Quantum computers are changing the cryptography rules
Under Data Encryption, the CISA Zero Trust Maturity Model v2.0 cites the criticality of “cryptographic agility” on the third (out of four) level of maturity. Cryptographic agility is the ability to change the underlying cryptographic algorithms in applications and communications channels. I believe this highlights the importance for organizations to be able to pivot their encryption algorithms to a post-quantum cryptographic world. As quantum computing becomes more widely available, the ability to crack strong encryption becomes weaker.
In August 2016, NIST published a request for comment on requirements and criteria for submission for nominations for Public-key Post-quantum Cryptographic (PQC) Algorithms. That means that 7 years ago, the hunt for a PQC started. In 2024, this is expected to be finalized. However, there are steps that organizations should be taking now to prepare for this. To understand why PQC is so important, it is important to follow the evolution of public-key cryptography.
Public-key cryptography
Public-key cryptography is what allows secure connections such as over the Internet. Without these secure connections, there would be no online banking, shopping, or private messaging. Public-key cryptography relies on algorithms that are essentially unbreakable with today’s technology.
This wasn’t always the case. Due to increasingly more powerful computers, older algorithms became more susceptible to brute-force attacks. For instance, RC5-64 was cracked in just under 5 years using 2002 technology --that’s essentially an Intel Pentium II running Windows NT-- with groups of people donating personal computer cycles. Comparing current technology vs. 2002, we can just throw so much processing power, including renting from a cloud provide, that the auto-generated summary from that comparison link is astonishing:
“In single core, the difference is 8100%. In multi-core, the difference in terms of gap is 42425%.”
This is one of the reasons we moved from SSL to TLS1.0 and have continued to advance to TLS1.3. Older legacy algorithms become deprecated and are no longer in use.
Public-key cryptography isn’t just used for web servers for SSL/TLS. They are used to secure email, SSH/SFTP connections, digital signatures, Cryptocurrencies, and anywhere PKI (Public Key Infrastructure) is used including Microsoft Active Directory. If the current set of algorithms can be breached via brute force attack, the Internet could collapse, and this would have a devastating effect on the global economy and even reduce the effectiveness of military communications.
Fortunately, with many current “classical” technologies, we have been able to add more bits in algorithms to make them more difficult, making brute force attacks harder over time. For instance, SHA-2 went from 224 to 256 to 384 all the way to 512 before being largely replaced by SHA-3, which is more secure with same number of bits. At least, this was the path forward before quantum computing became a new viable way to crack these legacy algorithms.
What is a quantum computer?
You may be familiar with Diffie-Hellman key exchange, the RSA (Rivest-Shamir-Adleman) cryptosystem, and elliptic curve cryptosystems currently in use today. The security of these depends on the difficulty of certain number theoretic problems such as Integer Factorization or the Discrete Log Problem over various groups.
In 1994, Shor's algorithm was developed that could efficiently solve each of these technologies. However, this algorithm relied on a completely different architecture: quantum computers. In the last 29 years, work has progressed to not only create new quantum algorithms but the actual hardware to run them on (initial quantum computers were emulated using classical computers and very slow). Recently, Google has developed a 70-qubit quantum computer. A qubit is the quantum computer equivalent of classical computer 1’s and 0’s, and more qubits mean a more powerful system. This Google system called the Sycamore Quantum Computer can solve a complex benchmark in a few seconds. The world's current fastest classical supercomputer, called Frontier from Hewlett Packard, would take 47 years on that same benchmark.
While this is a highly specific test, it did demonstrate “quantum supremacy”: that quantum computers can outpace classical computing systems. If you are not concerned because these computers are expensive, know that cloud providers already have offerings you can use today: Azure Quantum, IBM and AWS Braket let you rent time at under $100 an hour. Google Quantum Computing Service appears to only allow access from an approved list, not (yet) giving access to the public. Recently. the Gemini Mine, which is a 2-qubit quantum computer, became available to buy directly for about $5,000. This is not a powerful machine but could be used to invisibly develop and test malicious quantum software.
However, the future is clear: Quantum computing breaks the current cryptographic algorithms.
What is a PQC and why do I need to use it?
Post-quantum Cryptography (PQC) is based on algorithms that will resist both classical and quantum computers. Since the current algorithms are not PQC, they are going to be targeted by bad actors and anything using them will no longer be effectively encrypted.
While quantum computers are still in their infancy, you might think that you can sit back and then when they go mainstream, simply move to a PQC algorithm when the risk becomes high enough. However, there is a need to move to a PQC as soon as possible: any encrypted data such as internet transmissions can be stored, and then later decrypted. Organizations must assume that anything using current encryption algorithms should be treated as cleartext.
Using PQC will then establish a line in the sand: even if transmissions are recorded or encrypted drives are stolen, they will not be able to be decrypted by quantum computers or classical supercomputers. Backups using old algorithms? Assume they are cleartext and erase them. Any secrets that were sent over the internet? Assume they are now in the public domain.
While governments have long isolated communications channels so even encrypted communications are hard to sniff, most private organizations do not - and should strive to move to PQC as soon as possible.
Table 1 from NIST IR 8105 shows the most popular cryptographic algorithms and the impact quantum computers will have on them.
NOTE: This was published in April 2016.
How should my organization prepare?
Although a PQC algorithm isn’t expected until 2024, organizations should prepare and take steps to make the migration a quick process:
- Inventory all cryptographic algorithms currently in use.
- What systems are used?
- Is this data at rest or in transmission?
- Prioritize this inventory so that when your organization needs to implement it, the high-risk resources are addressed first - such as Internet-facing systems or systems that house your most sensitive data.
- Document for each system type the process required to modify the in-use algorithm.
- Do we need to increase the key length (AES and SHA2 or SHA-3) or replace the algorithm entirely (RSA, ECDSA, ECDH, DSA)
- System updates or PQC algorithm installation
- Configuration file modification
- Restarting essential services
- Testing process to ensure PQC algorithms are preferred/prioritized between systems when they are negotiating which algorithm to use.
- Review your supply chain and understand where you need third parties to deliver PQC.
- For instance, if you are running accounting software SaaS, you want to be able to connect to it from your workstation securely. You are reliant on that SaaS to support PQC and should be asking for that as soon as possible. Depending on the risk profile, you may want to address that in any contractual negotiations to help ensure it happens.
These preparation steps should either be added to your normal governance processes or made into a project. Decide if you can use internal resources or if you should bring in a third party like AT&T Cybersecurity to help. In any case, make sure this is on your radar like it now is on mine. Once post-quantum cryptographic algorithms become available, all organizations should be looking to implement them.
Resources to learn more:
DHS: Preparing for Post-Quantum Cryptography Infographic (dhs.gov)
NIST: Report on Post-Quantum Cryptography (nist.gov)
CISA: Quantum-Readiness: Migration to Post-Quantum Cryptography (cisa.gov)
NSA: The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ (defense.gov)