informa

Tech News and Analysis

7 min read
article

Now Is the Time to Plan for Post-Quantum Cryptography

Panelists from an RSA Conference keynote agreed that organizations need to begin work on PQC migration, if they haven't already.

RSA CONFERENCE 2022 – Even the most future-facing panels at this year's RSA Conference are grounded in the lessons of the past. At the post-quantum cryptography keynote "Wells Fargo PQC Program: The Five Ws," the moderator evoked the upheaval from RSAC 1999 when a team from Electronic Frontier Foundation and Distributed.net broke the Data Encryption Standard (DES) in less than a day.

"We're trying to avoid the scramble" when classical cryptography techniques like elliptic curve and the RSA algorithm inevitably fall to quantum decrypting, said Sam Phillips, chief architect for information security architecture at Wells Fargo. And he set up the high stakes encryption battles often have: "Where were all the DES implemented? Hint: ATM machines."

"We had to set up teams to see where all we were using [was DES] and then establish the migration plan based upon using a risk-based approach," Phillips said. "We're trying to avoid that by really trying to get ahead of the game and do some planning in this case."

Phillips was joined on stage by Dale Miller, chief architect of information security architecture at Wells Fargo, and Richard Toohey, technology analyst at Wells Fargo.

A Brief Explanation of Quantum Computing

Toohey, a doctoral candidate at Cornell University, handled most of the technical aspects of quantum computing during the panel. 

"For most problems, if you have a quantum calculator and a regular calculator, they can add numbers just as well," he explained. "There's a very small subset of problems that are classically very hard, but for a quantum computer, they can solve [them] very efficiently."

These problems are called np-hard problems. 

"A lot of cryptography, specifically in asymmetric cryptography, relies on these np-hard type problems — things like elliptic curve cryptography, the RSA algorithm, famously — and when quantum computers are developed enough, they'll be able to brute-force their way through these," Toohey explained. "So that breaks a lot of our modern classical cryptography."

The reason why we don't have crypto-breaking quantum computers today, despite headline-making offerings from IBM and others, is because the technology to reach that level of power has not been accomplished yet.

"To become a cryptographically relevant quantum computer, a quantum computer needs to have about 1 to 10 million logical qubits, and those logical qubits all need to be made up of about 1,000 physical qubits," Toohey said. "Today, right now, the largest quantum computers are somewhere around 120 physical qubits." 

He estimated that to even muster the first logical qubit will take three years, and from there it has to scale up to "a million or so logical qubits. So it's still quite a few years away."

Another technical challenge that needs solving before we get these powerful quantum computers is the cooling systems they require. 

"Qubits are incredibly sensitive; most of them have to be held at very low, cryogenic temperatures," Toohey explained. "So because of that, quantum computing architecture is incredibly expensive right now." 

Other problems include decoherence and error correction. The panel agreed that the combination of these issues means crypto-cracking quantum computers are eight to 10 years away. But that doesn't mean we have a decade to address PQC.

Now Is the Time

The panel was named for the journalistic model of five questions that start with the letter "w," but that didn't come up until late in the audience Q&A portion. 

"Sam was asking the what, the who, the why, the where, and the when," Miller said. "So I think we've covered that in our conversations here."

Most of the titular questions were somewhat vague and a matter of judgment. However, on the concept of when you should start planning for the post-quantum future, there was complete agreement: Now. 

"You've got to start the process now, and you have to move yourself forward so that you are ready when a quantum computer comes along," Miller said.

Phillips concurred.

"There is not right now a quantum computer that is commercially viable, but the amount of money and effort going into the work is there to move it forward, because people recognize the benefits that are there, and we are recognizing the risk," he said. "We feel that it's an eventuality, that we don't know the exact time, and we don't know when it'll happen."

Toohey suggested beginning preparations with a crypto inventory — again, now

"Discover where you have instances of certain algorithms or certain types of cryptography, because how many people were using Log4j and had no idea because it was buried so deep?" he said. "That's a big ask, to know every type of cryptography used throughout your business with all your third parties — that's not trivial. That's a lot of work, and that's going to need to be started now."

Wells Fargo has a goal to be ready to run post-quantum cryptography in five uears, which Miller described as "a very aggressive goal."

"So the time to start is now," he said, "and that's one of the most important takeaways from this get-together."

Crypto Agility Gets You to Quantum Resilience

Pivoting is a key marker of agility for the panel, and agility is vital for being able to react to not just quantum threats, but whatever comes next. 

"The goal here should be crypto agility, where you're able to modify your algorithms fairly quickly across your enterprise and be able to counter a quantum-based attack," Miller said. "And I'm really not thinking on a day-to-day basis about when is the quantum computer going to get here. For us, it's more about laying a path and a track for quantum resiliency for the organization."

Toomey agreed about the importance of agility. 

"Whether it's a quantum computer or new developments in classical computing, we don't want to be put in a position where it takes us 10 years to do any kind of cryptographic transition," he said. "We want to be able to pivot and adapt to the market as new threats come out."

Because there will be computers that can break current cryptography techniques, organizations do need to develop new encryption methods that stand up to quantum brute-force attacks. But that's only the half of it. 

"Don't just focus on the algorithms," Phillips said. "Start looking at your data. What data are you transiting back and forth? And look at devaluing that data. Where do you need to have that confidential information, and what can you do to remove that from the exposure? It will help a lot not only in the crypto efforts, but in terms of who has access to the data and why they have to have access."

You've Got to Have Standards

One open question loomed over the discussion: When would NIST announce its picks for the new standards to develop for post-quantum cryptography? The answer: Not yet. But the uncertainty is no cause for inaction, Miller said. 

"So NIST will continue to work with other vendors and other companies and research groups to look at algorithms that are further out there," he said. "Our job is to be able to allow those algorithms to come into place quickly, in a very orderly manner, without disrupting business or breaking your business processes and [to] be able to keep things moving along."

Phillips agreed. "That's one of the reasons for pushing on plug and play," he said. "Because we know that the first set of algorithms that come out may not satisfy the long-term need, and we don't want to keep jumping through these hoops every time somebody goes through it."

Toohey tied the standards question back into the concept of preparing now.

"That way, when NIST finally finishes publishing their recommendations, and standards get developed in the coming years, we're ready as an industry to be able to take that and tackle it," he said. "That's going back to crypto agility and this mindset that we need to be able to plug and play. We need to be able to pivot as an industry very quickly to new and developing threats."