Despite large scale quantum computing being several years away from being a practical reality, government experts are deservedly concerned about the cybersecurity implications today. The sooner an organization can lay the foundation for quantum cybersecurity, the better equipped it will be when bad actors start adding quantum hacking to their arsenal.
This was underscored in May 2022, when the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems (NSM 10) provided requirements and timelines for quantum-resistant cryptography. In announcing the memo, President Joe Biden noted that “America must start the lengthy process of updating our IT infrastructure today to protect against this quantum computing threat tomorrow.”
The memo continued by underscoring that “central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards.”
The concern for more immediate action in cryptographic agility is understandable. Even if a quantum computer is a decade away, bad actors can take note of potential vulnerabilities now, and exploit them later.
Today’s non-PQ (post-quantum) encryption absolutely will break (or be broken) in the future, affecting security features such as authentication, code-signing and digital signatures. If hackers can break the algorithm for the private key, they can, for example, impersonate the software update channel. What happens if an adversary gains the capability to “update” the firmware within an agency’s IT infrastructure?
The quantum challenge: Data’s necessary expiration date
Today’s encrypted data has an expiration date. All data that is encrypted today using classic PKI-based cryptography is quantum vulnerable, with little if any protection against potential vulnerabilities that may become apparent later. Meanwhile, however, all of that data also has a timespan for which it must remain secure.
The data we encrypt today is already decaying, because its risk of exposure increases over time. When data encrypted data using current algorithms is transmitted over the network it becomes vulnerable to interception. Anyone with access to that data through surveillance, eavesdropping or hacking can harvest the data and store it until such a time that a quantum computer can decrypt it.
So what is there to do?
Recommended quantum safe transition strategy
When preparing for a quantum-safe encryption strategy, there are four things to keep in mind:
1. Quantum is coming. National Security Memo 10 emphasized the United States’ commitment to continued technological and scientific leadership in quantum computing. Alongside the potential benefits of quantum computing are the acknowledged risks to the economy and national security since quantum computing will make PKI-based classic cryptography obsolete. The National Institute of Standards and Technology recently concluded a six-year effort and announced its selection of four quantum-safe algorithms designed to resist attacks from future quantum computers.
2. Know your risks. As already explained, long-term data is at risk to harvesting and early attacks. IT managers and other network professionals must assess their organizations’ use of vulnerable cryptography, the expiration date of their encrypted data and the crypto maturity of their IT infrastructure.
Several sources are available to explain risks and to plan ahead. NIST offers a publication titled “Getting Ready for Post-Quantum Cryptography” to help monitor standards development and perform risk assessment of where public-key crypto may be used in the infrastructure. It’s essential to understand whether a network’s equipment is crypto-agile.
The National Cybersecurity Center of Excellence has recently launched its “Migration to Post Quantum Cryptography” Project. Understanding that replacement of cryptographic algorithms is both technically and logistically challenging, the NCCoE is undertaking a practical demonstration of technology and tools that can provide a head start on executing a migration roadmap in collaboration with a public and private sector community.
Another excellent source of information is the National Security Agency’s Post-Quantum Cryptography FAQ, which provides an excellent summary on the subject.
3. Focus on crypto-agility. Flexible upgradeable technology and a hybrid approach of classic and quantum-resistant crypto solutions is essential.
Remember that crypto-agility is not about quantum; it’s about being able to face the reality that all algorithms fail with time. Many systems today make it difficult to rotate keys, to choose different sizes/parameters and to change mechanisms or key algorithms. These are all required for protocols to be versioned, negotiated and fail-safe when presented with unknown options. They are essential for crypto-agility, and it’s important to work with providers with solutions that embrace those needs.
4. Start today. Preparation cannot be understated, which is why National Security Memo 10 made a point of it. Organizations must begin to design a quantum-resistant architecture today to protect against the emerging quantum threat. With IT infrastructure equipment often being deployed for years or decades without hardware replacement, it is important to make sure currently deployed hardware was developed with crypto-agility principles in mind and to deploy software or firmware updates once post-quantum crypto algorithms and protocols are standardized. It is also important to check with equipment providers to see what beta or technology preview firmware they have available for testing in non-production systems that implements pre-standardized quantum-resistant cryptographic algorithms. Testing will help identify performance or interoperability issues early and provide time to address the issues and mitigate the identified risks.
Developing a quantum safe strategy must focus on understanding what data is at risk and mitigating this risk by deploying crypto agile solutions as we await finalization of post quantum crypto standards. Agencies should get started today so their strategy is in place well before large scale quantum computers are readily available.
Bill Becker is CTO of Thales Trusted Cyber Technologies.