Post quantum encryption cannot wait for standard processes to unfold

Aug. 7, 2023
The reliance of existing modes of asymmetric data encryption could be a security catastrophe

The anticipated advent of quantum computing will have a devastating impact on existing modes of asymmetric data encryption. It’s likely that quantum-capable cyber-thieves, not to mention adversaries such as China, will gain the ability to decrypt virtually every secret possessed by the United States government and private industry that relies on asymmetric encryption algorithms such as RSA, Finite Field Diffie-Hellman, and Elliptic Curve Diffie-Hellman for protection. Since this is an alarming prospect, the government and various standards bodies are moving ahead with remedies. The critical problem is that the cycle time for migrating to new post-quantum resistant encryption algorithms and related standards is too long to mitigate the quantum threat. There is a compelling need for solutions that can be deployed today.

Briefly: The Quantum Threat to Cryptography

Quantum computers, which are expected to become viable in the next several years, use subatomic particles and quantum mechanics to execute calculations faster than today’s highest-performing conventional supercomputers. This computing power comes with the ability to crack encryption methods that are based on factoring large prime numbers. An algorithm introduced by Peter Shor, back in 1994, provides a method for the factorization of large prime numbers in polynomial time instead of exponential time. While a conventional computer might take trillions of years to break a 2,048-bit asymmetric encryption key, a quantum computer powered by 4,099 quantum bits, or “qubits,” using Shor’s algorithm would need about 10 seconds to accomplish the task.

This powerful decryption capability will wreak havoc on national security and secure computing in general. Right now, we rely on cryptography to maintain data confidentiality and integrity, two of the three legs of the information security triad. The third leg, availability, could also collapse as the encryption that protects systems management tools similarly breaks under quantum attacks.

It is shortsighted to think that because cryptographically relevant quantum computers (CRQCs) don’t exist yet, there is nothing to worry about today. This idea is gravely mistaken. Quantum is coming at a faster pace than anyone previously contemplated and malicious actors can steal encrypted data today and decrypt it with quantum later. For example, cryptocurrencies and banking accounts are vulnerable right now. Your Ethereum wallet uses a semi-permanent public key that is published on the blockchain for token exchanges. Older wallets on the Bitcoin blockchain use a permanent public key for security. Banks use a similar public key exchange to validate your account access. Once quantum computers come online, a bad actor can discover the private keys associated with these public keys, and the contents of wallets and accounts will become available to the attacker. Now is the time to implement a quantum-resistant approach to cryptography to ensure data is protected now and into the future.

What Has to Happen

The world, or at the very least the U.S. government, needs to move directly to cryptographic methods that cannot be easily broken by a quantum computer. This seems logical, and it is not as hard as it sounds. A broad consensus already exists as to how it will work.

As the National Security Agency (NSA) shared in its guidance on post-quantum cryptography, two things are recommended to protect data from quantum decryption. One is to make key lengths longer. That can be done immediately but this just forestalls the problem and requires the expenditure of more processing resources. The other recommendation is to implement lattice-based cryptography which is thought to be resistant to quantum computing attacks.

Lattice-based cryptography is, at the risk of gross oversimplification, a method wherein encryption keys are generated by a mathematical “latticepattern – rendering the discovery and cracking of the keys used in an encryption session virtually impossible, even for a quantum computer. Even if the quantum computer can crack each key individually, the pattern of the lattice makes it difficult in the extreme for an attacker to know even where to start. The recommendation for lattice-based encryption is sound, but there is a problem – and that problem is time.

Why the Existing Processes of Change May Not Work

On July 5, after six years of analysis and testing, the National Institute of Standards (NIST) announced its approval of the lattice-based algorithms CRYSTALS-Kyber for data encryption and  CRYSTALS-Dilithium for digital signature encryption.

The encryption establishment knows quite well how to update encryption and related security standards. From modifying crypto libraries (i.e., Libcrypt, StongSwan, OpenSSL, CryptoLib), to creating secure boot and Operating Systems and improving key management, the community has continuously hardened its security posture. The entities that participated with the Internet Engineering Task Force to create the Transport Layer Security (TLS) protocol (RFC 8466), the one that is used by virtually every browser and mobile device in the world, have successfully advanced from TLS 1.1 to 1.2 and now 1.3. Each release has brought significant improvements in security and fixes to earlier problems.

The issue for post-quantum cybersecurity is time. For example, it took nearly a decade for TLS 1.2 to advance to TLS 1.3. Nearly 30 revisions to the standard took place through a cumbersome committee process. One could argue that it has to happen that way, and that’s fine – except the quantum threat is coming a lot faster today than any of the previous threats to legacy encryption did in the past. We don’t have a decade. We don’t have time for 30 revisions on the standards. Imagine a time very close to now when your attempts at encryption not only become futile but can be used by bad actors as an indicator of the value of the data that you are attempting to protect.

Changes That Can Happen Right Now

New quantum secure encryption methods can be deployed now. The challenge is to make them work with existing encryption algorithms. After all, every system can't replace its encryption algorithms all at once.

Through crypto-agility, advanced quantum secure encryption solutions can map the network and identify which encryption algorithms and protocols are being employed for security between endpoints and servers. During session establishment, these solutions can deploy a proxy that can “speak” with each protocol being used between clients and encapsulate the data being sent with post-quantum resilient encryption.

Besides using a post-quantum resilient proxy service for immediate protection, enterprises should replace all public key algorithms and protocols with NIST post-quantum approved algorithms and Round 4 candidate algorithms for communications links with a focus on all control and admin connections. Upgrading symmetric algorithms to AES-256 or higher is also strongly encouraged.

Random Number Generators should be upgraded to Quantum Random Number Generators (QRNGs) to provide more entropy for keying material. Software and non-quantum hardware RNGs do not provide the entropy necessary to create strong keys in a post-quantum world.

Trust between machines must be established using a Key Distribution Center (KDC) model so that the re-authentication of network machines and trust relationships are performed continuously during key rotation, which parallels the two-way authenticated trust relationship found in mTLS (Mutual TLS) while adding resilience against Machine Learning and other AI or automated attacks. Pre-shared keys could also be used as an alternative way to get started, but pre-shared keys alone do not provide post-quantum resilience since they fail to solve key randomness or provide a safe mechanism for key rotation like KDC.

This is not as simple as it sounds and we could just wait for all the new algorithms and protocols to be incorporated into crypto-libraries and browsers, or for the Internet Engineering Task Force (IETF) to finalize a new RFC for post-quantum protocols. It all depends on our level of risk acceptance. But if you agree that this is an urgent need, there are solutions available today to begin the process of post-quantum hardening. Stakeholders will have to spend resources developing playbooks and implementation roadmaps to operationalize these changes, but the security benefits will be worth the effort. The time is now to start the upgrade process to post-quantum cybersecurity.

About the author: Aaron Moore is a Corporate Advisor at QuSecure. He has extensive experience in the DoD and the IC’s research and development communities. He served as a DARPA program manager for multiple restricted satellite programs, led the R&D for the virtualization of space platforms, and represented DARPA in OSD’s Air Dominance Initiative on space-air layer integration tech. An entrepreneur and former CTO for Northrup Grumman’s Intelligence Solutions Division, Moore also held executive positions with Raytheon and the National Security Agency. He began his career with the United States Army Special Forces where he was decorated multiple times for heroism in combat.

About the Author

Aaron Moore | Corporate Advisor at QuSecure, Inc.

Aaron Moore is a Corporate Advisor at QuSecure. He has extensive experience in the DoD and the IC’s research and development communities. He served as a DARPA program manager for multiple restricted satellite programs, led the R&D for the virtualization of space platforms, and represented DARPA in OSD’s Air Dominance Initiative on space-air layer integration tech. An entrepreneur and former CTO for Northrup Grumman’s Intelligence Solutions Division, Moore also held executive positions with Raytheon and the National Security Agency. He began his career with the United States Army Special Forces where he was decorated multiple times for heroism in combat.