In the past few decades, the field of cryptography has developed from an obscure set of rudimentary “scrambling” techniques into a mature, formal science. Along with better cryptographic techniques, more advanced cryptanalysis tools and technologies have evolved as well. One of them derives from quantum computing and threatens the very foundations of the security guarantees cryptography strives to offer.
David Joseph is a research scientist from the UK working for SandboxAQ, has outlined to Digital Journal Post Quantum Computing and steps that must be taken to ensure cybersecurity cannot be penetrated.
Joseph indicates that cryptography has advanced in recent years and society has benefited from this: “Systems have come to rely on cryptography to enforce policies on data and ensure properties such as authentication, confidentiality, and integrity are met. Cryptography is now present in some form in virtually all electronic communications, such as email, web browsing, instant messaging, and many other applications.”
However, a challenge to established cryptography norms comes from quantum computers. These are, finds Joseph: “expected to break modern public key cryptography within the next five to fifteen years, due to their ability to factorize integers efficiently – an intractable problem using today’s classical computers.”
This means: “By the time large quantum computers are built, many of our present cryptosystems, based on factoring numbers, will have been broken. As a result, these cryptosystems must be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC). While five to fifteen years seems like a long way off, enterprises need to start planning for this transition now because of the enormous amount of resources and time needed to fully migrate.”
Joseph indicates this will be a major undertaking: “It will require updating around 20 billion connected devices with new quantum-resistant protocols, and incorporating PQC algorithms into existing and future designs. Beyond that, the workforce currently able to contribute to this migration process is small and specialized, and likely will be in high demand globally. Until that workforce expands, enterprises will have to prioritize which systems and cryptographic schemes are at high risk for quantum-based attacks, and take steps to protect themselves.”
Joseph warns: “The decision to take a wait-and-see approach – or at least to wait until standards have been solidified and protocols have been updated – is ill-advised, as adversaries are already preparing for the quantum era.”
As to how the quantum advance might happen, Joseph considers: “One of the most important arguments for accelerating the PQC transition relates to Store-Now- Decrypt-Later (SNDL) attacks, which pose a current threat to any information that is (or was) encrypted as a result of using quantum-vulnerable cryptography. Such data, which is often transmitted over the public internet, can be harvested, stored indefinitely, and then decrypted in the future once the adversary has access to a large, fault-tolerant quantum computer.”
Expanding upon this: “Another reason to initiate the transition to PQC now relates to “far horizon” projects, which are being planned or designed now and have long lifespans and, oftentimes, immutable, application-specific hardware. Vehicles are a good example – many cars, planes, trains and ships in production now are expected to be in service for multiple decades. Security-conscious designers may implement future-proof modules that allow cryptosystems to be updated in a seamless and efficient manner.”
There are other points of concern, says Joseph: “An even greater threat will come when quantum computers reach a state of advancement such that adversaries can forge digital signatures (for quantum-vulnerable cryptosystems) in real-time. When this occurs, even the most secure businesses, institutions, and government entities that still rely on these protocols will become extremely vulnerable. The Flame exploit of 2012 enabled hackers to forge certificates for the Microsoft Windows Update Service by breaking the MD5 hash function, and this type of exploit gives a taste of the chaos that quantum attackers could reap in a world where quantum-vulnerable signature algorithms are still in widespread use.”
Joseph sees time as of the essence, and he raises the concern: “Waiting until NIST has published standards before taking action could expose organizations to an existential threat. NIST’s published PQC standards will not be available until 2024. Experts recommend that preparatory work ahead of the transition begin as soon as possible. The PQC transition will be considerably more complex, given the fact much of the cryptography is relatively new, and that the performance of many candidates is, in most cases, considerably worse than current algorithms. This migration also covers a wider and more complex scope than previous transitions, and the cost of failure is higher. As such, more planning, time, and resources should be allocated to this migration than for past migrations.”
Hybrid – the interim solution?
While waiting for technology to leap forwards, Joseph has identified some interim solutions. He explains these as: “Rather than directly replacing existing algorithms with post-quantum alternatives, the scientific community came up with a simple and effective approach consisting of combining a traditional and post-quantum algorithm into a single mechanism, known as ‘hybrid’. When done correctly, the overall system’s security is lower bounded by the stronger of the two cryptosystems composing the hybrid system. In other words, even if the PQC algorithm is later on identified as flawed, the security offered by the classical scheme is still guaranteed. In this way, security is only potentially increased – never decreased – which makes it an acceptable solution even for highly regulated organizations required to comply with the Federal Information Processing Standard (FIPS).”
In summary, Joseph advises: “Quantum computing brings with it great challenges to the field of cryptography. Adapting to the new era will require research and standardization from academia and government, as well as foresight and conscientious planning on the part of organizations to ensure that systems are crypto-agile, ready to transition to PQC with minimal cost and time. The best estimates put the death of integer factorization/discrete logarithm-based cryptography at five to fifteen years away, and so there is precious little time to act, especially considering that even today’s private data can be compromised by tomorrow’s quantum computers.”