Four Quantum-Safe Migration Recommendations from ICMC22

This year’s International Cryptographic Module Conference, held in Arlington, V.A., USA, brought together global leaders in commercial cryptography. It was great to see some old faces, make new acquaintances, and put faces to the voices we have been chatting with online over the past few years. 

Quantum-safe cryptography was a main theme of this year’s conference, appropriately so, with several excellent presentations and panel discussions. Here are four recommendations that were discussed during the conference that we believe organizations must focus on over the coming year to optimize their quantum-safe migrations plans.

  1. Perform asset inventories and cryptographic discovery. Now that we know which quantum-safe algorithms NIST intends to standardize, presenters at the conference reinforced the urgency for organizations to do an inventory of their assets, discover where and how they use cryptography, and perform the associated risk analyses. One panelist observed that there is no one-size-fits-all strategy for a quantum-safe migration, and this inventory and discovery step will be key to formulating migration strategies. By experimenting with integrating quantum-safe security into their systems, organizations can get a sense of the difficulties in migrating to a quantum-safe state, including analyses of performance requirements and the impacts of using the new algorithms.

    It is difficult to protect data and assets you don’t know you have, and continuing to protect them in the future requires understanding how they are protected today. The decades of relative stability in the asymmetric algorithms we use (e.g., RSA and ECC) has led to those algorithms being buried within systems and infrastructures. There is an urgent need to surface those algorithms to gain visibility into how, where, and why they are used.

  2. Implement hybrid systems. Hybrid cryptosystems can be designed such that an attacker needs to break both the classical and the quantum-safe components to successfully break the full scheme. Other hybrid schemes can be designed to preserve backwards compatibility with systems that have yet to be upgraded. In these two ways, hybrid cryptosystems are seen as crucial tools for enabling quantum-safe migrations and as a meaningful hedge against future cryptanalysis.

    At the conference, there was a strong belief that hybrid cryptosystems will be the way quantum-safe algorithms will get used in many cases, at least during the initial migration. This is because quantum-safe algorithms are still relatively young, the migration timelines can be very long, and anything can happen between now and Y2Q. While they won’t be appropriate for every use-case, hybrids will be excellent tools for managing cryptographic risk, maintaining compliance obligations, and streamlining quantum-safe migrations. 

  3. Multiple migrations might be required over time. Different panelists and presenters observed that there has been an implicit assumption in the cryptographic community that the to-be standardized quantum-safe algorithms will remain secure and unbroken indefinitely. In other words, that enterprises will only need to do one quantum-safe migration. Yet, we should not assume these algorithms will be secure forever — even NIST’s quantum-safe algorithms can get attacked down the line — and organizations should plan for future migrations to mitigate risks. Because the scale of the quantum-safe migration is so great and so unprecedented, it would be wise to avoid having to duplicate those efforts in the future by accounting for the possibility of multiple migrations into planning processes now. 

  4. Crypto agility will become necessary. There was much excitement about crypto agility during the conference. Increasingly, organizations are realizing that crypto agility will be a necessary capability not only for migrating systems to quantum-safe cryptography, but for mitigating future cryptographic risks more generally. As the world awaits NIST’s quantum-safe standards, organizations can begin integrating crypto agility into their systems and technological roadmaps now. 

    Not only does crypto agility provide a smooth method for transitioning away from classical algorithms, it provides mitigation against future cryptanalysis, a way to transition to stronger algorithms or parameter sets, and is a valuable tool for managing cryptographic risks and future-proofing critical systems. If multiple migrations are required over time, it makes good sense to build in mechanisms now that enable organizations to transition again more easily in the future. Crypto agility is exactly such a mechanism. 

In his keynote, “A Domino Effect — Implementing Post-Quantum Cryptography,” Troy Lange, Chief of the Encryption Production and Solutions Group within the Cybersecurity Directorate at the National Security Agency (NSA), emphasized the urgency to migrate to post-quantum cryptography. Lange would know! After all, he is responsible for protecting the U.S.’s most critical secrets through the design, development, and production of keys, codes, and cryptographic devices. 

Preparing for a quantum-safe migration isn’t easy. ISARA can help. Reach out today, and let’s discuss how ISARA’s products and services can help manage your cryptographic risks, future-proof your systems, and simplify your quantum-safe migration.