In a previous post-quantum cryptography (PQC) ISACA blog post, I introduced some post-quantum cryptographic risks as well as demystified quantum cryptography through the analysis of how PQC came to be relevant in the Q-Day discussion.
While some aspects of cryptography has been explained to laypersons, such as through Cloudflare demonstrations on the randomness aspect of generating seeds for various algorithms, there is also the aspect of cryptography revolving around the mathematical problems used to define the algorithm. RSA is a popular algorithm and is, in fact, the main subject of PQC discussions, as it is known to eventually be vulnerable to attacks from a quantum computer. Researchers are actively working on breaking RSA encryption, with a recent article being published claiming some Chinese scientists are “breaking RSA.” The good news was that it was only 50-bit RSA encryption, and not typically RSA-2048. The bad news is that nobody can predict Q-day, but once it comes, attacks will exponentiate.
To recap the threat, the main urgency around PQC discussions revolves around the “harvest now, decrypt later” strategy on data that could still be sensitive in the future, such as intellectual property and historically sensitive data. In other words, an attacker could steal data protected with an algorithm vulnerable to quantum computer attacks and break the algorithm at a later date when a quantum computer attack proves viable.
As with many advancements in cybersecurity, there is a big gulf between the budgets and capabilities of large organizations and government agencies, compared to small and medium businesses. But small and medium businesses, too, may have PQC requirements. We will discuss some of these topics.
Cryptographic Inventory
Chances are that enterprises talk about encryption being implemented all over the enterprise without understanding the standards, implementations and whether or not they are quantum-safe. As per NIST CSF 2.0, it is essential that any enterprise identify their systems and applications implementing cryptography, document the types of algorithms and key sizes, and prioritize their efforts on systems that handle sensitive or older data to be quantum-safe first.
Nowadays, there are also tools that can be used to discover internal encryption standards. There are both commercial tools available as well as open-source tools such as Tychon. Typically, this involves identifying cryptographic file formats and examining the files to see if they use outdated or vulnerable cryptographic algorithms.
Cryptographic Agility
Cryptographic agility refers to how quickly one can switch between different cryptographic algorithms. In solution design and architecture, it is prudent to take an approach that there may exist some technological advancement someday that can “break” a cryptographic algorithm, even if it may be suggested to be safe today, as there may be flaws inherent in it yet to be discovered, unlike earlier candidates that were eliminated. The concept of cryptographic agility suggests cryptography to be implemented in modular ways to mitigate issues such as dependencies of said algorithms.
Hybrid Approaches?
In some enterprises, especially those that require backward compatibility, it is not always possible to perform clean migrations to PQC algorithms. Even large enterprises such as Meta have looked to hybrid transitions, such as deployment of various permutations of Kyber. Meta has also highlighted how they prioritized their PQC implementations beginning from internal applications, before looking at public-facing ones, from a complexity standpoint.
Staying Updated
With rising interest in this pertinent topic, there are now more avenues to stay updated and even influence the PQC discussions. For instance, the Post-Quantum Cryptography Alliance (PQCA) allows for entities to share insights and collaborate. Under the PQCA, there are open-source projects such as the Open Quantum Safe (OQS) project that presents collaboration opportunities from implementation perspectives. One of the most critical aspects of OQS is the open-source C library for quantum-safe algorithms called liboqs.
Other bodies such as the Internet Engineering Task Force (IETF) are also active in standardization of how PQC is to be implemented, which will come in handy from an implementation perspective.
You’re Not Alone
PQC threats are almost universal; any enterprise that deploys RSA is bound to confront Q-day. Even within the specific domain of PQC, there now exists conferences such as PQCrypto that is dedicated to the topic. Standards bodies have also organized conferences, such as ETSI.
Regulators, too, have gotten onboard. In Singapore, the Monetary Authority of Singapore has already looked into PQC advisory for financial service institutions. Others will inevitably follow suit, with greater clarity on how quantum-safe different types of computer systems can be given operational and business considerations.
Focus on What We Can Control
Our PQC efforts should focus on what is within our control to implement to deal with Q-day threats. While the topic is daunting, especially with doomsday messaging being spread urging an update of cryptographic algorithms (but to what, and with what level of security?), there is in fact a compendium of credible information and a selection of communities to partake in these discussions. The ecosystem, while still somewhat nascent, will definitely develop.
But not everyone will roll up their own cryptography. Many businesses, especially smaller ones, leverage existing implementations (such as using a cloud service provider’s cryptographic services). The good news is that PQC, implemented correctly, does seem to offer a less technically daunting path for businesses to achieve cryptographic agility to deal with the Q-day class of threats – and whatever other threats may emerge with capabilities to solve mathematical problems rendering other cryptographic algorithms unsafe.
