Because of these risks, there are a number of ways cybersecurity researchers, vendors and experts are debating about how to approach this reality. There are already efforts to develop technology that is resistant to quantum hacking, and some academics are even looking to leverage quantum-based cryptographic systems as a more secure alternative than their conventional analogues. This current line of thinking is called “crypto agility” – and it encompasses the range of policies, technology and initiatives organizations must dedicate themselves to in becoming resilient against quantum computing.
Crypto agility, which stems from post-quantum cryptography (sometimes also called quantum-resilient encryption) combines both strategic and technological initiatives to ensure effectiveness. In practice, it recommends two lines of action:
The benefits of being crypto-agile include the ability to quickly respond and recover from a crypto-incident (wide-scale or targeted), your organization’s encrypted data is increasingly resilient even as algorithms become compromised, and the cryptography supporting the backbone of your organization is even more sustainable in the face of quantum computing.
The challenges of implementing crypto agility protocols, coupled with the fact that this is still a growing faction of research, means organizations will likely struggle to get it right initially. Current protocols are generally used throughout the organization, but under systems controlled by different branches of business. Crypto agility initiatives will challenge organizations to coordinate successfully across them all – whether that is 1,000 employees, 500 administrators and 200 systems. Outlining and implementing unique best practices, as well as choosing and deploying the best technology for their systems will not be quick decisions. But ultimately, future-proofing for a post-quantum world is not something businesses cannot afford to ignore.
There are a few factors that can help businesses make some smart choices about when to kickstart their crypto agility plan. (Hint: sooner is always better than later.) For example, organizations that need to keep “secrets” or ensure data remains confidential for long periods of time should implement crypto agility as soon as possible. However, because a system’s overhaul can be so time-intensive, it’s increasingly likely that the recommended time to start is now, regardless of industry.
Depending on the cost of the crypto-agility update and the value of the assets to be secured, businesses may also want to invest time and money into testing the rollout to determine, for example, the efficacy of the new deployments and note any disruptions or hiccups throughout the process. Blackberry, for example, spent 5 years to move from the Triple DES algorithm to AES as their basis for data encryption – while they were in control of all devices and the server.
So, when do businesses need to begin their crypto agility initiatives to ensure their algorithms are viable against the quantum computer? By calculating, in years, the lifetime of the product or asset that needs to be secured, added to the amount of time needed for testing and roll out and estimating when new, safe algorithms will be available, businesses can work backwards from an estimated deadline.
Here is a brief guide for decision-making based on industry:
Before embarking on their crypto agility journey, it’s recommended that organizations compile a precise and detailed inventory of their cryptographic assets – where each and every key has been injected across IT infrastructures and where they are stored.
Once the organization has a clear picture of its cryptographic ecosystem, it can begin to define strict policies for employees to manage the keys. Key groups are implementing the activity needed to secure their systems within the framework of post-quantum cryptography (PQC). With roles dispersed across the organization, it can act much quicker and be more effective should any of its algorithms become compromised. Driving this “culture” of crypto agility will likely be the IT/security team.
When it comes to the technology implementation and designing crypto agility into the foundation of protocols, it’s often recommended to use stateful hash-based signatures, which are widely accepted as a strong quantum-secure option. This is especially true for code signing. Nearly all experts agree that this can be accomplished today with existing technology.
A hybrid approach – marrying both stateless and stateful schemes – is another option for organizations looking to maximize quantum-resilience. For a given environment, organizations will need to consider signature size, performance and implementation concerns when considering which scheme will be implemented where, leveraging the benefits of each depending on the use case.
NIST has held an open call for quantum-resistant cryptographic algorithms for new public-key crypto standards, including digital signatures and encryption/key-establishment. With submissions closed in late 2017, the group is planning on selecting one or more quantum-safe algorithms to standardize and implement on a wide variety of platforms and applications. It’s likely that this will become one of the highly endorsed quantum-resilient options, however, it’s not recommended for organizations to wait until this becomes available.
It’s no secret that crypto agility initiatives will be challenging, especially as entities and individuals across the globe work out PQC in real time. However, the threat of the quantum computer against current algorithms is too great to ignore. Without crypto agility in place, organizations’ cryptographic assets become their Achilles’ heel.