS POST-QUANTUM CRYPTOGRAPHY?

ACHIEVING QUANTUM READINESS

LACK OF CONTROL

RAPID DEPLOYMENT

HARVEST NOW, DECRYPT LATER