Quantum Computing and the Impact on Cryptography: What Do Organizations Need to Know?
In this blog, Beatrice Peirani, Chair of the GlobalPlatform Crypto Sub-Task Force, shares key takeaways from GlobalPlatform’s member-only TechTalks series on Post-Quantum Cryptography. The TechTalks series is a new member initiative from GlobalPlatform, which allows subject matter experts to share insights and guidance on how to navigate the latest technology trends and advancements.
Post-Quantum Cryptography is a major priority
During its last Advisory Council meeting, GlobalPlatform conducted a poll to identify the main topics of interest to members. Post-Quantum Cryptography (PQC) came out on top, with an overwhelming share of votes. In response, GlobalPlatform ran a series of online ‘TechTalks’ to educate and provide guidance on migrating to new PQC algorithms.
As part of this PQC series, experts were invited from Entrust, the National Institute of Standards and Technology (NIST), PQShield, Thales and GlobalPlatform’s Crypto Sub-Task Force, to share technical best practice.
Thanks to these expert insights, GlobalPlatform members have learnt about the latest developments in quantum computing and the impact on today’s cryptographic algorithms and protocols. The series also deep-dived into the technical considerations of deploying PQC, including the impact on Public Key Infrastructure (PKI), and different migration strategies.
The full content of the TechTalks series is an exclusive member benefit, however since the migration to PQC is a major priority for all industries, this blog summarizes three key takeaways to help organizations understand why and how to prepare.
-
Quantum computing already poses a security risk
Quantum computing is a major risk to the security of standard PKI systems. This is because it has the potential to break the asymmetric standard algorithms, like RSA or ECDSA, that are responsible for encrypting and protecting data. It is also a major risk to the security of cryptographic protocols based on asymmetric cryptography, such as TLS.
While we don’t know exactly when quantum computing will be able to break existing asymmetric cryptography standards, we do know that hackers are already considering how they will use it to launch cyber-attacks, thanks to well-known algorithms like Shor’s algorithm.
‘Harvest now, decrypt later’ (also called ‘store now, decrypt later’) is one such attack. It involves bad actors hoarding sensitive data now with the aim of decrypting it once quantum computers are available. It is a big cause for concern particularly for regulated industries that handle sensitive data with long-term validity, such as the healthcare and government sectors.
To protect against these attacks, organizations need to invest in quantum-safe security measures now, which could include upgrading to quantum-safe cryptography if possible. Enabling crypto agility now will help to ensure that data is secure once quantum computers are capable of breaking current classic encryption techniques.
-
The rationale for a hybrid approach to PQC
When you consider that 20 billion digital devices will need to be upgraded to or replaced with PQC in the next 20 years, the possibility and scale of potential disruption is huge. PQC requires larger keys and a larger memory footprint than classic cryptographic algorithms, meaning each PQC operation is much more power and time intensive. For this reason, direct migration to PQC is simply not feasible. Any migration to different algorithms carries interoperability and security risks, and the risk is heightened in the case of the new PQC algorithms that are being standardized, as they are still relatively new and therefore less mature than traditional cryptography approaches.
To mitigate this, a hybrid approach offers the best balance for most organizations. This involves using one algorithm from the pre-quantum era, such as elliptic curve cryptography, alongside an algorithm from the post-quantum era like NIST’s, the first of which have now been released. This approach allows for flexibility in relation to new and unknown scenarios and reduces the risk of ‘zero-day’ attacks, as the data is protected against quantum computers. This approach is also recommended by European organizations such as the French Cybersecurity Agency (ANSSI), the British Standards Institution (BSI) and the European Union Agency for Cybersecurity (ENISA). Work is ongoing by standards organizations, including ETSI and Internet Engineering Task Force (IETF), to define hybrid versions of current protocols, such as TLS and X.509.
-
Crypto agility is the ultimate goal
While a hybrid approach is a strategic and reasonable evolution towards PQC, crypto agility is the end goal that organizations should be seeking to achieve.
To successfully navigate and prepare for the changing realities of quantum computing, regardless of the implementation approach, all organizations should ensure that they are ‘crypto agile’. This will enable the flexibility to pivot and reprioritize in direct response to future quantum computing challenges and developments, without causing a significant disruption to infrastructure.
In this respect, crypto agility is essential for future-proofing encryption, but also for any organization that needs to protect sensitive data. Achieving it requires a deep understanding of how cryptography is being used in the system. Without this knowledge, it will be a significant challenge to maintain connectivity, security and functionality during the transition.
***
GlobalPlatform is here to support members and the wider ecosystem to ensure high levels of security as PQC evolves. To learn about our work on PQC and how we are supporting PQC migration, please get in touch secretariat@globalplatform.org
Already a member? Join the GlobalPlatform Crypto Sub-Task Force group on Workspace to stay up to date and get involved in our work. Members can also watch all of our TechTalk webinars on-demand via Workspace.
Interested in becoming a member? Learn more about GlobalPlatform membership options and get in touch.
