When it comes to preparing for post-quantum computing, the legacy mechanisms for effective implementation, integration, and management of cryptography in business applications have raised severe technical, performance, and security issues. Cryptomathic’s Crypto Service Gateway (CSG) is an agile cryptographic platform that enables businesses to be better prepared for the threats posed by quantum computers.
Quantum computing and its effects on asymmetric cryptographic algorithms
Quantum computers are different from traditional computers and even high-end supercomputers. Traditional computing platforms process data in the form of “bits” which have 0 or 1 possible value. On the other hand, quantum computers utilize the principles of quantum mechanics which allow them to process data in the form of “quantum bits” or “qubits” which can execute multidimensional quantum algorithms. As such, quantum computing has the potential to break all of the current popular asymmetric cryptographic algorithms used for encryption and authentication.
The security of asymmetric cryptographic algorithms is based on some hard mathematical problems such as the problem of factoring large integers or the so-called discrete logarithm problem. These mathematical problems are impossible to solve with a classical computer but can be solved using a sufficiently-sized quantum computer, which makes asymmetric cryptographic algorithms such as RSA or ECDSA vulnerable to quantum attacks. It is uncertain when such a quantum computer will be available – experts estimate this will happen within the next fifteen or so years.
Post-quantum cryptography standardization
To address the effects of quantum computing, the National Institute of Standards and Technology (NIST) initiated the Post-Quantum Cryptography (PQC) Standardization project in late 2016 which fuelled the development of quantum-resistant cryptographic algorithms. The NIST PQC standardization project finished its Round 3 in July 2022 with the announcement of the signature algorithms CRYSTALS-Dilithium, FALCON, and SPHINCS+, and the public-key encryption and key-establishment algorithm CRYSTALS-Dilithium, to be considered for standardization. Draft standards should be available by 2024.
A hybrid approach for PQC migration
Although it will take time to add post-quantum cryptography algorithms and standards into software and hardware, once the NIST PQC algorithm standards are finalized, legacy systems will have to implement them in their various phases, processes, and technologies.
Until the PQC standards are ready, a “hybrid approach”, utilizing both traditional and quantum-resistant cryptographic methods, has been advocated by several researchers and experts. By combining traditional and quantum-resistant methods, organizations can currently provide some protection against quantum computing power while they prepare for the PQC migration to new standards.
However, this hybrid approach typically requires organizations to use multiple cryptographic protocols and algorithms, which can be complex and difficult to manage. In addition, the separate incorporation of PQC algorithms in hardware, software, key management, and crypto policy enforcement carries the risk of leading to technically insecure and unstable solutions. Lastly, the time, human, and financial resources needed to migrate this way are significant, and may probably not be enough to be ready when an anticipated attack arrives.
Becoming quantum-ready through cryptographic agility
A troubling reality is that data already encrypted by methods based on classical cryptography can be accessed and stored by bad actors until they obtain quantum technology that can break the encryption. This means that organizations warehousing data with a long shelf life must be particularly aware of the risk of delaying their shift to PQC. Every day that goes by presents an opportunity for data to be harvested.
It is recommended that organizations become crypto-agile as soon as possible and emphasize post-quantum security in order to protect their data ahead of the arrival of quantum computing.
The PQC standardization process is still underway and the supporting software and hardware for quantum-resistant cryptography are not yet available, so the best way to create a secure crypto infrastructure is to become crypto-agile now so you can quickly switch to recommended and available crypto algorithms when they become available.
Crypto Service Gateway (CSG)
Cryptomathic's CSG provides an integrated solution that simplifies the process of migrating to quantum-ready cryptography and eliminates the need for separate incorporation of PQC algorithms in hardware, software, key management, and crypto policy enforcement. It enables organizations to quickly and securely deploy quantum-resistant cryptographic solutions without having to add or replace hardware or software. CSG provides a unified, crypto-agile platform for managing cryptographic keys and policies, as well as providing access to quantum-resistant algorithms.
CSG can be described as a “Cryptographic Control Center” responsible for the complete provisioning and management of cryptographic algorithms in a software-based or hardware-based solution. CSG is designed to be flexible and extensible, allowing organizations to easily integrate new algorithms and protocols into their existing infrastructure. This makes it easier for organizations to stay ahead of the curve when it comes to quantum computing threats.
All in all, to mitigate the security threats caused by quantum computers, organizations need to incorporate post-quantum cryptography at a faster pace. Cryptomathic’s Crypto Service Gateway will provide a secure and flexible way towards this direction.
For more information on Cryptomathic's encryption and crypto-agility solutions, please visit https://www.cryptomathic.com/products/key-management or get in touch with one of our experts.