Building a Post Quantum-Safe Crypto Environment
(QuintessenceLabs) Computing technology is advancing rapidly, with the full potential of quantum computing on the horizon. Leveraging the power of quantum physics, quantum computers will be able to handle highly complex calculations in a fraction of the time required by today’s best supercomputers.
Given the speed and power of quantum computers, and their ability to solve the mathematically complex problems on which some of our security systems are based — particularly key exchange protocols — cybersecurity experts have raised the alert that they will easily defeat the defenses used to secure our data today.
There are technologies and solutions that can help provide a quantum-safe encryption environment, post quantum crypto algorithms, quantum random number generators, post quantum crypto agile key management and quantum key distribution.
Current cryptography relies on several industry-standard encryption algorithms such as RSA, AES, and ECC. Symmetric encryption algorithms used to protect data at rest, such as AES, are expected to remain secure in a quantum world as long as longer, full entropy keys are used. However, asymmetric algorithms used for key exchange, such as integer factorization (RSA), discrete logarithm (DH, and DSA), and elliptic curve (ECC) will no longer be safe, since quantum computers will be able to break the type of math used to secure them.
Implementing post-quantum crypto algorithms, which will use mathematical structures such as lattice-type algorithms that are resistant to quantum attacks will provide asymmetrical encryption key protection. NIST is currently managing a program to evaluate the best protocols and plans to publish standards on this topic. The standards are not expected to appear in a draft form until 2022 at the soonest. Be warned that they will typically require significantly larger keys than used today and will take more processing time. Furthermore, there is always the possibility that new routes of quantum attacks are discovered that the new algorithms will be vulnerable to, requiring ongoing adjustments.
Whether using asymmetrical or symmetrical encryption keys, being quantum-safe means protecting data with keys that are as strong as possible. These should ideally be “full entropy”, or truly random keys. Traditional deterministic RNGs may not have sufficient entropy to remain secure when under a quantum attack. Integrating full entropy keys into your security architecture is an important step to building quantum safety.
This type of capability will be necessary regardless of the encryption type used – whether symmetric encryption with longer keys, which will likely remain resilient to quantum attacks, or when deploying the new quantum-resistant algorithms. Fortunately, quantum random number generation (QRNG) technology is readily available and can be easily integrated.
Whatever form these protocols take, they will need to be embedded into an overall security structure that can manage keys and policies effectively, as today. An important part of building quantum safety is to ensure that the key management solutions that you are deploying today have the built- in flexibility to manage different types of keys and integrate these new post quantum crypto algorithms as they become available, this capability is commonly known as “crypto-agility”.
More broadly, quantum key distribution (QKD) technology can be integrated into the security architecture to enable the secure exchange of keys without relying on quantum resistant algorithms. Instead, the laws of physics are harnessed to protect the key exchange, delivering the best future proof security for the most sensitive communications links.
Quantum-Safe Methodology™ (QSM)
QuintessenceLabs experts work with customers, using our proprietary Quantum-Safe Methodology — our highest-performing QRNG, crypto-agile key management and QKD strategies — to map out their quantum risk, define a roadmap to quantum safety, and deliver a quantum-safe solution.