Standards Update

QUANTUM-SAFE CRYPTOGRAPHY

Mark Pecen, Chief Operating Officer, ISARA Corp., Chairman ETSI WG for Quantum-Safe Cryptography, board member, Institute for Quantum Computing (CANADA)

We are regularly updating this page with the latest quantum-safe standards progress so that you can quickly find the information you need. Please send any additions or corrections to quantumsafe@isara.com

Last Updated August 2018

NIST

NIST Logo

 

 

 

At the end of 2016, The National Institute of Standards and Technology (NIST) began a global effort to collect, analyse, and eventually standardize new cryptographic algorithms that are resistant to attacks using large-scale quantum computers.  This effort is known as the NIST Post-Quantum Cryptography (PQC) Standardization Project, and focuses on asymmetric algorithms for: data encryption, digital signatures, and key encapsulation.  The deadline for submissions was November 30, 2017, and 69 submissions were accepted for further consideration.

Completed Work

  • NISTIR 8105 Report on Post-Quantum Cryptography 
    • In April 2016, NIST published a foundational Internal Report about Post-Quantum Cryptography, documenting NIST’s understanding of large-scale quantum computing’s effect on public key cryptography, industry’s progress on quantum computing hardware, and their plan to move forward in the PQC space. NIST also focuses on the need for crypto-agility as a critical approach for agencies to adopt when moving forward
  • None of the submitted algorithms have been standardized by NIST at this time.

Ongoing Work

  • The PQC Standardization project is underway. Of the 69 submissions, ISARA Corp. solely submitted one algorithm and collaborated on a second:
    • QC-MDPC KEM: ISARA solely submitted this code-based Key Encapsulation Mechanism for consideration, and
    • Qtesla: a lattice-based digital signature algorithm, a result of a joint effort between several research organizations, including ISARA Corp.
  • NIST has published a proposed timeline for draft standards, expected in 2022/2024
    • Round 2 Submissions are expected to begin in 2018/2019.
    • The latest NIST PQC Timeline can be accessed here.

Back to the top

ETSI TC Cyber WG QSC

ETSI Logo

 

 

 

European Telecommunication Standards Institute (ETSI) Technical Committee Cyber (TC Cyber) Working Group for Quantum-Safe Cryptography (WG QSC) was the first commercially focused standards group focused on quantum-safe cryptography, founded in March 2015 as ETSI Industry Specification Group and later converted to WG of TC Cyber in March 2017.  Its focus is the implementation and deployment of quantum safe primitives, including performance considerations, capabilities, protocols, benchmarking and architectural considerations for specific applications.  This work feeds into other groups and standards bodies such as International Telecommunications Union (ITU) and Internet Engineering Task Force (IETF).

Completed work

  • ETSI Group Report (GR) QSC001 “Analysis of Quantum-Safe Primitives”
    • This Group Report discusses the basic principles of quantum-safe cryptography, the range of options available for implementation and usage as well as certain performance considerations and constraints such as cryptographic key-lengths and computational requirements.
    • Read the Report
  • ETSI GR QSC003 “Quantum-Safe Case Studies & Use Cases”
    • A practical analysis of the consequences of implementing and deploying certain quantum-safe methods. In this report, we cover some aspects of network security, such as Transport Layer Security (TLS), security for the Internet of Things (IoT) and the inherent constraints as well as satellite communication and the issues associated with security of one-to-many broadcast data.
    • Read the Report
  • ETSI GR QSC004 “Quantum-Safe Threat Analysis”
    • An overview of what is vulnerable over time to quantum attacks, including applications in banking and finance, intelligent transportation systems, Internet of Things, digital media content protection eHealth as well as how some of the quantum attacks are formulated.
    • Read the Report
  • ETSI GR QSC006 “Limits of Quantum Computing on Symmetric Key Cryptography”
    • This is the only effort addressing Symmetric Key Cryptography thus far, and it’s fairly speculative in its findings. Nevertheless, an excellent grounding on the limits of quantum computing as we know it today.
    • Read the Report
  • ETSI TR 103 570 “Quantum-Safe Key Exchanges, Implementation Analysis”
    • This Technical Report (TR) covers a range of quantum-safe key exchange mechanisms, such as Learning with Errors (LWE), Ring Learning with Errors (RLWE), supersingular isogenies, and others with regard to parameter selection, performance and implementation constraints.
    • Read the Report

Ongoing Work

  • QSC-008: “Quantum-Safe Cryptographic Signature assessment”, (Rapporteur is INRIA)
  • QSC-009: “Quantum-Safe Virtual Private Network (VPN)”, (Rapporteur is ISARA Corporation)
  • QSC-12: “Quantum-Safe Identity-Based Encryption (IBE)”, (Rapporteur is NCSC)
  • QSC-13: “Migration Techniques to Quantum-Safe Systems”, (Rapporteur is Cadzow Communication)

Back to the top

ITU-T SG17 and ISO/IEC

ITU Logo

 

 

 

International Telecommunications Union Telecommunication Sector (ITU-T) is the technology standardization body of the United Nations located in Geneva, representing 293 member countries of the U.N.  Study Group 17 (SG17) is a sub-group of ITU-T specializing in security.  The International Standards Organization (ISO) and International Electrotechnical Commission (IEC) collaborate jointly on security work in SG17.

Completed Work

  • The following work has been completed from a technical perspective but awaits formal balloting process of ITU-T SG17.

Ongoing Work

  • Quantum-Safe Cryptography is relatively new to SG17. ISARA Corp. introduced a means of crypto-agility to support simplified migration to quantum-safe certificates in SG17 Question 11 on the Rec. ITU-T X.509 | ISO/IEC 9594-8 in September 2017. This optional extension to the next version of the specification provides 1) support for multiple cryptographic algorithms public-key certificates and a new attribute type that allows a certificate authority (CA) to inform what public-key algorithms it supports and under what conditions.
  • Danish Energy Agency is bringing document T17-SG17-C-0316 to SG17 to the August-September 2018 meeting of ITU-T SG17 in order to finalize the work begun by ISARA. The new version of Rec. ITU-T X.509 is expected to be published and ready to use in March 2019.

Back to the top

IETF

 

 

 

The Internet Engineering Task Force (IETF) was created in 1986 by the U.S. government and is now a large open international community of engineers, vendors and researchers with a focus on the evolution of the Internet, primarily at the data transport layer.

Completed Work

  • None of the following drafts have been approved as official Requests for Comments (RFCs).

Ongoing Work

  • Framework to Integrate Post-quantum Key Exchanges into Internet Key Exchange Protocol Version 2 (IKEv2)
    • Proposed by a collaboration among Post-Quantum, Cisco, ISARA Corp., Onboard Security and Phillips
    • The objective is to extend the IKEv2 protocol so that the shared secret exchanged between peers is quantum-safe.
    • Read the Draft
  • Auxiliary Exchange in the IKEv2 Protocol
    • Proposed by ELVIS-PLUS
    • Not explicitly a quantum-safe activity, but this mechanism may later be used to perform quantum-safe key exchanges.
    • Read the Draft
  • Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)
    • Proposed by Vigil Security
    • Provides the ability to mix a quantum-safe pre-shared key with the output of legacy (non-quantum-safe) key agreement and key transport algorithms within CMS.  CMS is a component of S/MIME secure email.
    • Read the Draft
  • Use of the Hash-based Merkle Tree Signature (MTS) Algorithm in the Cryptographic Message Syntax (CMS),
    • Proposed by Vigil Security
    • The objective is to add hash-based signatures to CMS.
    • Read the Draft
  • Post-quantum Pre-shared Keys for IKEv2
    • Proposed by a collaboration among Cisco and ELVIS-PLUS
    • The objective is to provide the ability to mix a quantum-safe pre-shared key into IKEv2 keys. Quantum-safe authentication is used to establish the session, then quantum-safe encryption would be available for new child sessions when the initial session is re-keyed.
    • Read the Draft
  • Use of the Hash-based Signature Algorithm with CBOR Object Signing and Encryption (COSE)
    • Proposed by Vigil Security
    • The objective is to add hash-based signatures to COSE, which is intended to protect software update distribution.
    • Read the Draft

The following drafts have been submitted but have not been adopted by a Working Group:

  • Multiple Public-Key Algorithm X.509 Certificates
    • Proposed by collaboration among ISARA Corp., Cisco and Entrust
    • Describes a set of ITU Rec. X.509 v3 digital certificate extensions which embed quantum-safe public keys and signatures within a certificate.  The resulting certificates will be backwards-compatible with systems that don’t implement this draft.
    • Read the Draft
  • TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key
    • Proposed by Vigil Security
    • The objective is to define a TLS 1.2 extension to use a quantum-safe pre-shared key as input to the TLS 1.3 key schedule. This would ensure that the resulting shared secrets used to secure the TLS connection are quantum safe.
    • Read the Draft

Back to the top

ANSI ASC X9

ISARA Corporation Standards Logo

 

 

 

American National Standards Institute (ANSI) Accredited Standards Committee (ASC) X9 is a specialized financial standards group with a focus on electronic payment systems, cheques and back-office operations, corporate banking transaction reporting, securities such as stocks and bonds, and data/information security.

Completed Work

  • None of the following drafts have been approved as standards at this time.

Ongoing Work

  • TR.50: Quantum Techniques in Cryptographic Message Syntax (CMS)
    • Proposed by ISARA Corp.
    • This Technical Report gives a general introduction to quantum computers and the consequences they pose to the Financial Services Industry, including some of the options available to mitigate such threats.The ballot vote to publish TR.50 has been opened, as X9 members have expressed a strong interest in upgrading it from an informative technical report to a standard.
  • Informative white paper of X9 Quantum Computing Risk Study Group
    • Proposed by X9 chairs
    • This is an informative paper that will be made available to the general public. The paper details certain aspects of quantum mechanics, cryptographically relevant quantum algorithms, and the physical design of quantum computers. The whitepaper also identifies the repercussions to the Financial Services Industry that may be caused by the advent of a large-scale quantum computer and suggests intermediary steps that can be taken to mitigate such potential damage.

Back to the top