Protect Against Harvest & Decrypt

Encrypted Sensitive Data Stolen Today Is At Risk

Once an adversarial nation-state or state-sponsored attacker has access to a large-scale quantum computer, it will have the ability to break current public-key cryptography using Shor’s quantum algorithm. If encrypted sensitive data is stolen today, it will be accessible once a sufficiently-powered quantum computer is available.

This espionage practice is called “harvest and decrypt”. If the sensitive data has a secrecy obligation that extends beyond the time it will take to introduce large-scale quantum computing, then that data should be considered at risk today. For example, if classified information must remain confidential for 7+ years, then it can already be considered at risk now.

This practice is on the rise. In Verizon's 2019 Data Breach Investigations Report (DBIR), they reported that nation-state and state-sponsored attacks represented 23 percent of data breaches, up from 12 percent in 2018 and that a quarter of all breaches were associated with espionage.

Additionally, in 2018, the US Department of Justice released details of a prolonged nation-state cyber-espionage attack against universities, businesses and government agencies where it was estimated that the hackers "accessed and compromised intellectual property (IP) that cost the victim organizations $3.4 billion to develop."

The Solution is Hybrid Key Establishment

By combining current public-key algorithms with quantum-safe options, you can protect encrypted sensitive communications today.

For example, by combining quantum-safe algorithms with classical algorithms, we can create a new hybrid key establishment that is at least as strong as its strongest component. Importantly, NIST states:

"A hybrid key establishment mode—sometimes referred to elsewhere by other names, such as a composite mode—is defined here to be a key-establishment scheme that is a combination of two or more components that are themselves cryptographic key-establishment schemes. The desired property is that keys derived by a hybrid key-establishment scheme remain secure if at least one of the component schemes is secure. The case of interest is when one of the components of the hybrid mode is NIST-approved - for example, a discrete-logarithm based scheme from NIST SP 800-56A or an integer-factorization scheme from SP 800-56B—and another component is a post-quantum cryptography scheme." Source: NIST Post-Quantum Cryptography: FAQS

Furthermore, NIST states on their Post-Quantum Cryptography FAQ page that their current standards "...which were not necessarily designed to provide post-quantum security, can accommodate several hybrid key establishment constructions in “FIPS mode,” as defined in FIPS 140."

Multiple areas of quantum-safe cryptography apply radically different areas of math so it is highly unlikely that two of the most promising quantum-safe algorithm candidates will be vulnerable. Thus, merging two quantum-safe key establishment algorithms (based on different underlying mathematical problems), with a classical algorithm would result in a cryptographic algorithm that is secure against both classical and quantum attacks.

The ISARA Catalyst™ TLS Testbed expands on TLS 1.2 to include agility in the form of hybrid key establishment, supported by a selection of ready-to-use classic and quantum-safe hybrid cipher suites allowing you to begin your migration to quantum-safe security today.

Get in touch with us to start protecting your sensitive data now.

Related Resources

  Web Page

ISARA Catalyst TLS Testbed

  Guide

Executive’s Guide to Quantum Computing and Quantum-secure Cybersecurity by the Hudson Institute

  Blog Post

Quantum Key Distribution and Quantum-Safe Cryptography: two (complementary) approaches to becoming quantum-ready