By Paul Lucier, VP of Sales & Business Development, ISARA Corporation
Published on July 23, 2019
Part of our mission at ISARA is to educate and raise awareness of the security risks introduced by large-scale quantum computing. Since I joined ISARA in 2016, I’ve spoken to individuals, enterprises, and governments around the world, and along the way, I’ve heard some incorrect assumptions about the impact of the quantum threat and what can be done about it today.
Here are the top 3 myths about migrating to quantum-safe security and the facts I offer to dispel them.
Myth #1: The quantum threat doesn’t exist today (without large-scale quantum computers).
One of the greatest security threats today is the persistent stealing of encrypted data by attackers. While the purpose is not always clear, we do know that:
- There is widespread evidence of nation-states stealing encrypted data which could be easily read in the future with the use of a large-scale quantum computer capable of running Shor’s quantum algorithm (which breaks all public key cryptography). This is referred to as a harvest and decrypt attack.
- We should assume that harvest and decrypt attacks have been successfully carried out by our adversaries, some of which are also heavily invested in the development of quantum.
- It is estimated that a large-scale quantum computer will be available within 7-10 years.
All of these factors mean that the quantum threat is already a reality for data with confidentiality obligations longer than seven years (such as trade secrets, patient records, government communications, and in some cases, passports). The implementation of quantum-safe security, or other precautions, is required today to preserve confidentiality of such information in the future.
Myth #2: Organizations must wait for NIST or other global standards organizations to approve quantum-safe cryptography standards before beginning work on transitioning to quantum-safe security solutions.
NIST’s Post-Quantum Cryptography Standardization process is expected to be complete by 2024, leaving minimal time to be quantum-ready by 2026 – when the probability of a large-scale quantum computer existing becomes too high a risk to ignore.
Fortunately, there’s solutions available today that allow you to begin testing and evaluating quantum-safe algorithms and new approaches to deploying them.
Conducting proof-of-concept projects using optimized, production-ready, NIST-candidate quantum-safe algorithms is already possible using the ISARA Radiate™ Quantum-safe Toolkit.
By using hybrid cryptography, a NIST-recommended first step and successfully implemented in the ISARA Catalyst™ TLS Testbed, you can test hybrid implementations of current/quantum-safe algorithms, risk-free.
Working with a quantum-safe solution provider to develop proof-of-concept projects that deploy the algorithms in a test environment to benchmark performance and security is essential.
Migrating to quantum-safe security also means leveraging crypto-agility. To future-proof against quantum attacks, you can use agile digital certificates to combine current algorithms (such as RSA or ECDSA) and quantum-safe algorithms, allowing a PKI’s dependent systems to check which public key and signature to use to validate either type of certificate. This makes it easy for you to upgrade your infrastructure in phases, by preparing and protecting high-value, mission-critical systems now without encountering backward compatibility issues with assets not yet upgraded. This same technology can also be utilized today to migrate from one classical algorithm such as RSA to another, such as ECC.
Another option, using stateful hash-based signatures for authentication, has recently been recommended via an informative RFC by the by the Crypto Forum Research Group (CFRG). Stateful hash-based signatures are expected to be fast-tracked for standardization by NIST specifically for certificate and code-signing. With secure implementation on HSMs, they can future-proof durable IoT devices (such as connected cars, satellites, government issued identity documents, and medical devices). We’ve partnered with leading HSM vendors such as Gemalto and Utimaco to make this possible today.
Myth #3: We will need to replace all of our infrastructure because quantum-safe algorithms require keys that are prohibitively long and resource intensive.
With RSA and ECC, we have been able to rely upon two hard mathematical problems to build a wide variety of cryptographic solutions. The new quantum-safe solutions being explored, based on a number of hard problems in five different areas of math, are less general purpose and introduce the need for potential tradeoffs. Some schemes are very fast but provide less security assurances. Others provide small keys and high security but are slower. As a result, selecting the right quantum-safe scheme means that you need to consider the constraints that are important to your environment including size, speed, and others.
Before you plan to replace any of your systems, look for a toolkit that runs on the equipment you have today, and discover what you can do to migrate critical components first through a crypto-agile approach. Using the new digital certificate technology mentioned above achieves crypto-agility, but it also has the benefit of allowing continued use of the existing PKI system. The system does not need to be duplicated, which minimizes migration costs. Upgraded elements of the infrastructure can use the quantum-safe algorithms and classical algorithms to ensure quantum-safe communications and maintain backward compatibility during migration.
So, what do security leaders need to know?
The fact is that planning a quantum-safe migration and taking the first steps towards it is possible, and necessary, today. Understanding how the quantum threat affects your systems is just the start.
Cryptographic migrations are complex and unique to each organization. We’re here to help.
Get in touch with us here and ask what your first step towards quantum-safe security should be.