Two panel sessions at the IQT Fall conference on Tuesday painted a picture of the importance of quantum-safe cryptography, and how far–how very far–we may have to go before large numbers of corporate enterprise and government systems can be declared quantum-safe.
In a session focused more on quantum-safe cryptography for enterprise data centers, John Prisco, president and CEO of Safe Quantum Incorporated, and Kosta Vilk, CTO and founder of QuSecure, talked about why the transition to quantum-safe cryptography is so important, and why there’s such a sense of urgency around it.
“The reason to worry about this right now is that you have harvesting going on right now. I’m sure China is copying everything it can get its hands on,” Prisco said in reference to “hack now, decrypt later” attacks that collect encrypted data now with the intent of using quantum computing at some time in the future to decrypt it.
Vilk added, “Any node in a network can be used to launch an attack, so it’s yesterday that we needed to be thinking about protection.”
Both QuSecure and Safe Quantum have worked with Quantum Key Distribution (QKD), and said the next major step to transition to post-quantum cryptography, or quantum methods that will protected encryptions from quantum-driven efforts to break them, will be the completion of post-quantum standards by the National Institute of Standards and Technology (NIST.)
“NIST may have at least two and possibly four standard algorithms,” Prisco said. But he cautioned, “Moving to post-quantum cryptography is not going to be a drop-and-replace upgrade. We had security standards in the 1970s and 1990s where adoption took years to spread.”
Vilk said it’s important to remember that “no networks are going to go from legacy systems to quantum systems in one go,” so the industry needs to focus on helping clients pursue hybrid models in which systems from both eras can still securely talk to one another.
A second Tuesday session that focused on quantum-safe cryptography for government and military found panelists for the most part agreeing that implementing post-quantum cryptography could take several years after a NIST standard is approved.
Whitfield Diffie, co-inventor of public key encryption, said that achieving widespread adoption of past algorithms has taken up to 20 years, with many people continuing to use older algorithms even now. “How long will it take? We’re just getting started,” he said.
Michael Osbourne, IBM’s head of crypto-logical research, said that coming up with new post-quantum algorithms is only part of the challenge. “If we take quantum-safe algorithms and try to deploy them the way we did before, it won’t work,” he said. “There are so many people out there that use broken cryptography.” He called for more focus on making existing systems and applications more “crypto-agile” by making cryptography “a first-class software citizen,” thus easing implementation challenges.
Marvin Woods, electrical engineer at the Federal Aviation Administration, also stressed that there should be more focus on zeroing in on existing systems, and the relatively few targets that are worth the effort and expense of attackers to attack. He asked, “What do we have out there now that 10 years from now we still don’t want someone to be able to decrypt it?”
William Layton, senior subject matter expert for quantum-resistant cryptography at the National Security Agency, said that for government agencies the most painful part of adopting new algorithms will be the validation process, but that “this feels much like the cryptographic transitions of the past.”
That transition, though, can’t begin in earnest until NIST is finished with its standards. “People are talking about NIST having several different standards,” Layton said. “At this point I’ll just take one please.”