Quantum computing is reshaping our world and will revolutionize many industries, including materials science, life sciences, transportation, and energy. Google recently demonstrated the power of quantum computers by solving a problem in seconds that today’s supercomputers require nearly 50 years to solve.
There is, however, a dark side to quantum computers. Many experts predict that, within the next 7 to 10 years, quantum computers will break RSA and ECC encryption. RSA and ECC are public key encryption algorithms that underpin the security for virtually all cybersecurity systems, applications, and protocols. They provide security for credit card transactions, online banking, medical devices, connected cars, and many other systems.
There is plenty of time to address this problem; after all we have around a decade before quantum computers can break these algorithms. Companies must start preparing to ensure they are protected once a sufficiently advanced quantum computer has been developed.
Post-quantum cryptography (PQC)
While quantum computers are high-speed at specific problems, they are relatively weak at solving other problems. But, they can quickly factor large prime numbers and solve elliptic curve discrete logarithm problems, allowing them to break RSA and ECC encryption.
NIST, the US National Institute of Standards and Technology, is leading a process to create and standardize new encryption algorithms to replace RSA and ECC. The new algorithms rely on mathematical approaches that are not easily broken by quantum or classical computers. NIST has standardized two algorithms for code signing and has released draft standards for 3 new PQC algorithms for Digital Signature and KEMs/Encryption use cases.
PQC migration urgency
There are several reasons companies can begin planning their migration to PQC now. First, replacing today’s public key encryption algorithms is a monumental undertaking. This list of items to be updated includes:
- PKI solutions
- protocol implementations
- hardware crypto implementations in servers, PCs, smartphones, and other devices
- software crypto libraries
- all the applications and systems utilizing these crypto libraries and hardware accelerators
Migrating to PQC requires significant planning, development, testing, and coordination with suppliers and partners.
Store Now, Decrypt Later attacks
There is no question that adversaries are currently capturing data to decrypt it once a quantum computer is available that can break RSA and ECC. These attacks are called “Store Now, Decrypt Later” or “Harvest Now, Decrypt Later” attacks. This is a very real and current threat for any organization with data that must be kept secure beyond the 2030-2033 timeframe.
Hackers can record TLS sessions now and later break the RSA or ECC-based key exchange to extract the AES key used to encrypt session traffic. They can then decode the data transmitted during the session using the AES key. While much of the information transmitted today will not be valuable in 10 years, some information has a much longer data protection period. Corporate trade secrets, national security information, and other sensitive information must be protected for decades to come. This information is already at risk from quantum computing attacks.
CNSA 2.0 requirements
Now that PQC standards are maturing, governments are beginning to mandate the migration to PQC algorithms. In December of 2022, US President Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act which mandates timelines for moving government systems to PQC algorithms. In September of 2022, the NSA announced the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0). CNSA 2.0 mandates timeliness for migration to PQC algorithms for all National Security Systems, creating urgency to companies selling solutions to the US government. These mandates require adoption of PQC algorithms as early as 2025 for many systems and use cases.
PQC migration planning
Enterprises need to act now by preparing to migrate their systems to PQC. Migration will be a multi-step process and will require several years to complete. A high-level PQC migration roadmap will address:
- Education
- Inventory of crypto assets (applications, servers, libraries, certificates, etc.)
- Evaluation of risk and prioritization of systems to migrate to PQC
- Migration plan for internal systems
- Migration plan for 3rd party and vendor solutions
- Implementation
- Testing
- Timelines for all activities
Crypto discovery and PQC migration planning
One of the first steps for any company developing a PQC migration roadmap is to create an inventory of where and how cryptography is used in their organization. For an organization of any scale, this requires a crypto discovery tool that can monitor network traffic and detect what encryption algorithms are used, who is using them, and how they are configured. Once the crypto inventory is complete, companies can begin planning how they will migrate these systems to PQC algorithms.
In some cases, companies must work with partners and suppliers to coordinate the migration to PQC algorithms. If the cryptographic processing is integrated into a system from a vendor, that vendor will have to provide an update or new system that supports PQC. In cases where the company maintains the software implementing RSA or ECC, they will be able to update new encryption algorithms themselves. That, of course, requires sourcing updated encryption libraries that support the new algorithms.
This process also requires careful coordination. Whenever encrypted data is shared between systems, processes, or applications, both ends of the system must be updated simultaneously.