Advice on migrating to Post Quantum Cryptography
====================
TL; DR
With the recent publication of post quantum cryptography (PQC) algorithms from NIST, organisations of all size should begin the transition to PQC. Please refer to this PQC readiness publication from CISA as a starting point.
====================
To assist with the transition to PQC, I have provided advice below for government agencies and non-governmental and in their transition to using PQC with a focus on non-governmental organisations. A short frequently asked questions (FAQ) section and further references are also consolidated below:
====================
For government/federal agencies
Please refer to the relevant heading within this page.
====================
For non-government/private sector organisations
While immediate action is not required (although still recommended), migration to post-quantum encryption technology should be present within your strategic roadmap within your organisation. Quantum computers are expected to become operational within the next five to ten years. For further guidance, please refer to this PDF document co-authored by CISA, the NSA and NIST. This document will help prepare for your journey to migrate from current encryption solutions to post-quantum encryption.
For existing data held encrypted at rest by organisations, if any data were now compromised by a threat actor, there is a possibility in the future this encryption could be broken (in a “harvest now decrypt later scenario”). When quantum computing begins to be more accessible, current encryption may become less resilient. Should current data still be valuable when this future becomes a reality, such organisations will need to assess how to migrate to newer post-quantum encryption for such valuable data.
The transition to PQC in more detail
As mentioned above, the transition to quantum computing is expected to take place within the next 5 to 10 years. While the high-level steps are covered in CISA’s Quantum Readiness paper, I wish to provide more detailed advice below:
The overall goal of this preparation is for cyber security teams to effectively manage the transition to post quantum encryption for data in transit and data at rest after the data is handed off their networks from the edge and onto content delivery networks (CDNs). The scale of this task is large and careful planning for a multi-year transition phase is required.
Creating an inventory of your data
Suggested first steps would be to carry out an automated inventory of your assets (my thanks to Dark Reading for this suggestion) with the goal of a creating a cryptography bill of materials. The inventory should include the encryption protocols in use for aspects of your network such as critical security controls, data protection, digital signatures and authentication. Other areas to consider are your public key infrastructure, hardware security modules (HSMs), TLS certificates and any hardware keys in use by your employees.
Prioritise your most important data
With the inventory complete, seek to prioritise your highest value data for migration to post quantum encryption first. Once complete, move to the next priority group within your existing data and so on. If you find legacy encryption algorithms such as Triple DES, GOST89 or Blowfish (or data encrypted in transit by SSLv2, SSLv3, TLS 1.0 or TLS 1.1) seek to move them higher in your priority list enabling them to be remediated sooner. The current PQC standards to implement are FIPS 203, 204, and 205 (as mentioned above) which incorporate public key cryptography and digital signatures.
Refine your roadmap
Another use of the inventory results will be to use the above-mentioned strategic roadmap to better define each of the roadmap steps for your planned implementation (according to dated and defined steps of your roadmap). The steps should include the “how” and “when” of each technology or system being migrated. Also consider the questions from the Post-Quantum Cryptography (PQC) roadmap provided by the DHS (please the seven questions listed in the section Roadmap->Part 6)
Seek to centralise and prevent duplication of effort
For this migration, it is suggested that multiple teams will be involved within your organisation e.g. the IT team, Cyber Security, Legal, HR, Data Protection (including the DPO where relevant for oversight) and your third-party vendors who manage your data.
Remember to seek support from your leadership team so that they can champion and support your efforts to ease the migration. Working across teams in this manner will not only seek to centralise your efforts but also to minimise duplication of effort. With the transition in progress, consider participating in pilot programs (of the new algorithms), collaborating with your third-party vendors and engaging in ongoing research to stay informed about the latest developments in PQC.
====================
Conclusion
With the correct approach, when your transition to PQC is complete you will have the benefit of your organisation being in a far better position to defend itself in the impending reality of a quantum computing world.
Thank you.
Acknowledgements: My thanks to the DHS, CISA, NIST, Holland & Knight Law, Santosh Kumar, Arcserve, Keyfactor and Digicert for the references linked to within this post.
Image Credit: https://unsplash.com/@markusspiske
====================
FAQ
====================
?
Which PQC algorithms were published by NIST?
A summary of the three algorithms made available is available from this BleepingComputer post.
What existing encryption algorithms are most at risk of compromise by quantum computing?
Rivest–Shamir–Adleman (RSA) which uses the difficulty for classical computers to factor large numbers and Elliptic Curve Cryptography (ECC) which are underpinned by discrete logarithm problems (which require exponential time for a classical computer to solve) are the algorithms most vulnerable to quantum computing.
What areas of my organisation will need to adapt to PQC?
Software, hardware e.g. HSMs and your operational procedures will need to adapt to the changes PQC introduces in order maintain effectiveness. In the area of procedures, an important consideration will be the securing of quantum resistant keys against more traditional and quantum based brute force attacks. Your public key infrastructure (PKI) will also need updating to accommodate the secure generation and distribution of PQC keys.
?
What impact does PQC have on the encryption of data in transit secured using TLS?
Currently TLS uses RSA or ECDH (Elliptic Curve Diffie-Hellman) for key exchange while using AES for encryption of the data. The use of the new FIPS 203 algorithm will replace either RSA or ECDH with Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) which uses a lattice-based approach resistant to quantum attacks. Thus, the symmetric keys used to encrypt the data remain secure. This also means the data will remain secure from interception or decryption by threat actors equipped with quantum computing capabilities.
?
领英推荐
Is PQC already in use within everyday systems?
Yes, some vendors have implemented PQC, e.g. Google Chrome and Akamai already use post quantum cryptography e.g. OpenSSH began to use Post Quantum Cryptography in April 2022. OpenSSH chose NTRU Prime from NIST's at the time shortlist. Signal uses PQXDH and Apple iMessage uses PQ3 (as of early 2024)
?
====================
References
====================
Quantum-Readiness: Migration to Post-Quantum Cryptography
?
Post-Quantum Cryptography
?
NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams
?
NIST Releases Three Post-Quantum Cryptography Standards
?
Future-Proofing Security: An In-Depth Examination of NIST's Quantum-Resistant FIPS Standards and its Impact on Industry
?
5 Common Encryption Algorithms and the Unbreakables of the Future
?
Top Takeaways from NIST’s Fifth PQC Standardization Conference
?
Unpacking News From NIST: Three New Algorithms are Expected in 2024 https://www.keyfactor.com/blog/unpacking-news-from-nist-three-new-algorithms-are-expected-in-2024/
Get Ready for the Year of Quantum-Ready PKI Solutions
?
Keyfactor Community
?
NIST Releases Quantum-safe Cryptography Standards: What Happens Now?
?
The NIST standards for quantum-safe cryptography
?
Why Q-Day is closer than you think
====================