(QuantumXC) November 2021 marks the 45th anniversary of when Whitfield Diffie and Martin Hellman published their paper, New Directions in Cryptography, introducing the world to a new system for developing and exchanging keys over an insecure channel. The Diffie-Hellman key exchange has since become one of the most important developments in public-key cryptography and is frequently used in a range of different security protocols including, TLS, IPsec, SSH, PGP, and many others.
But the continued advancements in mathematics and computing, and the fast-approaching Quantum Age, puts Public Key Encryption (PKE) at risk. The system that was built in the 1980s was not designed for today’s hyperconnected world with vast amounts of data traveling from the data center to public clouds to edge environments. Even more troublesome is that with PKE systems, the data and the encryption key used to unlock that data travel together – an attacker needs only to compromise one connection to retrieve all the secret information. As a result, man-in-the-middle attacks have become more frequent with more at stake.
In the April 2021 report published by NIST, Getting Ready for Post-Quantum Cryptography the standards body outlines the challenges associated with adopting and using PQC algorithms after the standardization process is complete – which is currently on pace for selection by the 2022-24 time frame. As mentioned above, and reinforced in the NIST paper, experience has shown that in the best case, another 5-15 more years will be needed after the publication of the cryptographic standards before a full transition is completed.
This timing is problematic on three fronts:
A quantum computer may be available before then.
There is no guarantee that the cryptographic standards selected will not be broken by adversaries or vulnerable to implementation errors. Again, if we look to history, we will find that all past cryptographic standards have been broken.
“Harvest today, decrypt tomorrow” attacks are happening now.
Dr. Diffie himself shared during a recent panel talk at IQT NYC Fall 2021, “When you think cryptographic standards, you must think in terms of centuries.”
It’s time for a new key delivery architecture: one that’s quantum-safe, interoperable with existing network security solutions, can immediately shore-up both PKE and pre-shared key (PSK) weaknesses, and was designed to work with vast, large area networks where multipoint key transmissions to the network’s edge is required.
Phio Trusted Xchange (TX) from Quantum Xchange fits the bill. The zero-trust architecture delivers on-demand, ephemeral key pairs that are dynamically regenerated to replace traditional static, pre-shared keys fraught with security risks. It decouples key generation and delivery from data transmissions allowing for true crypto-agility. And perhaps, most importantly, it embraces a defense-in-depth security model by combining keys delivered inline by traditional methods with a second, independent platform that delivers quantum-safe, symmetric keys out-of-band down a separate quantum-protected tunnel and mesh network.
Once again, we turn to Dr. Diffie’s recent remarks at IQT where the father of modern encryption encouraged the industry and organizations to embrace security-in-depth practices and implement quantum-safe symmetric keys into their existing crypto infrastructures.