Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

The challenge of achieving quantum-proof encryption

It might still be buried deep in development labs and years away from mainstream use, however quantum computing promises to usher in never-before-seen technical capabilities, writes Kevin Bocek, vice president, security strategy and threat intelligenceVenafi.

user iconKevin Bocek
Thu, 17 Nov 2022
The challenge of achieving quantum-proof encryption
expand image

Quantum computers will be able to carry out in seconds complex calculations that would take existing computers years to complete. The leap in performance that will be achieved is hard to comprehend.

However, while they will bring myriad advantages to society, they also pose a very significant threat. Quantum computers will spell the end of the protection afforded by existing public-key cryptography.

The reason is that current public-key encryption systems rely on mathematical problems that existing computers find extremely difficult to solve. Quantum computers, on the other hand, have the potential to solve these problems in a fraction of a second, which means they’ll be able to break current encryption with ease.

============
============

The hunt is on

Although fully functioning quantum computers are still some way off, it is important to recognise the impact they will eventually have on encryption and develop alternatives. This involves developing algorithms that are “quantum proof”.

To encourage this development, the US-based National Institute of Standards and Technology (NIST) recently revealed the first four quantum-resistant cryptographic algorithms selected after a six-year-long competition. NIST hopes this will spur interest among cryptographers to develop others.

The reason multiple algorithms will be required is that cryptography is deployed in many different areas. This means any effective standard needs to support varied approaches. It’s also important to be able to mitigate risk if one or more of the new algorithms do turn out that it can be cracked.

With this in mind, NIST has selected the CRYSTALS-Kyber algorithm for so-called general-encryption usage, due to its relatively small encryption keys and speed of operation.

When it comes to digital signatures, such as those currently used within TLS machine identities, NIST has earmarked the CRYSTALS-Dilithium, FALCON and SPHINCS+ algorithms.

The journey starts now

While for some people, there might be a temptation to sit back and do nothing at this point, that is not a strategy that should be followed. After all, it’s a case of “when” and not “if” current encryption becomes obsolete and so planning should begin now.

With early-stage standards now in place, IT teams should start scoping out laboratory testing options. Teams should then select a single application and understand the impact that the new algorithms will have on its performance.

It will be important to understand how best to deal with larger machine identities, and how to operate dual pre- and post-quantum modes. This is because the shift will not be made in all areas at the same time and most organisations will end up running both types of encryption side by side within their infrastructures.

While it’s difficult to predict just how long the migration will take, it’s highly likely that many people working in the IT sector will not be there once it’s completed. However, it’s not something that can be put off for future generations of workers to tackle.

For many organisations, an allowance should be made during the next budgeting cycle to cover costs associated with planning and testing. In terms of a timeline, the goal should be to have the first quantum-resistant application up and running within about five years. This could change as development continues, however, the time to start is now.

Having solid, unbreakable encryption is vital in today’s digital world. Quantum computers may change the technology underpinning this encryption, but this doesn’t mean solutions can’t be found and deployed.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.