With post-quantum cryptography standards published, what's next?

A technology standards effort eight years in the making has culminated in an initial three standards that mark the first series of protections against a cybersecurity threat that still could be a decade from reaching full strength.

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) this month published its first three finalized post-quantum cryptography (PQC) standards that it believes will help protect the world against the threat of quantum computers capable of executing Shor’s Algorithm, which potentially could be used break down RSA and other current encryption standards. These new PQC cybersecurity algorithms have been carefully chosen, intensely debated and analyzed, and evaluated and tested at length from among dozens of candidates during a process that began in 2016 when NIST issued a call for PQC candidates. The formal publishing of the finalized standards means that government agencies, corporate enterprises, and research institutions can confidently deploy security products and services incorporating these algorithms. (More details on each of the new PQC standard algorithms can be found here.)

IBM was deeply involved in the development of two of the three finalized standards, and the creator of the third has since joined IBM Research. Gregor Seiler, cryptography researcher, IBM Research, told Fierce Electronics, “The publication of NIST’s first post-quantum cryptography standards signals to enterprises, government agencies, and supply chain vendors that quantum-safe cryptography is ready for deployment and now is the time to start the journey to becoming quantum-safe. Now that these standards are available, our hope is that product developers, enterprises, and governments are motivated to begin integrating post-quantum cryptography.”

The good news is that no quantum computer exists yet that is powerful enough to execute Shor’s Algorithm, so time, for now, is on their side. The less-good news is that very broad adoption and implementation of security standards can take many years, even decades, which has been the case with RSA, and organizations do not have nearly that much time on their side. Another wrinkle: Some cybersecurity attacks that have occurred in recent years may have been conducted with the intent intent to steal encrypted data and and crack that encryption in the coming years on quantum computers, meaning the bad guys may be a step ahead of the good guys in those cases as they already have driven away with the safe and just need something to open it with.

“We don’t know exactly when a cryptographically relevant quantum computer — a future quantum computer powerful enough to break today’s cryptography — will be available, but current estimates show it could be as soon as the next decade,” Seiler said. “The transition to post-quantum cryptography won’t happen overnight, and it is critical that organizations begin the process now.”

He added, “This threat should not be underestimated, but the good news is that we now have post-quantum cryptography standards that have proven resistant to both traditional and quantum computers.”

IBM understands the protective measures to be taken as well as it understands the threat itself, as the company has been among the pioneers in developing quantum computers over the last decade. Some might wonder, “If quantum computers present such a threat, maybe we should not continue their development,” but that is not an option, as these computers also could be invaluable to helping to solve many global industrial and social problems that previously have been viewed as too intractable to address, due among things to the inability of classical computers to compute all of the possible variables in play in a reasonable time.

“Regarding the advancement of quantum computers, there is incredible progress being made in how the technology could be applied in healthcare and life sciences; finance; materials development; logistics; and other fields with today’s utility-scale systems,” Seiler said. “And our roadmap through the end of the decade to achieve error-corrected quantum systems will be applied to the pressing challenges in these and other domains.”

Quantum computing, like almost all of classical computing, also is beginning to converge with AI. While AI will be used in the coming years to make quantum computers easier to program and manage, and ultimately more useful, the intersection of these technologies also presents a heightened threat, according to Chris Hickman, chief security officer at Keyfactor, a cybersecurity software firm.

“While Q-day [shorthand for the date by which a quantum computer will be powerful enough to break current encryption] may seem years away, security leaders need to keep in mind that AI capabilities increase the need to transition to PQC algorithms,” he said via email. “Attackers will leverage the speed of AI to get that much closer to breaking encryption and, in many cases, steal valuable and sensitive data now to decrypt in the future, including personal information, trade secrets, and national security information, wreaking havoc on the long-term security of and trust in the entities that we rely on for our digital world to operate. The confluence of these two events means the world is now racing against an unknown timeline and opponent to secure [or break] encryption.”

Ultimately, the implementation of PQC standard algorithms should be viewed as another layer of protection in a multi-layer security approach, and part of a broader effort to get organizations that leverage public key infrastructure (PKI)–the hardware, software, and policies that support encryption–to become more crypto-agile, or able to manage and switch between protection measures as necessary.

David Hook, vice president of software engineering & Crypto Workshop at Keyfactor, said, “Coupled with the application of crypto-agility, use of the new algorithms will be a necessary part of future-proofing public key infrastructure systems to ensure long-term resiliency. PKI represents the cornerstone of systems that rely on secure digital identities and the exchange of encrypted data and these algorithms represent a major advance for supporting both areas.”

Where to begin

So, now that an initial set of PQC standards–likely the first of many–have been published, where should organizations looking to leverage these algorithms begin?

A large number of big and small companies, veterans and start-ups, many of whom have worked in cybersecurity for years, while others among them are newer quantum specialists, have been advising that conducting an assessment of all the cryptographic assets and cryptography technologies used across an entire enterprise is a huge part of the coming transition. But, depending on the awareness level an organization has about PQC, that is not necessarily the starting point.

In fact, adopting PQC is not as simple as flipping a switch or downloading a patch–though some existing security hardware and software can be quickly upgraded. Hickman told Fierce Electronics, “While some hardware and software will be upgradable, others will not have the prerequisites for handling post quantum cryptography. While efforts will continue to reduce key sizes and complexities, older hardware and constrained devices such as sensors, IoT devices, and older network hardware may struggle with PQC. Software will require use of updated cryptographic libraries and all software/firmware will eventually need to be resigned using post-quantum digital signature.”

With that understood, organizations will need to put in some work to prepare for PQC.

“A migration to quantum-resistant cryptography (i.e., adopting the PQC algorithms) will be significant and, without proper planning, potentially disruptive to organizations,” Hickman said. “While there have been some great publications from NIST and CISA [The U.S. Cybersecurity and Infrastructure Security Agency], as well as other government agencies in Canada, EU, etc., they all share some common advice to plan for the migrations.”

In Hickman’s words, the process of preparing for the PQC trabsisition includes the following:

  • Education – This is a complex area as it relates to PKI in particular and, while this is not a specific step, it is critical as organizations look to learn about the PQC and the impact this will have on PKI, SSL/TLS, signing, etc. There are significant differences with respect to key sizes, operations times, and function that having a good foundation of knowledge will help in a successful transition.

     

  • Cryptographic inventory – Simply put, you can’t change what you don’t know exists in your infrastructure and organization. Very few organizations have a full inventory of what cryptographic assets exist in their organizations. Cryptographic assets go beyond just keys and certificates and also take into account cryptographic libraries, inventory of roots of trust, and any embedded cryptographic functions.

 

  • Data risks – Not all data is equal, and some may hold greater risk to the organization than others. It is important to understand the data is being stolen today for decryption once a cryptographically-relevant computer (one that can break traditional algorithms like RSA) is available. Therefore, it is safe to assume that no data is currently safe. Evaluating the “shelf life” of the data and the organizational impact of it being decrypted will help to establish the priorities from adoption of PQC as it relates to systems and applications that need to migrate sooner than later.  

 

  • Engage vendors – The entire supply chain of an organization will need to be assessed for post-quantum readiness. This includes hardware, software suppliers, cloud service providers, operating systems, etc. Now is a good time to start the conversation with those vendors to ensure they have a roadmap and implementation timelines that line up to your business requirement. Organizations will only be as strong as the weakest link in its supply chain, so it is important to evaluate and identify potential changes in the supply chain that may need to happen.

     

  • Transition – Once the above has been properly planned, evaluated, and tested, organizations can begin the transition to PQC.