The Road Ahead: Post-Quantum Cryptography

Are we there yet? If you have traveled on a road trip with children, you probably have been asked this a hundred times. As with any road trip, you likely have done some pre-planning — a full tank of gas, some idea of where you’re going, GPS or a map, clothes packed, snacks, music. You are usually somewhat prepared for the journey ahead.

Enterprises and organizations are traveling — not on a mere road trip — but on a considerable journey. Destination: post-quantum cryptography. “There is no greater cryptographic migration than the one which CISOs and CIOs have now started preparing for: from classical, public key cryptography to quantum-safe cryptography,” states Paul Lucier, VP of sales, business development and marketing at ISARA, in his recent Security Boulevard article, Your Quantum-Safe Migration Journey Begins with a Single Step.

NIST continues to move forward, as well, with its post-quantum cryptography (PQC) standardization project. Last month, in a presentation to ASC X9 Inc., NIST mathematician, Dustin Moody, Ph.D., outlined the latest happenings with the project and what’s on the horizon. He discussed what NIST will be considering when it selects which third-round candidates to standardize, in terms of security, performance, and implementation characteristics. There was also discussion around the need for more real-world tests of the candidate algorithms.

Where is the NIST PQC Standardization Project Today?

Which way? This way. Currently in its third selection round, the cryptographic algorithm finalists and alternates are:

·      KEM finalists: Kyber, NTRU, SABER, Classic McEliece

·      Signature finalists: Dilithium, Falcon, Rainbow

·      Alternative KEMS: BIKE, FrodoKEM, HQC, NTRUprime, SIKE

·      Alternative Signatures: GeMSS, PICNIC, SPHINCS+

NIST intends to standardize a suite of algorithms. Standardizing a diverse collection of algorithms provides a well-rounded strategy against future cryptanalysis. Since some of these third-round candidates are sufficiently similar to each other, NIST expects to standardize **at most** one of the following:

·      KEM: Kyber or NTRU or Saber

o   These are similar, it’s likely all three won’t be required

·      Signature: Dilithium or Falcon

o   They are both based on structured lattices. No need for both

·       Both balanced, efficient, lattice-based signature

o   Moody noted that it will be hard to choose one of them

 “A wide range of mathematical ideas are represented by these algorithms. Most fall into three large families — lattice, code-based, multivariate,” Moody has said. It’s important for the eventual standard to offer multiple avenues to encryption.”

 The Journey to Post-Quantum Cryptography

How do we get there? Moody offers 12 tips to plan for the journey to PQC:

 1.     Perform quantum risk assessment within your organization

2.     Identify information assets and their current cryptographic protections

3.     Identify your X, Y, and Z (referring to Mosca’s XYZ Theorem)

4.     Prioritize activities required to maintain awareness

5.     Migrate technology to quantum-safe solutions

6.     Evaluate vendor products with quantum-safe features

7.     Know which products are not quantum-safe

8.     Ask vendors for quantum-safe features in procurement templates

9.     Develop an internal knowledge base amongst IT staff

10.  Track developments in quantum computing and quantum-safe solutions

11.  Establish a roadmap to quantum readiness for your organization

12.  Act now! It will be less expensive, less disruptive, and less likely to have mistakes caused by rushing and scrambling

 Enterprises can start preparing now with crypto-agile solutions, as NIST indicates. Crypto-agility can help organizations bridge the gap between current and quantum-safe security. For example, ISARA’s Catalyst™ Agile Digital Certificate Methodology enables a cost-effective and simplified migration to quantum-safe security today by supporting two cryptographic algorithms — one classic and one quantum-safe algorithm — within a single X.509 certificate.

Here are resources on crypto-agility and PQC information and migration strategies:

 ·      NIST Post-Quantum Cryptography Standardization outlines an overview, FAQs, news, updates, publications, and presentations

·      ETSI QSC Migration Technical Report provides recommendations for quantum-safe schemes

·      Quantum-Safe Hybrid Key Exchange Standard published by ETSI

·      X9 provides a wide range of quantum computing information, including a report on quantum computing risks

·      NCCoE outlines the importance of crypto agility

·      Managing Cryptographic and Quantum Risk outlines how enterprises can start taking action

·      Quantum-Safe Readiness Program for Enterprises is a workshop to gain hands-on experience and explore quantum-safe cryptography

Are we there yet? No! But now is the time to start planning for the post-quantum cryptography migration journey by gaining some familiarity with the new cryptographic algorithms. “By starting now, you will better equip your organization to confront the very real difficulties of the transition, and manage unwelcome surprises that could derail and delay quantum-safe migration efforts and create soaring back-end costs,” recommends Lucier. The first stop: inventorying assets and conducting an impact analysis.

In the rear-view mirror, let’s look back to 25 years ago. In The Road Ahead, Bill Gates wrote, “The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.” Fast forward to the present, and that vision for the future has become clearer than ever before.

So, pack your bags and prepare your playlists, because the road ahead leads to a quantum-safe enterprise.