Once an adversarial nation-state or state-sponsored attacker has access to a large-scale quantum computer, it will have the ability to break current public-key cryptography using Shor’s quantum algorithm. If encrypted sensitive data is stolen today, it will be accessible once a sufficiently-powered quantum computer is available.
This espionage practice is called “harvest and decrypt”. If the sensitive data has a secrecy obligation that extends beyond the time it will take to introduce large-scale quantum computing, then that data should be considered at risk today. For example, if classified information must remain confidential for 7+ years, then it can already be considered at risk now.
This practice is on the rise. In Verizon's 2019 Data Breach Investigations Report (DBIR), they reported that nation-state and state-sponsored attacks represented 23 percent of data breaches, up from 12 percent in 2018 and that a quarter of all breaches were associated with espionage.
Additionally, in 2018, the US Department of Justice released details of a prolonged nation-state cyber-espionage attack against universities, businesses and government agencies where it was estimated that the hackers "accessed and compromised intellectual property (IP) that cost the victim organizations $3.4 billion to develop."
By combining current public-key algorithms with quantum-safe options, you can protect encrypted sensitive communications today.
For example, by combining quantum-safe algorithms with classical algorithms, we can create a new hybrid key establishment that is at least as strong as its strongest component. Importantly, NIST states:
"A hybrid key establishment mode—sometimes referred to elsewhere by other names, such as a composite mode—is defined here to be a key-establishment scheme that is a combination of two or more components that are themselves cryptographic key-establishment schemes. The desired property is that keys derived by a hybrid key-establishment scheme remain secure if at least one of the component schemes is secure. The case of interest is when one of the components of the hybrid mode is NIST-approved - for example, a discrete-logarithm based scheme from NIST SP 800-56A or an integer-factorization scheme from SP 800-56B—and another component is a post-quantum cryptography scheme." Source: NIST Post-Quantum Cryptography: FAQS
Furthermore, NIST states on their Post-Quantum Cryptography FAQ page that their current standards "...which were not necessarily designed to provide post-quantum security, can accommodate several hybrid key establishment constructions in “FIPS mode,” as defined in FIPS 140."
Multiple areas of quantum-safe cryptography apply radically different areas of math so it is highly unlikely that two of the most promising quantum-safe algorithm candidates will be vulnerable. Thus, merging two quantum-safe key establishment algorithms (based on different underlying mathematical problems), with a classical algorithm would result in a cryptographic algorithm that is secure against both classical and quantum attacks.
The ISARA Catalyst™ TLS Testbed expands on TLS 1.2 to include agility in the form of hybrid key establishment, supported by a selection of ready-to-use classic and quantum-safe hybrid cipher suites allowing you to begin your migration to quantum-safe security today.
Get in touch with us to start protecting your sensitive data now.