We are approaching the end of the third quarter of 2022. Quite likely, you may have already heard about the upcoming transition to quantum-safe cybersecurity as an urgent response to the cybersecurity threats posed by quantum computers. Now, with the threat identified, what solutions do we have available out there? In this note, we will briefly highlight the main lines of action. But first, for those who may not yet be aware of the transition to quantum-safe security, here are five takeaways to get you up to speed:
These five takeaways may help set the scene on the major items of the quantum threat and the quantum-safe transition. But what does the quantum-safe solution landscape look like, and what technologies are there?
Key agreement – Post-quantum cryptography (the NIST finalists)
Post-quantum Cryptography (PQC) refers to the use of new cryptographic algorithms resilient to the attacks of quantum computers. The idea is to change today’s methods, which are vulnerable to quantum computers, with new algorithms, which are believed to be safe against future quantum computers. In 2016, NIST launched a contest to propose new algorithms, and the finalists were finally announced in July 2022. This is great news and a result expected for a long time. However, further analysis and public scrutiny of these algorithms are required, as one of the finalist algorithms was broken in under 2 hours by a simple laptop, just hours after being declared a finalist.
Key agreement – Quantum key distribution (QKD)
QKD consists of exchanging quantum signals (through a direct channel as a fibre link, satellite link, or a free-space link) to ultimately exchange a stream of shared random digits between 2 devices. The security of QKD is grounded on the laws of quantum physics, which is a new paradigm with respect to the computational security of today’s systems and PQC. QKD is typically combined with other cryptography primitives to build a security system and requires new hardware and infrastructure deployments. Europe is leading the deployment of QKD systems for ground and space links.
Key agreement – Others
There are exciting new schemes to achieve quantum-safe key agreement, such as those by our partners at Qrypt. These new cryptographic protocols use PQC to generate keys at the endpoints instead of distributing them, nullifying the fall of any PQC algorithm in the future, while ensuring crypto-agility.
Key generation – Quantum random number generators
Randomness is essential in all cryptographic schemes. The unpredictability of random numbers determines the security of the entire cryptographic protocol. In other words, if random numbers are not truly random, then cybersecurity is impossible. Using quantum technologies to generate random numbers delivers advanced security, speed, and monitoring features. Multiple vendors are already in the market with QRNGs, such as Quside.
Deployment – Hybrid schemes
While all these new cryptographic solutions promise advanced security capabilities, they are relatively new and not yet standardized. Thus, they require further testing and validation. One way to address this issue is to deploy them as an additional security layer on top of today’s certified security baseline. If done correctly, you get the best of the two worlds: short-term compliance with existing certification & decades of robust cryptography and long-term protection with new advanced cryptography mechanisms.
Deployment – Crypto-agility
Given that new cryptographic protocols will be developed and deployed quickly, with relatively low testing and validation, there are risks that these methods may be found vulnerable at some point (see what happened to SIKE, a 4th-round finalist in the NIST contest). Thus, it is highly recommended to deploy hybrid schemes first and make them easy to update if vulnerabilities are identified (crypto agility is the keyword here). That means being able to quickly replace algorithms and protocols as soon as those are found vulnerable.