Understanding the Post Quantum Cryptograhy Challenge

Quantum computers pose a severe threat to modern cryptography. If sufficiently large quantum computers are built, they will be able to break asymmetric cryptography, including widely used algorithms like RSA, ECC, DH, DSA, and ECDSA, in practical time using Shor's quantum algorithm. This puts at risk the authentication, key exchange, digital signatures, and certificates used in internet security and secure applications.

Additionally, symmetric ciphers like AES, which are used to encrypt data in transit (e.g., internet communications) and at rest (e.g., hard-drive encryption), will also be under threat from quantum computers using Grover's quantum algorithm. Experts recommend doubling the key size from 128-bit (AES-128) to 256-bit (AES-256) to defend against large, powerful quantum computers.

The implications of this threat are far-reaching. Once quantum computers become a reality, they will compromise the confidentiality, privacy, and authenticity of our modern communication systems. It will no longer be possible to trust digital certificates and signatures, nor to securely exchange secret keys for data encryption using current cryptographic primitives.  

Lessons learned from historical cryptographic transitions 

The world hass seen such impact before, though never with such high stakes. Historical transitions offer a cautionary tale:

• DES to AES: When the Data Encryption Standard (DES) was cracked in the late 90s, the migration to the Advanced Encryption Standard (AES) took nearly a decade.
• SHA-1 Deprecation: The move away from the SHA-1 hashing algorithm (after it was found vulnerable) was plagued by "zombie" systems that continued to use the insecure standard for years, leading to widespread vulnerabilities.
• The Y2K Comparison: Like Y2K, PQC migration has a "deadline" dictated by hardware progress. However, unlike Y2K, we don't know the exact date the clock hits midnight.

The primary challenge in these historical shifts wasn't the new math; it was visibility. Organizations often didn't know where their cryptography was "hard-coded," making updates a manual, error-prone nightmare of hunting through legacy code and hardware.

The Cavalry is coming! ... but it may take a while

The cryptographic community is actively working on post-quantum cryptography to provide alternatives using hard mathematical problems that cannot be broken by quantum computers. There is a wide range of potential approaches being investigated, including problems in coding theory, lattice theory, solving multivariate polynomials, and isogenies on elliptic curves. Secure hash functions can also be used to construct signature schemes.

The National Institute of Standards and Technology (NIST) initiated a standardization process for post-quantum cryptography in 2017, with the goal of establishing practical schemes that are robust against quantum computer attacks. However, several challenges remain in this transition: 

1. Determining which schemes to trust 
2. Developing metrics to quantify the security of cryptographic schemes against quantum computers
3. Balancing security and usability when choosing parameters 
4. Improving the efficiency of post-quantum schemes 
5. Achieving secure implementations of these new schemes 
6. Migrating from current cryptography to post-quantum schemes 
7. Updating products in the field 
8. Ensuring compatibility between current systems and post-quantum schemes

During the transition period, while the security of post-quantum schemes is still being verified, a hybrid approach using both classical and post-quantum cryptography may be necessary. This approach, as demonstrated by Google's experimental deployment of the NewHope post-quantum scheme, can provide high security even if a post-quantum scheme is later found to be insecure. 

The solution: Cryptographic agility  

Cryptographic agility is a crucial concept in addressing the challenges posed by quantum computing threats. It refers to the ability to swiftly and efficiently update or replace cryptographic primitives and protocols in existing systems without significant disruption. 

The need for cryptographic agility arises from the fact that not all cryptographic primitives need to be replaced by post-quantum alternatives immediately. For example, authentication does not yet need to be post-quantum secure before quantum computers are built, as an attacker cannot retroactively break authentication performed in the past. 

However, ephemeral key exchange and symmetric encryption must be secure against quantum computers well in advance of actual quantum computer attacks, as an attacker could potentially break into previously recorded communications. Implementing cryptographic agility allows organizations to: 

1. Respond flexibly to emerging threats, whether from quantum computers or developments in classical cryptanalysis 
2. Gradually transition to post-quantum schemes as they become standardized and verified 
3. Maintain backward compatibility with existing systems during the transition period 
4. Minimize the risk of being caught unprepared when quantum computers become a practical reality 

TrustSource can play a vital role in executing this transition to post-quantum security. 

By providing tools such as ts-scan and ts-deepscan, TrustSource enables organizations to identify and assess the cryptographic algorithms used in their applications. The inventorying of algorithms and the reporting across the portfolio allow to identify, manage and report algorithms used. Defining Algorithm-Policies allows to prevent the use of weak or broken algorithms.

All these capabilities are crucial for implementing Crypto Agility: 

1. Identifying vulnerabilities to quantum attacks 
2. Planning the transition to post-quantum cryptographic algorithms 
3. Ensuring compliance with regulatory requirements and standards for post-quantum security 
4. Maintaining long-term security and resilience against evolving quantum threats 

With TrustSource's support, organizations can proactively manage their cryptographic assets and implement the necessary changes to achieve post-quantum security, ensuring the protection of sensitive data and communications in the quantum era.