Key Takeaways
The NIST is conducting an effort to select a quantum-resistant cryptography algorithm that will become the new standard for internet security protocols
All organizations can prepare for quantum computing cryptography attacks by increasing the size of symmetric keys and using two factor authentication to access keys
Large organizations should become crypto agile by making their cryptographic parameters easily replaceable and partly automating that process
Not sure what the Cryptocalypse is referring to? Go check out the last blog which explains what it affects and when it may come. That last blog might have left you wondering what can be done to prevent quantum computing from “breaking the internet” and all secure digital communication. Luckily, lots of preparation is already underway and it looks like the internet will survive.
I had the great fortune of being an undergraduate intern at the Defense Information Systems Agency a couple of summers ago. By far the most interesting meeting that I attended was about DISA’s strategy for making the DoD’s IT communications safe from quantum computing attacks. I assure you that this initiative is not secret and openly talked about by DISA. I only bring up this experience as evidence that this is a real threat that large organizations are already planning for today.
Updating standards and protocols is the first step
Cryptography is something that is standardized. If two entities want to encrypt their messages to each other they need to agree on the method of encryption and decryption because one algorithm does not work to decrypt another algorithm's encryption. Standards are often decided by government agencies, like the National Institute of Standards and Technology (NIST). NIST is an institution designed to provide recommendations for online security for government organizations. NIST will evaluate different algorithms and decide which one is most secure and efficient and tell everyone to move forward with that one.
Once a standard algorithm is decided, it is then implemented into protocols. The point of an encryption protocol is to fulfill a specific function. The functions encryption protocols can perform vary, from communications with TLS/SSL to remote connections to computers with SSH. There are many other protocols including IPsec (protects data in transit), PGP (email encryption), Kerberos (single-sign on). Software developers build their products around these protocols to keep their data secure both in-transit and at-rest.
The last blog went over why current algorithms and protocols are not safe from quantum computing. This is why NIST is now working to standardize a quantum-safe cryptography algorithm. Once they decide on one, we can update protocols and our communications will be safe again.
NIST’s Post Quantum Standardization Effort
Luckily, there are various classes of mathematically hard problems for which no efficient quantum algorithm exists today:
Lattice-based cryptography
Based on the hardness of solving the Shortest Vector Problem (finding the minimal Euclidean length of a non-zero lattice vector)
Multivariate cryptography
Based on the hardness of solving multivariate polynomial equations over a finite field (at least NP-hard, likely NP-complete)
Hash-based cryptography
Combines many one-time keys into larger structure (Merkle Tree)
Code-based cryptography
Based on Error-Correcting Codes (ECC)
Super-singular elliptic curve isogeny cryptography
Based on walking super-singular elliptic curves
The U.S. National Institute of Standards and Technology (NIST) announced in 2016 that they would conduct a multi-year search for post quantum algorithms. The call for round one submissions was in 2017, 82 algorithms were submitted and 69 were found to be complete and were admitted to first round participation. The candidates that made it to the second round were announced in 2019, 26 contenders remained. On July 22, 2020, NIST announced seven finalists for the third round. One of these algorithms will be standardized at the end of the third round. Of the seven remaining algorithms, 5 are lattice-based, 1 is code based, and 1 is multivariate.
There is no clear winner yet and even after a winner is decided there is a lot of work to do:
Common protocol implementations don’t currently support most of these new algorithms.
Commercial software and hardware largely don’t support these algorithms either.
Post quantum algorithms generally use larger keys which take longer to generate, occupy more space and add overhead/latency to common protocols.
What can your organization do to be prepared?
Symmetric encryption is mainly safe from quantum computing attacks. Key sizes might increase, but solutions like AES-256 are sufficient to resist key guessing. Therefore, organizations using AES-128 should move to AES-256. All new encryption implementations should use the 256-bit key format. It is all about the key size when using a standardized symmetric encryption algorithm.
Organizations should move to two-factor authentication to access keys. The use of strong passwords is no longer considered a viable option by itself, even without the looming threat of quantum computing.
Now what about preparing for the overhaul of modern public key cryptography and implementing whichever algorithm the NIST standardizes? Large organizations need to become crypto agile. A security system is considered crypto agile if its cryptographic algorithms or parameters can be replaced with ease and is at least partly automated.
These are some ways to be crypto agile:
Develop design principles for crypto implementations in home-grown software, ask vendors how easy it is to replace cryptographic libraries if needed
CIOs: Build an inventory of applications using cryptography, what algorithms they use and how they are implemented as well as certs and keys in use by the enterprise
Develop crypto-specific threat models and identify alternatives
Make cryptographic modernization part of the budget cycle for legacy applications
Invest in cryptographic automation and automated trust store management
Cryptography as a service
Conclusion
NIST is working on selecting the goforward standard for encryption algorithms that defend against quantum attacks. That new standard will then be implemented into the protocols that govern how data is securely transferred and stored on the internet. Commercial software and hardware is not ready for these new algorithms but there are ways that organizations can become crypto agile, so when the day comes to update everything, they will be ready to transition smoothly.