The post-quantum cryptography conundrum

Business leaders may have heard of quantum computing, but many are not yet aware of its incipient threat to cryptography and cryptocurrency. When these machines reach a sufficient level of performance, they will be able to easily factor prime numbers, which poses a threat to RSA. Only a few realize that the time to prepare for the conundrum of post-quantum risk is now.

In quantum computing, the zeroes and ones underlying classical computing are replaced by quantum bits (qubits). These are made of subatomic particles. They produce complex computations exponentially faster than classical computing’s ones and zeroes.

Quantum’s risks

One great risk related to quantum computing is the belief that its capabilities will remain out of reach for a long time, yet some pundits have been remarking for 30 years now that the quantum threat is 30 years away.

As of this writing, about three dozen quantum computers are already available in the cloud. While these machines pose no risk, national governments, global authorities, and experts regard the availability of a cryptanalytically-relevant quantum computer (CRQC) as an imminent threat.

Cryptocurrency and the blockchain

Imagine a bad actor possessing a CRQC and downloading a blockchain. They’ll reverse all transactions where addresses are reused to obtain those wallets’ private keys. Then, they’ll steal all the cryptocurrency those wallets contain.

The elliptic curve cryptography used in blockchain is more susceptible to quantum computing attacks than RSA encryption used to protect sensitive data in motion such as credit card transactions. Based on two well-known papers, 2,500 error-corrected qubits will be needed to crack some blockchains, while over 4,000 such qubits will be needed to attack 2048-bit RSA. Newer, quantum-resistant approaches for blockchains are emerging, but it’s still early days. Businesses that make use of the blockchain will want to monitor developments in quantum-resistant approaches.

Sensitive data

Public key encryption techniques – used today for email, financial transactions, and other sensitive communications – will be broken when a CRQC becomes available to bad actors.

This is not only a threat to future transactions but also already a threat to data. Nation states and other bad actors are already stealing encrypted data, anticipating capabilities to decrypt these assets to become available within a few years.

Mosca’s Theorum adds the years it could take an organization to migrate to post-quantum cryptography (PQC) to the years the data must be kept safe. For industries like healthcare or insurance, the shelf life of sensitive data is a lifetime. This total is almost always longer than estimates of a CRQC arriving, which means the secrets will be exposed. to the years the data must be kept safe. For industries like healthcare or insurance, the shelf life of sensitive data is a lifetime.

Now is the time to identify sensitive data in preparation for applying new algorithms and ciphers as soon as they’re available.

Regulation

In May 2022, the White House released a memorandum to describe the U.S. government’s expectations of all federal agencies: “When it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions… To mitigate this risk, the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.”

It’s likely that other authorities will adopt similar requirements for the industries they regulate.

Meanwhile, the United States Department of Commerce’s National Institute of Standards and Technology (NIST) is conducting global efforts to standardize PQC algorithms. They’ll publish the standard in twelve to eighteen months.

Standardization will be the inflection point at which most individuals – including board members – take interest in the conundrum of post-quantum risk. When NIST announces the standards, board members and other stakeholders will want to know how crypto-agile their organizations are – but by then, we believe it will be too late.

Crypto-agility

“Crypto-agility measures how well your company can adapt to new cryptographic primitives and algorithms without making disruptive changes. Every company will need to achieve this bragging right as soon as possible to avoid the coming quantum computing cryptographic apocalypse. This includes a combination of auditing where you are on the journey and then actually taking action.”

Crypto-agility should be the goal of every organization, but how many of them can pass a crypto-agility assessment today? The answer is: no organization today is fully crypto-agile. The good news? All organizations can make progress toward crypto-agility, starting from wherever they are.

Why act now?

For the first time ever, security professionals enjoy the luxury of knowing about a “zero day” before it happens. They don’t have to be caught unaware.

Among the reasons to work toward crypto-agility now:

• In anticipation of CRQC availability, bad actors are already storing data.
• Transition to PQC will take considerable time.
• NIST has already identified one finalist PQC algorithm.
• Businesses and individuals alike will experience theft from compromised blockchains.
• Even as the world awaits PQC standards, guidance is available and businesses can take action to prepare.

Approach

Some security leaders are taking steps to become crypto-agile by:

• Starting with a post-quantum cryptography agility assessment to determine their current state and identify gaps.
• Determining where their most highly valued and sensitive data is stored, and how it moves between systems, functions, and enterprises.
• Inventorying ciphers they use today. This activity identifies which ciphers must migrate to PQC. With this action, organizations begin to understand how adapting to PQC will impact the organization and its current systems.
• Assessing proprietary software. Some custom code may incorporate security features in an inflexible way that would need rewriting. Geometry Labs has released a “lattice-algebra” library to bring a high-performance cryptographic library to developers interested in using post-quantum cryptography in blockchain and other applications and joined us recently for a Post-Quantum World podcast on the topic. Evaluating the crypto-agility of providers whose platforms, infrastructure, and software as a service (PaaS, IaaS, SaaS) are in use.

Businesses of any industry may experience new threats when bad actors acquire CRQCs, but they can start defending themselves now. Keep up to date with quantum threats – and opportunities – with The Post-Quantum World podcast.

Read the results of Protiviti’s Global Technology Executive Survey: Innovation vs. Technical Debt Tug of War.

Connect with the Authors

Greg Hedges
Managing Director, Emerging Technology Solutions

Konstantinos Karagiannis
Director, Quantum Computing Lead