The journey to a more secure post-quantum future is gathering pace. In 2022, we have already seen the White House announcing two directives aimed at accelerating the quantum-proofing of IT infrastructure in federal agencies. Even more recently, the G7 committed to greater cooperation on the deployment of quantum-resistant cryptography to ensure secure interoperability between nations.
However, the biggest development came on July 6 when the National Institute of Standards and Technology (NIST) announced that it had selected four candidates to replace our current public-key cryptographic (PKC) standards, RSA and Elliptic Curve.
NIST has chosen CRYSTALS-Kyber for general encryption and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures, as well as advancing four other candidates for additional scrutiny, including the ultra-secure Classic McEliece. Whereas current PKC standards can be used for encryption and data signing, post-quantum algorithms cannot, which means that they will replace existing PKC with a pair of different algorithms.
This competition, which has been running since 2016, is a milestone moment in the global effort to ensure enterprises and governments are shielded from the biggest existential threat facing the security community. But why should you care?
Why Does NIST’s Decision Matter?
It has been theoretically proven that as quantum computers develop, they will be able to break today’s PKC, which safeguards virtually all data flowing over networks today. Everything we do, from online banking to e-commerce to emails, is protected by PKC and will be broken when a sufficiently powerful and functioning quantum computer merges.
There is still some debate on timing as to when this day will arrive, but if we simply focus on the potential for a cryptographically relevant quantum computer (CRQC) to emerge – one that has the power to do code-breaking under lab conditions, not a commercially-relevant one – it’s less than a decade away.
Even if that doesn’t convince you, there is still a risk today in the form of harvest now, decrypt later (HNDL) attacks. That is, cyber-criminals and adversaries today are harvesting sensitive data with a long shelf life – such as state secrets or intellectual property – which they will then be able to decrypt once they have a sufficiently powerful quantum computer.
What Steps Should You Now Be Taking Post-NIST?
NIST’s decision, therefore, is a crucial step in protecting against both the threat of future code breaking and existing HNDL attacks. There is still some way to go, with these algorithms needing to pass the final round of the standardization process, estimated to be completed in 2024.
Once they become standardized, it is expected and encouraged that they will widely be adopted and implemented by industry and around the world. So, is there anything you can be doing now? Should you be focusing on planning your migration now and assessing your data security needs?
Here are my recommendations for enterprises finding themselves asking these questions:
1. Undertake a Comprehensive Audit
The first and most important step is undertaking a comprehensive crypto audit. This means taking stock of where PKC is currently in use today and building a comprehensive crypto inventory. This will allow you to understand where your high-value assets are and the potential impact a CRQC might have on your systems.
This needs to be undertaken by a defined team with significant resources – not by a few individuals alongside their existing roles. Just as would be the case with any large IT program or project, you will need a dedicated team with the right skills and resources to ensure success.
2. Look for Partners That Practice Hybridization and Crypto-Agility
The use cases where encryption is needed vary across industries and sectors, so adopting a hybrid approach – where different algorithms can be used regardless of the solutions – will give you greater flexibility. This is particularly the case with algorithms being analyzed in a fourth round having the potential to also become future standards, with some potentially being more appropriate for high-security use cases.
It’s also vital to choose partners that practice crypto-agility, particularly if you want to move quickly. Crypto-agility means using solutions that keep the tried and tested classical cryptography we use today, like RSA, alongside one or more post-quantum algorithms. Taking this approach offers greater assurance against both traditional attacks and future threats – it’s a simple board decision to make for any company as it does not compromise the current level of security.
3. Explore Use Cases for New Algorithms
Finally, once you’ve established where your PKC is used and the areas you are most at risk, it’s also possible to explore the potential use cases for different devices, deciding which algorithms can be used and what parameters are needed.
The momentum that has been gained in recent months has been promising, and businesses now have the tools they need to begin thinking about migrating to new post-quantum standards. With the threat of HNDL on the doorstep, there is no longer any excuse for lack of action – the migration needs to begin today.