The premise of quantum threat
Quantum computers promise the potential to solve complex problems considered intractable for classical computers. The power of quantum computers comes from the usage of quantum principles to solve computation problems. The anticipated applications are in the domains of optimization, simulation, machine learning, solving differential equations, and more. These computers are expected to have the potential to solve some major challenges in industry and society and to aid in the discovery of new drugs, development of new materials for batteries and solar systems, optimization of supply chains and production lines, and more.
However, this great power comes with a great threat, which is the potential ability of quantum computers to crack some of the major public key cryptographic systems in use today. Actors with malicious intent could potentially break the security of enterprise applications, disturb or even damage public services and utility infrastructure, disrupt financial transactions, and compromise personal data.
Increased global attention to post-quantum security and key announcements
Considering the seriousness of the threat, industries, governments, and standard bodies have started working towards defining systems that will be secure and resistant to the threats posed by the arrival of large, powerful quantum computers. These are the post-quantum cryptographic systems.
But today's quantum computers are still rudimentary in their capabilities. It's estimated by industry experts surveyed by the World Economic Forum that it will take ten years or more for the development of quantum computers powerful enough to break the current security algorithms. The first question that comes to our mind is - why the urgency and so much noise around the topic?
One of the key reasons is that actors with malicious intent could capture and store the encrypted data flowing over the Internet and could decrypt this stored data when large-scale quantum computers become available. This "store now and decrypt later" strategy has become a serious and imminent threat, especially to systems carrying data that has a valid life beyond the anticipated ten years. These systems need to be upgraded now with quantum-safe cryptographic components.
Considering the vast nature of this challenge, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has initiated the process of post-quantum cryptography (PQC) standardization to select public-key cryptographic algorithms to protect information even after the large-scale availability of quantum computers. According to the Capgemini Research Institute's report published in April 2022, a large number of organizations (58%) are waiting for standards to emerge before prioritizing quantum security as part of their investments.
But three important global developments in the recent past have increased the focus on quantum technologies and the need for mitigating the associated risks to vulnerable cryptographic systems. They are:
Issue of National Security Memorandum, which highlighted the need to maintain a competitive advantage in quantum technologies and also mitigate the risks to a nation's cyber, economic, and national security;
Commitment to intensify and elevate cooperation among G7 members and partner countries to deploy quantum-resistant cryptography to secure interoperability between ICT systems;
NIST's announcement of the selection of the first four quantum-resistant cryptography algorithms.
The four selected algorithms are expected to become part of the highly anticipated NIST standards for post-quantum cryptography in a couple of years, likely in 2024. As the announcement makes clear, these algorithms are designed for two main encryption tasks - the first is general encryption to protect information exchanged over public networks, and the second is digital signatures to authenticate/verify identities. Our blog, "NIST announces four post-quantum crypto finalists. What happened?" provides more information.
So, what should an organization do now?
Should they immediately start implementing the algorithms and replace the vulnerable components in their IT and OT systems, continue to wait until the official publication of international standards in the next two years, or wait until the threat becomes a reality when these powerful quantum computers are operational?
Well, in our view, the answer lies somewhere in between these options. While continuing to wait may not be the best choice an organization could make, especially considering the store-now-and-decrypt-later risks, going ahead with a full-blown project implementing the migration of all the systems to quantum-safe is neither cost effective nor wise. So, what is the recommended call to action?
Crypto agility could hold the key
The answer, in our view, is crypto agility for post-quantum and beyond. It is the proactive design of information security protocols and standards in such a way that they can support multiple cryptographic primitives and algorithms at the same time, with the primary goal of enabling rapid adaptations of new cryptographic primitives and algorithms without making disruptive changes to the system's infrastructure.
If organizations are to achieve a position in which they are equipped to rapidly adapt, mitigate, and handle any security challenges arising due to vulnerabilities of the cryptosystems in post-quantum and beyond in the most optimized manner, they will need to put in place certain processes and systems.
We would recommend the following:
The first step is for the leadership to initiate a program with clearly defined objectives of achieving post-quantum crypto agility and to establish the collaboration teams within the organization and with the external ecosystem for required solutions, skills, and capabilities. It is also important to start educating key personnel of the organization on PQC and its implications.
Initiate a process to gather information across the organization with details of all the systems and applications that are using public-key cryptography and details of the most sensitive and critical datasets (both data-at-rest and data-in-motion) to be protected for long time periods. The factors affecting the whole process are multi-dimensional (which needs separate discussion).
Start experimenting with the new algorithms announced by NIST to get an understanding of the impact and challenges involved in the quantum-safe migration path. Start building an initial framework for the target state architecture of the overall system.
Prepare a roadmap for post-quantum safe migration based on the multi-dimensional analysis and prioritization of datasets requiring protection and systems and applications using vulnerable cryptographic systems.
Perform further analysis on the interdependencies of systems to decide the sequence of migration and initiate the process of identifying and evaluating sources for components, solutions, and services to implement the migration plan, not forgetting to develop a plan for testing and validation of the successful implementation of the migration.
Organizations following these steps will be better positioned to handle the PQC challenge more effectively. Not adopting such an approach could lead to issues such as:
Execution of migration projects in silos leading to integration challenges
Breaking the functionality of systems due to partial migration of components
Higher costs than optimally required and
Increased complexity and unpredictable refactoring every time we discover something new to be addressed.
These issues can lead to reduced confidence in the migration, and so the whole process can be quite challenging, expensive, time consuming, and risky, depending on the complexity and size of the systems in the organization. So, we recommend to our clients to start the process sooner rather than later, at least to understand where they stand in their journey and to estimate the potential size of the migration journey in terms of both time and costs. In summary, we believe organizations should not wait and start now, taking steps to achieve critical crypto agility across their business.
Authors: Jérôme Desbonnet and Gireesh Kumar Neelakantaiah