As an IT security professional, you have a number of issues that demand your attention today. Protecting against data breaches, securing IT infrastructures that are growing more complex and distributed, the steady stream of new devices attaching to your networks thanks to the rise of the Internet of Things, artificial intelligence, etc. So, the as-yet-unknown arrival of quantum computing is probably not on your radar. But it should be.
There are two main factors that will influence how you proceed. First, ask yourself what your lead time will be for changing and updating your systems. The more compliance and regulatory obligations you have, the harder that gets and the longer it takes. For example, if you’re with an international bank with complex PKI and cryptography on a large scale, well, get started now.
The second factor is the race already underway between two main groups. On one side you have companies like Microsoft, Google, IBM and Intel working to actually build quantum computers. On the other are the standards bodies and companies developing the standard libraries and technologies that will enable the world to neutralize the threat quantum computing poses to current cryptographic algorithms by developing post-quantum cryptography. No one can accurately predict how long it will take either group to reach the figurative finish line, but one could argue the latter face an even longer and more difficult challenge than the former.
Nearly two years ago, NIST predicted that large-scale quantum computing will break RSA and elliptic curve public-key cryptography. A more recent report from the Cloud Security Alliance’s Quantum Safe Security Working Group echoes that warning, and recommends that we learn from history: “Cryptographic transitions take time, often a very long time. For instance, the call for increased RSA key size from 1024- to 2048-bit, or the call for the transition from RSA to elliptic curve-based cryptography took over a decade. The transition to quantum-resistant cryptography is likely to take at least 10 years. Some quantum computing experts believe that quantum computers with the ability to break RSA and Elliptic Curve Cryptography (ECC) may be available within 10 to 15 years. It is therefore important to plan for transition as soon as possible.” (Roberta Faux, “The State of Post Quantum Cryptography”, Cloud Security Alliance.) Today’s technology trends are influencing the planning for that transition.
Creating tomorrow’s standards today
Manufacturers and users of Internet of Things (IoT) devices will realize significant benefits from quantum computing. They will be able to perform complex calculations much faster than what is possible today, and that promises to fundamentally change the way we approach everything from researching cures for cancer to building so-called “smart cities.” But realizing those visions requires overcoming these new security challenges quantum computing will create.
Today, IoT devices typically rely on RSA cryptography to protect the confidentiality, integrity and authenticity of electronic communications. So, that means that quantum computing and its ability to break RSA public-key cryptography will make them vulnerable to security threats just like other computing devices.
You may feel like you’re being pulled in two different directions. The top-level advice is to start preparing for quantum computing today, and carefully monitor the development of both the actual quantum computers and effective post-quantum standards and protocols. Fortunately, there are some simple steps you can take today to prepare for tomorrow.
If you plan to keep your current systems around long enough that you are concerned about quantum computing, double your key sizes for symmetric algorithms. Start using AES-256, which is not much less efficient than the shorter key versions, and be confident that there will not be a quantum computer that will break AES-256. Similarly, prefer the use of SHA-512 when you need a collision-resistant hash function.
Another approach to consider is the use of hash-based signatures. There is the downside that each key can only sign a finite number of things, but they will resist quantum computers, enabling you to develop a hash signature scheme that will be quantum-safe. These signatures can be used to securely deploy more advanced quantum-safe technologies when they become available. Sometime in 2019, NIST is expected to standardize the use of hash-based signatures.
Some banks and other financial services institutions are looking into “hybrid cryptography” that combines a conventional algorithm like RSA or ECC with one or more of the new candidates that NIST is considering. By combining techniques, such as two NIST candidates and ECC, for example, you create a key exchange that requires an attacker to break all three. Achieving such an attack is only a very remote possibility because the attacker would need a quantum computer to break the ECC key and to discover flaws in two of the NIST candidate algorithms.
Whatever approach you determine is best for you, don’t wait. Reach out to your cryptography providers today to include PKI. Ask them to give you the details on their plans for the arrival of quantum computing, and gauge their understanding for the need for quantum-resistant computing. This is particularly important if you manufacture connected devices with a long shelf life that incorporate IoT, such as an automobile or medical product, that users may keep for 10, 15, 20 years or longer. Work with a reputable and experienced provider to determine how to build quantum-resistant crypto into your crypto deployments, such as certificate-based authentication using PKI.
This article is published as part of the IDG Contributor Network. Want to Join?