Separating FUD from Practical for Post-Quantum Cryptography
By: Kathleen M. Moriarty, Chief Technology Officer at CIS, two-time Internet Engineering Task Force (IETF) Security Area Director 2014-2018, and 2020 Tropaia Outstanding Faculty Award recipient at Georgetown SCS.
Preparation for post-quantum cryptography increasingly appears in the news and industry materials. The reason for this is twofold. First, there have been advances in capabilities for post-quantum computing. Second, the National Institute of Standards and Technology (NIST) will complete final rounds for selection of these new cryptographic algorithms in 2024.
Overall, the primary concern driving preparedness from a security perspective is that encryption is breakable due to advancements with post-quantum computing for both asymmetric and symmetric cryptography. Most researchers put this possibility 10-15 years out from now, but they acknowledge we could be surprised with technological advancements. Quantum computing also advances capabilities for processing, making some computations feasible in much shorter time periods and providing great opportunities for advancement in numerous sectors. As such, quantum computing will be appropriate for some workloads but not all depending on requirements and resources. It is likely the early adopters will be in sectors such as finance, science research, and government.
This blog will describe the current state of quantum computing, the concern for data protection, as well as practical steps that reduce the hype for most organizations.
Algorithms Currently Capable of Decrypting Data Post-Quantum
Post-quantum cryptography is still a few years from reaching required system capability levels. But organizations are concerned in the meantime. Simply stated, adversaries may decrypt data stolen today when such capabilities become possible at a later point in time. Organizations might be concerned that they will be targeted in a breach or that ransomware actors will exfiltrate their data and later sell it on the dark web.
KTo better understand the risk of data exposure from advancements in quantum computing, I've provided information on the algorithms capable of decrypting data in a post-quantum world. I also provide the limitations, including a requirement for computing capabilities well beyond our reach today, in order to put this threat into perspective.
- Shor’s Algorithm targets asymmetric cryptography, meaning RSA, public/private key pair-based encryption methods. Currently, Shor’s algorithm requires millions of qbits to successfully break RSA. To put this into perspective, Schneier on Security explains that IBM Osprey has 433 qbits. While we can’t predict how quickly advances will be made considering Moore’s algorithm, it may be quite some time before using Shor’s algorithm and quantum computing become a real threat.
- Grover’s Algorithm targets the keys in symmetric cryptography, so this too may be broken in a post-quantum world. Migrating to AES-256 as a current step will aid in preparation for post-quantum security according to NIST, as it will be safe with Grover’s algorithm for some time to come without advancements in the algorithm.
- New algorithms are in development (and in review) that significantly improve upon Shor’s algorithm's post-quantum requirements. One published paper cites being able to break RSA with only 372-qbits using a new algorithm. This research is still in process of being validated.
- Another concern is that similar advances by nation states will never become publicly available, thus allowing access to stolen encrypted data by adversaries.
Steps to Migrate to Quantum-Safe Algorithms
Standards bodies and vendors are busy working to help you. The problem is that standards bodies and vendors have more work to do to enable a smooth transition to quantum-safe algorithms.
NIST is in the final stages of a lengthy process to select post-quantum cryptographic algorithms.
In July 2022, the selection process narrowed down to the following algorithms. Broken down by type, they are as follows:
- Public Key Encryption and Key Establishment Algorithms
- CRYSTAL-KYBER
- Digital Signature Algorithms
- CRYSTALS-DILITHIUM
- FALCON
- SPHINCS+
The full cryptographic algorithm evaluation is set to complete in 2024.
Once algorithms are finalized, standards bodies will integrate support for these algorithms into existing protocols, enabling support for post-quantum cryptography for data-in-transit and data-at-rest encryption. The Internet Engineer Task Force (IETF) and other standards-developing organizations (SDO) such as OASIS will take several steps to make this possible, as the algorithm parameters and key lengths differ from pre-quantum cryptography. As you can see from the IETF link provided above, some of this work has already commenced. There is some preparation work that is possible by standards bodies and that is underway.
Vendors are also preparing for post-quantum cryptography, and they have steps to take before organizations can easily make this transition. The following set of bullets highlights some high-level steps required before products will be ready to support post-quantum cryptography:
- Participate in the update of standards to accommodate post-quantum cryptography
- Update supported protocols according to standards published into products
- Update proprietary products and protocols to support post-quantum cryptography
Products are available from several vendors today with quantum computing capabilities. In addition to IBM above, Dell also has products, and HP has research efforts on quantum computing.
3 Steps for Organizations to Prepare for Post-Quantum Cryptography
A practical approach to avoid falling into fear, uncertainty, and doubt (FUD) around post-quantum cryptography breaks down into three steps.
First, you must prepare your organization by understanding the data assets of your organization, where these assets are stored, and the flow of sensitive data within your environment. This could be aligned to best practices for information management in spreadsheets or more formally in an electronic stored information (ESI) data map using the CIS Critical Security Controls (CIS Controls). Your organization should consider taking steps to label data according to sensitivity and business importance as well as the lifespan of the data. It is important to manage your data and understand where data is backed up, considering storage data protection best practices such as data deduplication and offline backups along the way. At the next level, compliance, record retention, and legal hold considerations should factor to ensure that data is managed appropriately according to each set of requirements. If the value of the data is beyond its lifespan or if record retention requirements require its deletion, data destruction should factor into the planning process for how data is treated.
Second, you should use the CIS Critical Security Controls to aid in the protection of your organization’s assets today. The Safeguards are prioritized to help mitigate risk in a meaningful way. By preventing an attack, you are also minimizing the chance of your data being stolen today and decrypted later.
Did you know you can establish essential cyber hygiene against today’s threats using a subset of the CIS Controls? Check out our video to learn more.
Lastly, you must move to post-quantum cryptography within 3-4 years of the technology becoming available in products. Manage and protect your data according to best practices for information management, and you’ll be ready for this transition when algorithms are integrated into protocols and products. Understanding your data will also help you prioritize for your transition.
About the Author
Kathleen Moriarty
Chief Technology Officer
Kathleen Moriarty, Chief Technology Officer at the Center for Internet Security has over two decades of experience. Formerly as the Security Innovations Principal in Dell Technologies Office of the CTO, Kathleen worked on ecosystems, standards, and strategy. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honor of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018. Named in CyberSecurity Ventures, Top 100 Women Fighting Cybercrime. She is a 2020 Tropaia Award Winner, Outstanding Faculty, Georgetown SCS.
Kathleen achieved over twenty years of experience driving positive outcomes across Information Technology Leadership, IT Strategy and Vision, Information Security, Risk Management, Incident Handling, Project Management, Large Teams, Process Improvement, and Operations Management in multiple roles with MIT Lincoln Laboratory, Hudson Williams, FactSet Research Systems, and PSINet. Kathleen holds a Master of Science Degree in Computer Science from Rensselaer Polytechnic Institute, as well as, a Bachelor of Science Degree in Mathematics from Siena College.