The race for quantum-safe cryptography

Financial transactions, medical records, and national security secrets. The cornerstones of our digital world are closely safeguarded by intricate cryptographic systems. These systems, which have been the backbone of our digital security for decades, are integrated into every aspect of our lives. However, as we inch towards the era of practical quantum computing, these encryption methods are becoming increasingly vulnerable. Our cryptographic foundation is on the verge of becoming redundant, creating a pressing need for post-quantum cryptography.

At the core of classic cryptography are two mathematical challenges that computers find very difficult: factoring large numbers and the complex computation of discrete logarithms, writes Greg Wetmore, Vice President of Product Development at Entrust.

Take the RSA encryption algorithm, for example. With classical computers, breaking down a 200-digit number - a typical size for an RSA key -  is virtually impossible. In fact, it would take modern machines longer than the universe has existed to breach the 617 digit RSA-2048 encryption. However, a potent quantum computer could potentially solve this problem in a matter of days.

The good news is that preparing for post-quantum doesn’t only benefit companies in the future, keeping track of cryptographic assets and certificates is always a security best practice that will help security teams build resilience and increase their security posture.

The Quantum Threat

Despite the threat to our cryptographic framework, actively safeguarding enterprises from quantum computing is still met with scepticism. This is somewhat understandable after four decades of research and various false dawns. However, while fully-fledged quantum computers are still in their nascent stage, funding and development are gathering unprecedented momentum. Recently, there have been considerable advancements driven by tech giants, while national governments pour money into R&D. In March 2023, the UK announced a 10-year, £2.5bn funding initiative for quantum technology.

As each month unfolds, the quantum timeline becomes more defined. Predictions from the U.S. government suggest a quantum leap could become reality by the early to mid 2030s, and they are actively calling for organisations to take immediate action to begin the journey to quantum safe. Even if this turns out to be optimistic, the need for a transition to quantum-resistant algorithms remains. Quantum-proofing security infrastructures cannot be done at a click of a button, and is a full-scale project that will take years.

'Harvest Now, Decrypt Later'

CISOs at organisations possessing clearly defined security postures may believe that since quantum computing-enabled hacking is still a distant possibility, it doesn't require immediate attention. Yet, cyberattacks are already being staged in anticipation of quantum computing. This has given rise to the strategy of 'harvest now, decrypt later', where malicious actors steal encrypted data today, assuming that future quantum computers will be able to decipher present-day encryption protocols. Without enabling quantum-safe cryptography today, it's challenging to counteract this method. While there are measures in place to limit data access, such as specified access privileges and safeguards against data transfer through extensive networks or internet connections, the risk of future decryption remains unless post-quantum cryptography is utilised.

'Harvest now, decrypt later' is viewed sceptically by some, given the expense of storing vast amounts of data for lengthy periods in the hope that they will eventually be decryptable. However, if data such as national security documents and financial records hold significant long-term value for organisations, it's likely hackers or nation-states will have an equal motivation to acquire them. Therefore, post-quantum cryptography for these high-value assets is crucial. A number of organisations are already proposing a hybrid approach in the short term. This combines both post-quantum and conventional encryption, harnessing the advantages of both systems. Germany's Federal Office for Information Security (BSI) supports this tactic and encourages organisations to consider this route as early as possible.

Homomorphic Encryption and Privacy Enhancing Technologies

While transitioning to post-quantum cryptography is the most robust defence against impending threats, many organisations are also exploring emerging Privacy Enhancing Technologies (PETs) to reinforce their security frameworks. PETs constructed using traditional cryptographic elements like public key encryption carry the same vulnerabilities inherent in these earlier systems. Although PETs offer a host of promising applications, the current range is broad, experimental, and frequently designed for specific use cases.

Take Fully Homomorphic Encryption (FHE), for example. This is a form of encryption that allows computations to be conducted on encrypted data without the need for decryption first. This enables data to be encrypted and transferred to external environments for processing while remaining encrypted. Despite the potential of FHE, it may not be safe from quantum threats or immune to 'harvest now, decrypt later', if the system of record is still protected by existing encryption frameworks. Moreover, the computational demands of FHE currently render it impractical.

Another PET example is Zero Knowledge Proofs (ZKPs), a method enabling one party to demonstrate to another party the truth of a given statement, while revealing no additional information beyond the veracity of the statement. However, these are typically customised for particular use cases like decentralised identities and do not offer a comprehensive solution to quantum threats.

The progression of PETs as part of a macro trend towards data protection and increased public cybersecurity awareness  is promising. However, this should not distract from the primary objective of implementing quantum-resistant cryptography. PETs should be considered complementary to quantum-proofing, not a replacement.

Navigating the Post-Quantum Transition: Practical Steps

Transitioning to a post-quantum cryptographic environment requires comprehensive planning, rigorous testing, and meticulous execution. However, the roadmap towards a quantum-safe future is clearly defined.

Designate a Leader: The journey begins with designating a specific individual or team responsible for spearheading the transition effort. Their responsibilities will include setting a realistic and achievable timeline for the implementation of new protocols and systems, training staff, testing systems, and overseeing the full transition to the quantum-resistant algorithms.

Identify and Protect Sensitive Data: Once roles are established, the priority should be identifying and protecting the long-lived, highly sensitive data that are most vulnerable to quantum threats.

Inventory Cryptographic Assets: Next, organisations should conduct an exhaustive inventory of their cryptographic assets. This involves cataloguing vital components such as certificates, keys, secrets, and cryptographic algorithms.

Develop a Crypto-Agile Strategy: With this inventory in place, the next step is modernising the systems that manage these cryptographic assets. This entails developing a crypto-agile infrastructure capable of automating deployment and managing certificate lifecycles, thus keeping pace with the rapidly evolving cryptographic landscape.

Test and Plan the Migration: The final piece of the puzzle is to test and establish a post-quantum ready security infrastructure. Many of the algorithms are already able to be deployed, and some security vendors are beginning to offer early access to quantum-safe crypto in their products. Hence, it's important to continuously evaluate, test, and update your transition plan.

Strengthen now and in the future

Quantum computing is widely accepted as a question of 'when' rather than 'if'. CISOs that need to focus on immediate concerns, rather than distant futures, should take heart from the fact that transitioning to post-quantum will vastly improve your security posture across the board, addressing pressing issues like the risk of key expiration and uncertainties about data location. While we may not need to implement post-quantum encryption tomorrow, initiating the process is essential. The release of the NIST's first draft standards for quantum-resistant algorithms is a testament to our ability to resist the quantum threat.

By setting this transition in motion today, organisations can ensure they'll be prepared for the advent of quantum computing.

See also: HSBC joins BT, Toshiba's commercial Quantum Key Distribution network - but beware hackers with lasers