We are approaching the end of the third quarter of 2022. Quite likely, you may have already heard about the upcoming transition to quantum-safe cybersecurity as an urgent response to the cybersecurity threats posed by quantum computers. Now, with the threat identified, what solutions do we have available out there? In this note, we will briefly highlight the main lines of action. But first, for those who may not yet be aware of the transition to quantum-safe security, here are five takeaways to get you up to speed:

• Governments are a strong voice in accelerating the transition. The White House has published multiple documents in 2022 to accelerate the transition to quantum-safe security, especially in National Security Systems. Europe is also accelerating with the launch of the European Quantum Communication Infrastructure initiative and funding programs. Additionally, many other countries -such as Singapore, Japan, and China- are also launching similar strategic initiatives.
• The quantum-safe transition is a response to the so-called quantum threat. The quantum threat refers to the risks posed by quantum computers to our current cryptographic schemes. In brief, a large-enough quantum computer (a.k.a. cryptographically relevant quantum computer) may render all our current cybersecurity technologies unsafe, which would be a catastrophic event for our highly connected society.
• Quantum-safe cybersecurity is a term coined for all those new solutions designed and engineered to keep us all secure, even when the quantum threat materializes.
• The time to start your quantum-safe journey is now. The quantum threat is already relevant in many environments due to the possibility of nefarious actors storing current data and decrypting it later (a so-called store now, decrypt later attack). This fact is a risk that must be addressed in sectors such as banking, healthcare, governments, and anyone handling sensitive data, such as intellectual property.
• The development of quantum technologies is accelerating. In quantum computers, massive investments are being placed in quantum startups, and nearly all the large tech companies are heavily investing. In quantum-safe cybersecurity, almost all security vendors are already planning their quantum-safe portfolio, helping their customers address the quantum threat.

These five takeaways may help set the scene on the major items of the quantum threat and the quantum-safe transition. But what does the quantum-safe solution landscape look like, and what technologies are there?

Key agreement – Post-quantum cryptography (the NIST finalists)

Post-quantum Cryptography (PQC) refers to the use of new cryptographic algorithms resilient to the attacks of quantum computers. The idea is to change today’s methods, which are vulnerable to quantum computers, with new algorithms, which are believed to be safe against future quantum computers. In 2016, NIST launched a contest to propose new algorithms, and the finalists were finally announced in July 2022. This is great news and a result expected for a long time. However, further analysis and public scrutiny of these algorithms are required, as one of the finalist algorithms was broken in under 2 hours by a simple laptop, just hours after being declared a finalist.

Key agreement – Quantum key distribution (QKD)

QKD consists of exchanging quantum signals (through a direct channel as a fibre link, satellite link, or a free-space link) to ultimately exchange a stream of shared random digits between 2 devices. The security of QKD is grounded on the laws of quantum physics, which is a new paradigm with respect to the computational security of today’s systems and PQC. QKD is typically combined with other cryptography primitives to build a security system and requires new hardware and infrastructure deployments. Europe is leading the deployment of QKD systems for ground and space links.

Key agreement – Others

There are exciting new schemes to achieve quantum-safe key agreement, such as those by our partners at Qrypt. These new cryptographic protocols use PQC to generate keys at the endpoints instead of distributing them, nullifying the fall of any PQC algorithm in the future, while ensuring crypto-agility.

Key generation – Quantum random number generators

Randomness is essential in all cryptographic schemes. The unpredictability of random numbers determines the security of the entire cryptographic protocol. In other words, if random numbers are not truly random, then cybersecurity is impossible. Using quantum technologies to generate random numbers delivers advanced security, speed, and monitoring features. Multiple vendors are already in the market with QRNGs, such as Quside.

Deployment – Hybrid schemes

While all these new cryptographic solutions promise advanced security capabilities, they are relatively new and not yet standardized. Thus, they require further testing and validation. One way to address this issue is to deploy them as an additional security layer on top of today’s certified security baseline. If done correctly, you get the best of the two worlds: short-term compliance with existing certification & decades of robust cryptography and long-term protection with new advanced cryptography mechanisms.

Deployment – Crypto-agility

Given that new cryptographic protocols will be developed and deployed quickly, with relatively low testing and validation, there are risks that these methods may be found vulnerable at some point (see what happened to SIKE, a 4th-round finalist in the NIST contest). Thus, it is highly recommended to deploy hybrid schemes first and make them easy to update if vulnerabilities are identified (crypto agility is the keyword here). That means being able to quickly replace algorithms and protocols as soon as those are found vulnerable.

At Quside, we build fast and measurable QRNGs. We also have the most innovative partners and customers delivering PQC, QKD, and advanced key agreement solutions. Contact us to learn more and to get started in your quantum-safe journey. Join us at the quantum side!