The anticipated advent of quantum computing will have a devastating impact on existing modes of asymmetric data encryption. It’s likely that within the next few years, quantum-capable entities will gain the ability to decrypt virtually every secret possessed by individuals, governments and private industry where asymmetric encryption algorithms such as RSA, Finite Field Diffie-Hellman, and Elliptic Curve Diffie-Hellman have been used for protection.
The looming failure of today’s encryption is an alarming prospect and yet the government and various standards bodies require a greater sense of urgency which an existential event like this demands. With the steal-now-decrypt-later (SNDL) threat from quantum, there is a compelling need for solutions that can be deployed today. If history is any indicator, the critical problem we currently face is that the cycle time for migrating to new post-quantum resistant encryption algorithms and related standards will be too long to mitigate the danger posed by the oncoming quantum threat. Quantum computers, which are expected to become viable in the next few years, use subatomic particles and quantum mechanics to perform calculations faster than today’s fastest conventional supercomputers. With this computing power comes the ability to crack encryption methods that are based on factoring large prime numbers. An algorithm introduced by Peter Shor back in 1994 provides a method for the factorization of these large prime numbers in polynomial time instead of exponential time with the use of a quantum computer. What this means to us is that while a conventional computer might take trillions of years to break a 2,048-bit asymmetric encryption key, a quantum computer powered by 4,099 quantum bits, or “qubits,” using Shor’s algorithm would need approximately 10 seconds to accomplish the task. We don’t have a decade for 30 revisions on the standard to get this right, as we have seen from previous standardization efforts.
It may be comforting to think that because quantum computers of a crypto-logically significant scale don’t exist yet, there is nothing to worry about today. However, this idea is a mistake for two reasons. First, quantum computing is advancing at a faster pace than anyone previously contemplated. Second, malicious actors can steal encrypted data today and decrypt it with a quantum computer when quantum computers become available. This is the SNDL threat highlighted above. Banks use quantum-vulnerable public key exchange to validate your account access, as do health providers transmitting digital health records, as well as the IRS when e-filing your taxes. Even VPNs and the core infrastructure (routers and network switches) implement quantum-vulnerable key exchanges when using IPSec and MacSec protocols. Once quantum computing comes on-line, a bad actor can discover the private keys associated with these public keys and the contents of wallets, records and accounts will become available to the attacker.
Users need a simple control plane that enables them to select any crypto library they desire to defend against these evolving quantum threats. Additionally, many nations are developing post-quantum resistant algorithms and may not want to wait on NIST to standardize an algorithm or certify an implementation and need a solution that provides them with the agility to employ the post-quantum cryptographic algorithms of their choice – in effect, a bring your own algorithms (BYOA) approach.
Agility allows us to future-proof systems against both novel cryptanalysis and implementation errors. It shortens the time between the demonstration of a vulnerability in an algorithm, implementation, or protocol, and the patching or upgrading of all applications and services affected by the vulnerability. Agility enables the transition to more efficient algorithms or implementations. Quickly eliminating vulnerable algorithm implementations calls for the capability to access different implementation libraries for the same algorithm and enable “fall back” and switching to other algorithms. For example, a software library may implement an algorithm in a way which is vulnerable to attack. KyberSlash1 and KyberSlash2 impacted the implementation of the Kyber algorithm in all but six of 22 popular crypto libraries. It took more than 90 days to patch the vulnerable implementations on most of the affected libraries. A crypto-agile solution should enable an organization to move easily and rapidly between implementations – otherwise the entire security posture and data of the enterprise is compromised.
New quantum secure encryption methods with crypto-agility functionality have been developed and can be deployed immediately. The challenge is to make them work with existing encryption algorithms and protocols while enabling crypto-agility to stay ahead of the pacing threat without having to rip-and-replace the existing infrastructure. After all, it is impossible for every system to upgrade its encryption algorithms all at once.
Ad