It is not a question of if, but when quantum computing will arrive and be used for malicious purposes, as the expectation is that this new technology will be capable of cracking most, if not all, of the asymmetric cryptographic algorithms currently used to protect data. While quantum computing is not expected to arrive until 2030, the time is now for companies to get prepared for these threats that are related to this new technology. The question is, however, when and how they should prepare.
This article discusses how companies should already be preparing their cryptographic systems for the security threats that quantum computing is expected to create.
NIST's initiative on PQC
It has been more than five years since the U.S. National Institute of Standards and Technology (NIST) began its Post-Quantum Cryptography (PQC) Standardization Process Competition to seek quantum-safe algorithms. On July 5, 2022 NIST announced its Round 3 finalists:
Public-Key Encryption/Key Encapsulation Mechanisms (KEM): CRYSTALS-KYBER
Digital Signatures: CRYSTALS-Dilithium (primary), Falcon and SPHINCS+
Additional Public-Key Encryption/KEM algorithms were chosen for a possible fourth round of evaluation of candidates for future standardization, including:
The algorithms chosen as Round 3 finalists will not become available for use until at least 2024. But this does not mean that efforts for post-quantum cryptography (PQC) preparation should wait until these algorithms become ready for use.
Determining your crypto-agile preparation timeline for a post-quantum world
Industry IT security experts have made recommendations on how companies can prepare for a post-quantum world. In a recent Deloitte press release, Colin Soutar, Ph.D., a U.S. quantum readiness leader and managing director for Deloitte’s Risk & Financial Advisory group provided his view on preparing for a post-quantum world. Soutar concluded:
Collaboration between the C-suite, boards and security leaders is needed to drive quantum cyber preparedness. Good cyber hygiene — such as developing a cryptographic inventory, honing data governance, and managing certificates — are all good steps for today and for when we are more completely in the quantum era.
Dr. Michele Mosca, a renowned cryptography expert, has developed a theorem that can help businesses successfully determine their path to prepare for a post-quantum world. Mosca’s theorem begins with a simple equation:
If X + Y > Z, then worry!
But do not let this simple equation fool you. Its design may appear simple. However, its evaluation does involve steps that can become complex.
Step #1. Determine Your X Factor
Your X factor is the shelf life of your systems’ existing security capabilities. But you should also include additional aspects, including:
By evaluating all these aspects, you should get an idea of how long your existing configurations can effectively offer the security needed.
Step #2. Determine your Y factor
The Y factor represents the time needed to migrate your company’s current cryptographic solutions to a fully quantum-safe environment. Choosing your migration path should be built on a strong understanding of your systems’ current status.
Step #3. Determine your Z factor
The Z factor is the final piece needed before solving your equation. It represents the remaining number of years before stable quantum computers are available and capable of breaking existing crypto algorithms. Current estimates will range from 10 to 20 years.
Step #4. Solve your equation
Once the previous factors are defined and you have assessed your current status, and determined your migration path, you must compare it to the potential timeline for the arrival of quantum computing. Provided that the sum of your current shelf life and migration path is less than the remaining years until quantum computing arrives, you are in a good position. However, if your results are the opposite and greater than the number of years before QC’s arrival then your cybersecurity is at risk.
Reduce the hassle by becoming crypto-agile
Both Soutar and Mosca offer sound advice when they state that their suggestions for crypto-agility preparation are all good steps for today and when the quantum era arrives. However, not all companies are the same. There are some that may need to accelerate their preparedness actions due to the nature of their business sectors. Then there are others that might not fully understand their post-quantum risks.
And of course, we must take into consideration that the new NIST standards are likely to not be released until 2024. Companies can best prepare by becoming crypto-agile now rather than later. This will allow them to start protecting their critical data now before the arrival of quantum computing. It will also allow them to rapidly switch at any given time to the newest algorithms recommended by NIST to protect their data from post-quantum cyberattacks.
With Cryptomathic's Crypto Service Gateway (CSG), organizations can afford true crypto-agility through the abstraction layer between the applications using cryptography and the hardware security modules (HSMs) that provide the secure key usage and storage. Multiple applications can connect to the CSG platform and use the broad range of crypto functionality provided by the HSMs without having to hard-code complex crypto parameters into the applications. As all the cryptographic functions and policy settings are managed by CSG through the remote admin client, it’s as close as you can get to plug-and-play high-security cryptography - enabling rapid changes to algorithms that are being used by the applications, with virtually no changes to the application code.
NIST Post-Quantum Competition: And the Round 3 Finalists Are…(October 2022), by the Cloud Security Alliance
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations Consider Implications of Quantum Computing (September 2022), by Colin Soutar
Crypto agility - How to determine your timeline for post-quantum preparation (March 2019), by Ulrich Scholten