Security today relies on cryptography, an information-protection technology that uses algorithms to transform messages into a form that is difficult for a third party to decipher. For decades, computers and networks have relied on cryptography to provide confidentiality and integrity, and for common tasks like authentication. Arguably, it has become the backbone of modern cybersecurity as we put more of our lives online.
Cryptography depends on the fact that today's computers don't have the power to decode encrypted data in a realistic time frame (such as in our lifetimes). But that changes as we march closer to quantum computers — machines that use the properties of quantum physical phenomena to perform algorithms at lightning speeds compared with today's fastest computers. A mature quantum computer could crack a private cryptography key from its public key counterpart in minutes (compared with thousands of years with a standard processor). It's important to note that quantum-computer prototypes are still gradually increasing in size and capabilities and don't yet pose a threat. Eventually, however, they will become powerful enough to attack widely used public key cryptography.
Cryptography and quantum computing are on a collision course that will threaten this cornerstone technology underlying cybersecurity. The systems we've built to power our digital lives aren't ready for the strength of our public key cryptography standards (RSA, EC, and DSA) to be undermined. (This blog post explains this in greater detail.) We must prepare for a future where many of our current cryptographic algorithms don't work. The solution will mean deploying necessary changes as an industry, which will take time and is considerably more complex than it may seem.
Cryptography: What's at Stake
Stored data is encrypted using symmetric key algorithms (such as Advanced Encryption Standard, or AES), which are less threatened by quantum computing. Exposures are more about communication channels and the "key establishment" portion of the Transport Layer Security (TLS) protocol. In TLS, two parties use public key cryptography to authenticate one another and then negotiate a shared symmetric key for the session. The result is a session key that enables secure communication between the two parties.
Why does this matter if quantum computing is not yet a thing and the threat is limited to certain situations?
The first reason is that an attacker can record encrypted data now in preparation for breaking the encryption later, once scalable quantum computing is available. This is known as a "harvest-now, decrypt-later" attack, and it is particularly threatening for long-lived information assets (think bank account numbers, for example). As we get closer to the quantum-computing threat, vulnerable data with shorter lifespans also becomes a concern.
If investor interest and company R&D spending is any indication, we are getting closer to quantum computing becoming real — perhaps as soon as the next decade. Indicators of the industry's optimism include a tremendous outpouring of government funding and venture-capital investment. Major companies and startups are working with big investment money to bring quantum computing to the world as soon as possible.
So, how do we deal with this looming threat? Enter crypto agility — the ability to rapidly reconfigure cryptographic algorithms and implementations. It's about to become a key driver of organizational success as we prepare for a world where quantum computing is real.
The National Institute of Standards and Technology (NIST) has been monitoring the quantum-computing situation. In 2016, it began a program to develop new public key cryptography algorithms that will be safe against the quantum-computing threat. The algorithms are known as "post-quantum cryptography," or PQC. The intention is that this cryptography will be safe to use when tomorrow's powerful quantum computers become a reality.
Crypto agility is what will allow us to switch over from our prior cryptography algorithms to the new algorithms being standardized by NIST.
Industry still has enough time to prepare for the switch — if companies can work together. We have faced similar challenges with prior crypto migration challenges, such as the move from 3DES to AES or MD5 to SHA-1.
The following is Sean Huntley's five-step crypto-agility preparedness plan:
- The first step in any plan is information gathering. You can't defend against something you're not aware of. You'll need to inventory the cryptography you currently use. Whether it's in the applications your organization has developed or in the software provided to you by a vendor, creating an up-to-date list of your cryptography will form an important part of your asset management inventory.
- Next, you'll need to develop a plan. This includes addressing things that could go wrong. Your organization's incident-response plan should be updated to include a procedure to patch crypto libraries. It is also critical to include Internet of Things devices in these planning phases. These devices often have long lives and have historically suffered from poor patch compliance.
- Consider exposures that you may have right now. Once an exposure happens, it is irreversible. CIOs should consider policy changes to minimize public exposure of long-term sensitive data.
- Work to deploy hybrid post-quantum cryptography algorithms for secure communication over public networks. Hybrid PQC implements a new PQC algorithm in tandem with the current standard. This maintains compliance with current cryptography standards, while adding quantum safety.
- Finally, plan for key rolling and data recovery, because data encrypted with old symmetric keys that have been exposed may need to be decrypted and re-encrypted.
The advent of quantum computing has amplified the need for crypto agility in the modern enterprise. Our deep reliance on today's algorithms means that organizations will find it a challenge to make changes to adapt to the changing crypto landscape. But to be resilient to the risks of weakening ciphers and to adapt to the new regulatory landscape, we can prepare ourselves with crypto agility. We must architect our applications, services, and information-security postures to change more easily — if we are to stay ahead of the curve.