Experts state that quantum computing will kill the two most frequently used, asymmetric crypto algorithms – those based on RSA and Elliptic Curve –, with a 17% chance that they will be broken within the next 10 years. What will this mean for you?
If your business is based on any of the above, and you have product life cycles that are longer than 5 to 7 years, you should read on. Your seeded microchips, secure elements, embedded HSMs, encryption keys and digital signature certificates, generated with the affected algorithms, are likely to be decrypted, compromised or cloneable within the next decade.
Click here to watch Michele Mosca’s view on it.
The good news is that new, quantum resistant algorithms will be available in the near future. The bad news is that replacing certificates, or the seeding in secure elements, rolling keys or exchanging crypto material with material generated using the new quantum resistant algorithms will take time. Implementing, and deploying quantum-safe material and algorithms will require a certain amount of “crypto agility”, i.e. you will need to be able to exchange non-quantum safe information with quantum safe information – secrets, chips and the code to use them – and possibly also on devices already in the market.
If you are in the business designing products, schemes and architectures, that use embedded secure elements, digital certificates, payment mechanisms or IoT/connected devices, there will be no “1 size fits all solution” or algorithm in future. So, how do you make sure that what you design today is PQ-secure against future requirements? By designing for crypto agility. What does that mean in practice? Look out for the following points:
If you are working with HSMs as the backbone of the security infrastructure used to generate crypto material, try working with Utimaco HSMs. Our HSMs support the upgrading of firmware or algorithms (using CryptoScript) that allow new algorithms to be incorporated into the HSMs, as needed, to accommodate for the evolving demands on encryption.
We are proud of the fact that Utimaco HSMs are – already today – being used by major researchers in the post-quantum crypto field, by companies around the world, such as Isara, LG Electronics and Microsoft.
We are also proud of the fact that members of staff from ISARA, LG Electronics, DigiCert, Synopsis and Microsoft were able to present the status of their research at the Utimaco Applied Crypto Symposium in Los Gatos, California on November 9 2017.
Microsoft has published their research based on the Utimaco SDK at https://github.com/Microsoft/Picnic/blob/master/spec/design-v1.0.pdf
Alex Truskovski is responsible for product management at ISARA and is focused on the creation of products that help customers ensure the protection of their data and systems in the post-quantum age. Alex is a seasoned professional with nearly two decades of experience in the technology sector. Previous to ISARA, Alex provided technical leadership in the development of core security protocols and features at BlackBerry, and designed and built enterprise software at Oracle. Alex has a Master’s of Computer Science from the Concordia University focusing on Applied Cryptography, an MBA from the Lazaridis School of Business and Economics at Wilfrid Laurier University, and holds a CISSP designation.
Brian LaMacchia is a Microsoft Corporation Distinguished Engineer and heads the Security and Cryptography team within Microsoft Research (MSR). His team’s current project is the development of quantum-resistant public-key cryptographic algorithms. Additionally, Brian is an Adjunct Associate Professor in the School of Informatics and Computing at Indiana University, an Affiliate Faculty member of the Department of Computer Science and Engineering at the University of Washington, and currently serves as Treasurer of the International Association for Cryptologic Research (IACR). Brian received S.B., S.M., and Ph.D. degrees in Electrical Engineering and Computer Science from MIT in 1990, 1991, and 1996, respectively.
Dr. Harsh Kupwade-Patil is a Sr. Staff Research Engineer (IoT Security) at LG Electronics Mobile Research. Prior to joining LG, he was the director of research at Nanthealth Inc. Previously, he was involved in collaborative research work with Cisco Systems Inc., Sipera Systems (acquired by Avaya Inc.) and Bell-labs, Alcatel-Lucent. He has prosecuted and litigated patents during his stint at Fish & Richardson P.C. He holds a Master’s Degree in Electrical Engineering and a Ph.D. in Applied Science from Southern Methodist University, Dallas, Texas. He is the author of the book titled “Security for Wireless Sensor Networks using Identity-based Cryptography”.
Mike Ahmadi is the Global Director – IoT Security Solutions at DigiCert, Inc. He has an extensive background in both Project Management and Information Systems for projects addressing cyber security in multiple vertical industries, including energy and health care. Fox example, he is and active member of the
As CTO of Utimaco, Thorsten Groetker shares responsibility for technological strategy and R&D operations. He joined Utimaco after 16 years with Synopsys, Inc., where he served in a range of engineering management positions. Groetker earned a doctorate degree (SCL) in electrical engineering from Aachen University of Technology (RWTH). He co-authored “System Design with SystemC” and “The Developer’s Guide to Debugging”.
We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.