Why Crypto-Agility Is the Key for Quantum Safe Cryptography

(KeyFactorBlog) NIST defines the goal of quantum-safe cryptography as the development of “cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.”
Quantum-safe encryption is implemented mostly the same way current public-key cryptography is implemented. However, there will not be a “one-size-fits-all” algorithm, like RSA or ECC.
Why? Because post-quantum algorithms are based on different areas of mathematics and have distinct properties, features, and advantages. For this reason, there is a large variation in performance characteristics between different algorithms. Some algorithms will be more suited to some use-cases than others. Let’s also consider the ever-expanding requirements for cryptography, including the proliferation of constrained connected IoT devices. It will seem unlikely there will be a single algorithm suitable for all applications.
What should organizations do until quantum-safe cryptographic algorithms are standardized? The answer is crypto-agility.
The UK’s National Cyber Security Centre (NCSC) states that,“Organizations that manage their own cryptographic infrastructure should factor quantum-safe transition into their long-term plans and conduct investigatory work to identify which of their systems will be high priority for transition.”
There are many approaches to deploying post-quantum cryptography while ensuring crypto-agility. For example, enhanced X.509 digital certificates simultaneously contain two sets of public-keys and signatures, traditional and quantum-safe.
The goal is to reap the benefits of quantum-safe technology without compromising data and system security. The NIST National Cybersecurity Center of Excellence (NCCoE) recommends several practices “to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks.”