In July, the National Institute of Standards and Technology (NIST) announced the first batch of four new post-quantum encryption algorithms designed to defend against attacks from future quantum computers that could break today’s encryption techniques. Other algorithms remain under consideration for future inclusion in NIST’s post-quantum encryption standard, which the institute expects to finalize within two years.
In an interview with The New Stack, Torsten Staab, Ph.D., a senior engineering fellow at Raytheon Intelligence & Space, said NIST’s announcement highlights the need to prepare for Quantum Day, or Q-Day, when quantum computers become powerful enough to break the asymmetric encryption of ‘today. “If you do indeed have a quantum computer that can crack this, you will have no privacy in your online transactions, whether it’s financial or health information, or any encrypted data,” he said. he declares.
No one knows when that day will come. Predictions vary, Staab said, between three and 15 years, though most people expect it to be definitely within a decade, and probably within the next five years.
This means it’s crucial for businesses to start planning now. The transition to post-quantum cryptography will take time, and some embedded systems that cannot be upgraded will need to be physically replaced. “Experts predict that this whole process for the entire industry globally — it’s not just a US problem — could easily take more than a decade,” Staab said.
Develop a strategy
Yet, with the new NIST standard not yet finalized, how can companies plan ahead? The first step, Staab said, should be to develop a quantum security strategy — mapping out what can be done now and what needs to be anticipated in the medium to long term. “The good news is there are some things you can do now,” he said.
A simple step is to improve your use of random numbers for encryption. The random numbers used by current encryption algorithms are typically generated by software-based pseudo-random number generators (PRNGs). “The problem with that is that these are determinist — so people think they’re random, but they’re not really random,” Staab said.
The answer, he said, lies in a transition from software to hardware – from software PRNGs to hardware quantum random number generators (QRNG) that produce truly random numbers. “It’s a simple way to do it – to replace the way you generate your keys, your cryptographic material, with totally random numbers.”
Another key step is to identify any cryptography usage within your organization. “Where can I currently encrypt data, how can I transmit data securely? Identify the systems you currently use – those will be the candidates to upgrade,” Staab said.
A hybrid approach
As new algorithms from NIST are finalized, Staab said, many companies will likely start by combining current cryptography with the new techniques. The need for this type of mixed strategy was underlined by a recent default [PDF] of the SIKE algorithm, one of NIST’s additional finalists for future evaluation, by researchers at KU Leuven in Belgium. “It reduces confidence in new algorithms,” Staab said. “So what companies will likely do in the future, at least for the next decade, is start using a hybrid approach.”
The biggest lesson to be learned from the SIKE breach, Staab said, is to assume that one of those algorithms could be broken at some point, and to focus on building crypto-agility, the flexibility of be able to quickly replace algorithms if the one you are currently using is compromised. “There are limits, of course — not all systems are software-scalable; you may have to replace it completely – but you have to be prepared,” he said.
It could also mean using multiple encryption techniques, so even if an attacker gains access to one set of data, they won’t be able to access everything, because not all of your data is encrypted equally.
One of the main concerns about the quantum threat is the idea of ”harvest now, decrypt later”, the fear that hackers will collect encrypted data that they are currently unable to decrypt, knowing that they will be able to access it at the future. Several encryption techniques and hybrid approaches should also help, Staab said – as well as quantum key distribution (QKD). “If your network is compromised and you assume your adversary is listening and capturing all of your network traffic, the actual keys that were used to encrypt the data are not transmitted over the same network using the same protocols,” he said. -he declares.
All of this helps to clarify why multiple post-quantum algorithms are endorsed, rather than just one pick of the best. “NIST wanted to have some diversity in the algorithms so that if one technique is vulnerable, you always have fallback algorithms that use a completely different mathematical approach,” Staab said.
It’s also helpful, Staab said, to have different algorithms for different applications. An IoT device with a small processor and limited memory will likely have very different capabilities and requirements than a similarly unconstrained device, which could leverage a more advanced algorithm for enhanced security if needed. “You need to be able to size security right and make it work within the constraints the system is operating in,” he said.
Assume the worst
As Q-Day approaches, it can be difficult to persuade corporate executives to invest in something that may not present a real problem for five years or more. Staab said the level of urgency varies depending on what business you are in. an event that ends the life of the business – you can’t transition quickly enough to embrace that,” he said.
As far as we know, Staab said, an opponent may already have these abilities. If they did, they certainly wouldn’t announce it. “You just have to take the worst – you might not even be three years old,” he said. “I think being on the more pessimistic side and not waiting too long is probably a wise step in this case.”
And while this is especially true for banks, it applies to a wide variety of industries. “If you’re dealing with data – whether it’s customer data, or buying items, or doing predictive analytics – if your system isn’t as secure as your competition’s, you’re going to be out of business quickly,” Staab said.
Featured image via Shutterstock.