Why post-quantum security planning must start today
Gettyimages.com/JuSun
Thales Trusted Cyber Technologies deputy CTO Gina Scinta warns that quantum computers are a few short years away so there should be no delay in addressing encryption vulnerabilities. .
Even though large scale quantum computing are years away from being a practical reality, federal government experts are rightfully worried about the cryptography implications today.
The threat is imminent. The Cloud Security Alliance has already begun a countdown to April 14, 2030, the date when they believe a cryptographic-relevant quantum computer will be able to break Public Key Infrastructure (PKI). It’s clear, then, that federal agencies need to start developing their quantum safe transition strategy.
This urgency was already underscored as far back as May 2022, when the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems (NSM 10) provided requirements and timelines for Quantum-Resistant Cryptography.
In particular, the memo notes that “America must start the lengthy process of updating our IT infrastructure today to protect against this quantum computing threat tomorrow.”
The memo continues by underscoring that, “Central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for post-quantum cryptographic standards.”
Today’s classic encryption absolutely will break (or be broken) in the future, affecting security aspects such as authentication, code-signing, and digital signatures. It’s already time to understand quantum in various contexts, and to get started on a crypto-agile approach to future-proof systems and data.
What is quantum – understanding the definitions
The word “quantum” means different things, depending on the context in which it is being discussed.
Quantum Computing: Quantum computers can, in principle, perform certain mathematical algorithms exponentially faster than a classical computer. In place of the ordinary bits used by today’s computers, quantum computers use “qubits” that behave and interact according to the laws of quantum mechanics. This quantum physics-based behavior would enable a sufficiently large-scale quantum computer to perform specific mathematical calculations that would be practically impossible for any conventional computer.
Quantum Key Distribution (QKD): The field of quantum cryptography involves specialized hardware that makes use of the physics of quantum mechanics to protect secrets (as opposed to the use of mathematics in algorithmic cryptography). The most common example today uses quantum physics to distribute keys for use in traditional symmetric algorithms – hence, quantum key distribution. The sole function of QKD is to distribute keys between users; therefore, it is only one part of a cryptographic system.
Quantum Random Number Generators (QRNG): QRNGs are hardware random number generators that use specific quantum effects to generate nondeterministic randomness.
At their core, QRNG chips contain a light-emitting diode (LED) and an image sensor. Due to quantum noise, the LED emits a random number of photons, which are captured and counted by image sensors pixels, giving a series of raw random numbers that can utilized in technology such as hardware security modules.
Post-Quantum Cryptography (PQC): Also known as quantum-resistant cryptography, the purpose of this technology is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.
What is the impact of quantum computers?
The tech industry is working hard to make functional quantum computers a reality as quickly as possible. Unfortunately, quantum computers will be extremely efficient at cracking the PKI, which is essential around the world for everything from code signing and authentication to the Internet as a whole. Waiting until a cryptographically relevant quantum computer is commercially available will be too late to start developing a defensive strategy.
In fact, hackers are already using the tactic of “Harvest Now, Decrypt Later” – stealing encrypted data today that cannot be decrypted now, but can be cracked with a quantum computer in the future. This tactic is one of today’s biggest threats to long live sensitive data and infrastructure.
It’s not an overstatement to say that in this evolving technological environment, PQC will enable us to maintain our way of life, from a security perspective.
Crypto agile products allow us to use PQC algorithms and keys today. According to a white paper from the European Telecommunications Standards Institute (ETSI) on quantum-safe cryptography and security, without quantum-resistant encryption, everything that has been transmitted, or will ever be transmitted over a network, will be vulnerable to eavesdropping and public disclosure.
A post-quantum cryptography timeline starts today
Organizations that support critical infrastructure are being encouraged by standards organizations to start planning their migration to post-quantum cryptography.
Last year, NIST published the first set of post-quantum cryptographic (PQC) standards, to protect against future, potentially adversarial, cryptoanalytically-relevant quantum computer (CRQC) capabilities. A CRQC would have the potential to break public-key systems used to protect information systems today.
Some systems, particularly those with long-term confidentiality needs or more complex cryptographic infrastructures, may require earlier transitions. Others may adopt PQC at a slower pace due to legacy constraints or lower risk profiles.
As part of the transition to post-quantum cryptography, NIST will be deprecating specific cryptographic primitives, algorithms, and schemes, including many public-key cryptosystems.
This is not a simple effort. Past cryptographic migrations have taken over a decade, and this more complex migration will likely take at least that long. Given the previously-noted prediction that quantum computers will be able to break present-day cryptography infrastructures by 2030, the timeline to start doing something about it should begin now.
From a requirements perspective, one of more useful publications was NSA’s recent 2.0 version of the Commercial National Security Algorithms (CNSA 2.0). This provides recommendations for which algorithms to use, and timeframes for deploying those algorithms to protect national security systems.
Roughly speaking, the NSA recommends transitioning to PQC in the 2025 to 2030 timeframe, and using PQC exclusively in the 2030 to 2033 timeframe.
The best defense is crypto agility
So with all that, what is there to be said about how to protect against the cyber risks attached to quantum computing? In a nutshell, it’s about understanding the importance of crypto agility.
In fact, crypto agility is not just about quantum. It’s about being able to face the reality that all algorithms fail with time. Many systems make it difficult to rotate keys, to change mechanisms or key algorithms, or to create versions of protocols that will not fail in the face of unknown unkowns.
Crypto agility creates the capability to quickly modify underlying crypto schemes with upgradeable technology where planned obsolescence is no longer a factor. It’s essential, however, to have flexibility in migration planning to post-quantum cryptographic technologies, to balance the urgency of securing critical systems with the practical challenges that different organizations face during this transition.
Gina Scinta is deputy chief technology officer of Thales Trusted Cyber Technologies.
