How to Develop a Quantum Security Strategy (Do It Now!)
In July, the National Institute of Standards and Technology (NIST) announced the first group of four new post-quantum encryption algorithms designed to defend against attacks by future quantum computers that may be able to crack today’s encryption techniques. Other algorithms remain under consideration for future inclusion in NIST’s post-quantum encryption standard, which the institute expects to finalize within two years.
In an interview with The New Stack, Torsten Staab, Ph.D., principal engineering fellow at Raytheon Intelligence & Space, said that NIST’s announcement highlights the need to prepare for quantum day, or Q-Day, when quantum computers become powerful enough to break today’s asymmetric encryption. “If you indeed have a quantum computer that can break that, you’ll have no privacy in your online transactions, whether that’s financial or healthcare information, or any data that’s being encrypted,” he said.
No one knows when that day will arrive. Predictions vary, Staab said, between three and 15 years, though most people expect it will certainly happen within a decade, and likely within the next five years.
That means it’s crucial for companies to start planning now. The transition to post-quantum cryptography will take time, and some embedded systems that can’t be upgraded will have to be physically replaced. “Experts anticipate that that whole process for the entire industry worldwide — it’s not just a U.S. problem — could take easily over a decade,” Staab said.
Mapping Out a Strategy
Still, with NIST’s new standard not yet finalized, how can companies plan ahead? The first step, Staab said, should be to develop a quantum security strategy — mapping out what can be done now and what needs to be anticipated for the mid and long term. “The good news is, there are some things you can do now,” he said.
One straightforward step is to improve your use of random numbers for encryption. The random numbers used by current encryption algorithms are usually generated by software-based pseudo-random number generators (PRNGs). “The problem with that is that those are deterministic — so people think they’re random, but they’re not really random,” Staab said.
The answer, he said, lies in a transition from software to hardware — from software-based PRNGs to hardware-based quantum random number generators (QRNGs) that produce truly random numbers. “That’s one easy way to do it — to replace how you generate your keys, your cryptographic material, with totally random numbers.”
Another key early step is to identify all use of cryptography within your organization. “Where do I currently encrypt data, how do I transmit data securely? Identify the systems you currently use — those will be the candidates for you to upgrade,” Staab said.
A Hybrid Approach
As NIST’s new algorithms are finalized, Staab said, many companies will likely start by combining current cryptography with the new techniques. The need for that kind of mixed strategy was highlighted by a recent breach [PDF] of the SIKE algorithm, one of NIST’s additional finalists for future assessment, by researchers at Belgium’s KU Leuven. “That reduces the confidence in the new algorithms,” Staab said. “So what companies probably will do going forward, at least for the next decade, is to start using a hybrid approach.”
The larger lesson to take from the SIKE breach, Staab said, is to assume that any of these algorithms could be broken at some point, and to focus on building crypto-agility, the flexibility to be able to replace algorithms quickly if the one you’re currently using is compromised. “There are limits, obviously — not every system is software-upgradeable; you may have to completely replace it — but you have to be prepared,” he said.
That could also mean using multiple encryption techniques, so that even if an attacker gets access to one set of data, they won’t be able to access all of it, since not all of your data is encrypted the same way.
One key concern regarding the quantum threat is the idea of “harvest now, decrypt later,” the fear that hackers will collect encrypted data that they’re currently unable to crack, knowing they’ll be able to access it in the future. Multiple encryption techniques and hybrid approaches should help with that as well, Staab said — along with quantum key distribution (QKD). “If your network is compromised and you assume that your adversary is listening in and capturing all your network traffic, the actual keys that have been used to encrypt the data are not transmitted over the same network using the same protocols,” he said.
All of this helps to clarify why several post-quantum algorithms are being approved, rather than a single best-of-breed choice. “NIST wanted to have some diversity within the algorithms so that if one technique is vulnerable, you still have some backup algorithms that use a completely different mathematical approach,” Staab said.
It’s also helpful, Staab said, to have different algorithms for different applications. An IoT device with a small processor and limited memory will likely have very different capabilities and requirements than a device without similar constraints, which could leverage a more advanced algorithm for enhanced security if needed. “You have to be able to right-size the security and make it work within the constraints that the system operates in,” he said.
Assuming the Worst
As Q-Day looms, it can be a challenge to persuade corporate leadership to invest in something that may not present an actual problem for five years or more. Staab said the level of urgency varies depending on the business you’re in. “If you’re a bank and all of a sudden all your future transactions are going to be vulnerable for years until you have time to switch, that’s going to be a life-ending event for the company — you’re not going to be able to do a transition fast enough to adopt that,” he said.
For all we know, Staab said, an adversary may already have these capabilities. If they did, they certainly wouldn’t announce it. “You just have to assume the worst — you may not even have three years,” he said. “I think being on the more pessimistic side of it, and not waiting too long, is probably a wise step in this case.”
And while that’s particularly true for banks, it’s applicable to a wide variety of industries. “If you’re dealing with data — whether that’s customer data, or you’re buying items, or you’re doing predictive analytics — if your system’s not as secure as your competitors’, you’re going to be out of the business quickly,” Staab said.