With every passing day, the need for crypto agility becomes more important. Whether you believe quantum computing is 10 years, 20 years or more away, the inevitability is that it is approaching fast. This is why many leading technology organizations have begun to research the impact of new quantum-safe algorithms on their existing products or infrastructure. This research is facilitated by the use of , Hardware Security Modules (HSMs). It is within the secure parameter of an HSM that existing and quantum-safe algorithms should be executed – but not many HSMs are capable of doing this. This why the flexibility and functionality of HSMs play an important role in in crypto agility.
Crypto agility is the ability for an information security system to switch to an alternative cryptographic primitive and algorithm without significantly altering the system infrastructure. This facilitates and promotes system upgrades and evolution while also acting as an incidence response mechanism of safety measure.
There are many facets to a secure and technically sound cryptography solution.
HSMs play a critical role in
safeguarding and managing digital keys as they provide the secure environment for executing the cryptographic algorithms to generate these keys.
These physical computing devices enable strong authentication measures and provide a secure environment where crypto processing for encryption and decryption takes place. Whether the HSM is designed as an external device or a plug-in card, these devices also feature tamper resistance that can detect when suspicious activity occurs. They are even capable of deleting crypto keys to act as a failsafe against tampering activity.
Much of the initial focus for developing post-quantum, or PQ strategies was focused on developing new algorithms that could resist the increased computing power of quantum computers. Today’s classical computing systems lack the processing power to perform the trillions and trillions of transactions required to effectively factor today’s crypto algorithms.
Quantum computing has already been theoretically proven to be able to crack the code which prompted the crypto industry to scramble its resources to develop safe and secure PQ algorithms.
The development of these algorithms is just the first step in a complex deployment of crypto agile infrastructure solutions. The primary challenge in this is that organizations must begin living in both the pre and post quantum world, especially those:
This means that these entities will need to be able to exchange both quantum and non-quantum safe data during what could be a decades-long transition and even operate them in parallel.
How much time an organization has to implement quantum safe algorithms can be expressed by a formula defined by Michele Mosca:
If the security security shelf-life (x years) of your product or the secret you need to keep
PLUS the migration time (y years) you need to move to a new algorithms
is larger than the time left to the availability of quantum computers capable of breaking the algorithm
you are currently using (collapse time in z years)
you have already run out of time.
Or in Michele’s words: If x + y > z, then worry (“Theorem”)
In any case, you may want to start testing the impact of the new algorithms on your products or infrastructure as soon as possible. For this, you will need an HSM that is crypto agile. You need an HSMs that allows you to effectively and efficiently upgrade firmware and algorithms as the demands for encryption continue to evolve. . This is why many of the major players in the research and development of post-quantum cryptography such as Microsoft Research, evolution Q, Digicert, LG Electronics, Entrust Datacard, and Isara work with Utimaco HSMs.
When major players like these get their vast research resources, including people and money, focused on a goal, they want to ensure they have the right tools for the job. PQC experts work with Utimaco for their tools of choice for HSMs. Their comprehensive line of products includes a range of HSMs that can be deployed as both general purpose and customized solutions. In addition to their family of HSMs, they also offer a pair of integrated Software Development Kits (SDK) that allows their customers to efficiently prepare and implement post-quantum safe solutions.
One of these major researchers, Microsoft Research, has detailed their efforts utilizing the Utimaco HSMs in a project code named “Picnic.” Their detailed white paper describes Picnic as a signature scheme that is designed to be able to withstand attacks from quantum computers. It is built using foundational elements such as symmetric key primitives, post-quantum security measures, and a zero-knowledge proof system. This exhaustive analysis details the process that was undertaken to develop, test, and analyze the security of various forms of the Picnic signature scheme. It also included a wide variety of attack protocols along with various forms of the Picnic signature.
As you can imagine, the combination of signature forms and attack models required a significant amount of customization and adaptation to the underlying infrastructure. This includes Utimaco’s HSMs and their ability to effectively function in both pre and post-quantum states. In addition to the functional effectiveness of the HSMs, the agility afforded by the integrated SDKs contributed to the Utimaco devices being an integral part of the success of the Microsoft research effort.
( #PartnersAreKey ).
Many refer to the age of quantum computing as the next major milestone of human existence. Its impacts will be felt in every aspect of life. Similarly, the impacts will be felt within every aspect of your crypto infrastructure. A thorough and methodical deployment of a crypto agile solution, including your HSMs, is the best path forward.
Be informed about the release of the next post-quantum related blogs and videos. Simply enroll to our info-mail with the subscription button on the top right.
Are you part of a research institute of department and interested in participating in our collaborative research programs, please contact us for additional information.