Today’s encryption algorithms, when pitted against quantum tools, will be considerably less resilient and leave huge amounts of data vulnerable as a result. Experts have been predicting that this may happen as soon as 2025 – a forecast which has remained the same since the 1970’s. But where billions of dollars of investments are being made to facilitate AI, accelerate new material research, data analysis and more, research into post-quantum cryptography is still growing.
Because of these risks, there are a number of ways cybersecurity researchers, vendors and experts are debating about how to approach this reality. There are already efforts to develop technology that is resistant to quantum hacking, and some academics are even looking to leverage quantum-based cryptographic systems as a more secure alternative than their conventional analogues. This current line of thinking is called “crypto agility” – and it encompasses the range of policies, technology and initiatives organizations must dedicate themselves to in becoming resilient against quantum computing.
Crypto agility for quantum resilience
Crypto agility, which stems from post-quantum cryptography (sometimes also called quantum-resilient encryption) combines both strategic and technological initiatives to ensure effectiveness. In practice, it recommends two lines of action:
- Temporary solution: Architect your products and infrastructure in such a way that you can run a classical and a quantum secure algorithm in parallel.
- Permanent solution: Architect your products and infrastructure in a way that combines 2 quantum-safe cryptographic methods.
The benefits of being crypto-agile include the ability to quickly respond and recover from a crypto-incident (wide-scale or targeted), your organization’s encrypted data is increasingly resilient even as algorithms become compromised, and the cryptography supporting the backbone of your organization is even more sustainable in the face of quantum computing.
The challenges of implementing crypto agility protocols, coupled with the fact that this is still a growing faction of research, means organizations will likely struggle to get it right initially. Current protocols are generally used throughout the organization, but under systems controlled by different branches of business. Crypto agility initiatives will challenge organizations to coordinate successfully across them all – whether that is 1,000 employees, 500 administrators and 200 systems. Outlining and implementing unique best practices, as well as choosing and deploying the best technology for their systems will not be quick decisions. But ultimately, future-proofing for a post-quantum world is not something businesses cannot afford to ignore.
Crypto against the clock
There are a few factors that can help businesses make some smart choices about when to kickstart their crypto agility plan. (Hint: sooner is always better than later.) For example, organizations that need to keep “secrets” or ensure data remains confidential for long periods of time should implement crypto agility as soon as possible. However, because a system’s overhaul can be so time-intensive, it’s increasingly likely that the recommended time to start is now, regardless of industry.
Depending on the cost of the crypto-agility update and the value of the assets to be secured, businesses may also want to invest time and money into testing the rollout to determine, for example, the efficacy of the new deployments and note any disruptions or hiccups throughout the process. Blackberry, for example, spent 5 years to move from the Triple DES algorithm to AES as their basis for data encryption – while they were in control of all devices and the server.
So, when do businesses need to begin their crypto agility initiatives to ensure their algorithms are viable against the quantum computer? By calculating, in years, the lifetime of the product or asset that needs to be secured, added to the amount of time needed for testing and roll out and estimating when new, safe algorithms will be available, businesses can work backwards from an estimated deadline.
Here is a brief guide for decision-making based on industry:
- government: With a lifetime of at least 30 years for IT infrastructure and 15 years for government-issued documents and passports, government entities should already be well on their way to crypto agility.
- automotive: As the vehicles on our roads become increasingly smart, even working towards becoming fully autonomous, it becomes critical that their systems remain quantum-resilient. Product life is upwards of 15 years and development time is nearly 6 years on average, crypto agility should be integrated at least 21 years ahead of quantum computing.
- energy: Like automotive, the energy industry is becoming smarter and more connected each day, effectively expanding the Industrial Internet of Things (IIoT). Energy and utilities organizations should integrate crypto agility based on the product lifetime of a smart meter ranging from 12-15 years.
- healthcare and Science: Connected medical devices such as remote vital signs monitors have a product lifetime of around 5 years, whereas medical records must be kept confidential for 5-10 years depending on location. Hospitals, insurers and device manufactures should be starting their crypto-agility initiatives 5-10 years – plus the time to takes to develop and test the product – ahead of quantum computing.
Before embarking on their crypto agility journey, it’s recommended that organizations compile a precise and detailed inventory of their cryptographic assets – where each and every key has been injected across IT infrastructures and where they are stored.
Once the organization has a clear picture of its cryptographic ecosystem, it can begin to define strict policies for employees to manage the keys. Key groups are implementing the activity needed to secure their systems within the framework of post-quantum cryptography (PQC). With roles dispersed across the organization, it can act much quicker and be more effective should any of its algorithms become compromised. Driving this “culture” of crypto agility will likely be the IT/security team.
When it comes to the technology implementation and designing crypto agility into the foundation of protocols, it’s often recommended to use stateful hash-based signatures, which are widely accepted as a strong quantum-secure option. This is especially true for code signing. Nearly all experts agree that this can be accomplished today with existing technology.
A hybrid approach – marrying both stateless and stateful schemes – is another option for organizations looking to maximize quantum-resilience. For a given environment, organizations will need to consider signature size, performance and implementation concerns when considering which scheme will be implemented where, leveraging the benefits of each depending on the use case.
NIST has held an open call for quantum-resistant cryptographic algorithms for new public-key crypto standards, including digital signatures and encryption/key-establishment. With submissions closed in late 2017, the group is planning on selecting one or more quantum-safe algorithms to standardize and implement on a wide variety of platforms and applications. It’s likely that this will become one of the highly endorsed quantum-resilient options, however, it’s not recommended for organizations to wait until this becomes available.
A stronger foundation
It’s no secret that crypto agility initiatives will be challenging, especially as entities and individuals across the globe work out PQC in real time. However, the threat of the quantum computer against current algorithms is too great to ignore. Without crypto agility in place, organizations’ cryptographic assets become their Achilles’ heel.