April 20, 2024

Preparing for post-quantum cryptography: trust is the key

January 23, 2024

Blog

Preparing for post-quantum cryptography: trust is the key

The era of quantum computing is underway as governments and the private sector have been taking steps to standardize quantum cryptography. With the advent of the new era, we are faced with new opportunities and challenges. This article will describe the potential impact of quantum computing and discuss strategies to prepare ourselves amid these anticipated changes.

In 1980, Paul Benioff first introduced Quantum Computing (QC) by describing the quantum model of computing. In classical computing, data is processed using binary bits, which can be 0 or 1, while quantum computing uses quantum particles called “qubits.” Qubits can be in multiple states beyond 0 or 1, making them much faster and more powerful at performing calculations than a normal bit. To be more specific, with a quantum computer we can complete a series of operations that would take a classical computer thousands of years in just hundreds of seconds. In fact, IBM has just launched the first quantum computer with more than 1,000 qubits in 2023.

However, the increased speed of quantum computing may have double-edged consequences. Modern cryptographers have been concerned about the potential security impacts of public-key cryptographic algorithms. Those considered unbreakable are now at risk, as a cryptographically relevant quantum computer (CRQC) can make short work of decryption. For example, the most popular public key cryptosystem, Rivest-Shamir-Adleman (RSA), was previously considered very challenging due to its complex inverse computation. However, in Shor’s algorithm, where quantum speedup is particularly evident, the once reliable computation time becomes vulnerable to CRQC. As such, the US National Institute of Standards and Technology (NIST) has been promoting the standardization of post-quantum cryptography (PQC). Additionally, the National Security Memorandum (NSM-10) was issued in 2022 in response to the threat posed by cryptographically relevant quantum computers (CRQC).

In fact, when it comes to quantum computing, there are still many issues that researchers can’t agree on. In the current era of “noisy intermediate-scale quantum” (NISQ), it is still unclear what the ideal architecture of a quantum computer is, when we can expect the first CRQC, and how many qubits we will need for a quantum computer. Take for example the “minimum number of qubits that would qualify for a quantum computer.” Google estimated that it may be 20 million qubits. But with a different quantum algorithm, Chinese researchers proposed their own integer factorization algorithm in 2022, claiming that only 372 qubits are needed to crack a 2048-bit RSA key.

Despite the various problems of quantum computing, researchers have consensus on the need and urgency of the transition to PQC. Based on the guidelines proposed by both the public and private sectors, we have concluded the following key points for a smooth PQC transition:

  1. Create an inventory of critical data and existing cryptographic systems at risk, particularly public key algorithms such as digital signatures/key exchange.
  2. Consider how long the data at risk will be protected, how valuable the data/asset is to the organization, and how much exposure or protection the system has from external systems.
  3. Consult or interact with standards organizations regarding the latest PQC updates, such as NIST.
  4. Create a plan/schedule for the transition to PQC.
  5. Maintain cryptographic agility and implement a gradual migration to PQC with hybrid mechanisms that support both new and classic standards before a full transition.
  6. Alert and educate staff members about the PQC transition and schedule training sessions.

In fact, the above suggestions are not dependent on PQC standards and preparations can begin now. It is important to note that overall system security remains the top priority in both classical computing and the PQC era. The scope of the transition will not really affect all the classic cryptographic algorithms that we know. That is, the current NIST-recommended AES-256 encryption and SHA-384 hashing algorithms are still acceptable (although not satisfactory) in the post-quantum world.

The full transition to PQC may take many years, giving us more time to examine PQC readiness and remain crypto-agile. According to the National Security Memorandum (NSM-10), the winners of the final round of NIST PQC standardization are expected to be announced in 2024, so organizations are encouraged to start the stopwatch on that date. Table 1 compares algorithms that have already been selected for NIST standards with their classical counterparts in terms of public key and ciphertext/signature size (in bytes). More importantly, any system built today must maintain the ability to remain flexible enough to account for possible future modifications, understanding that what may seem quantum safe today may not be so soon.

Table 1: NIST PQC Standardization Candidates

Security concerns and levels will continue to evolve as quantum computing advances. This necessitates a more robust security storage system, such as NeoPUF. At the end of the day, security is about trust. Without the foundation of trust, the classic RSA public key algorithm or a lattice-based PQC algorithm becomes ineffective. Since important system keys must be highly random and unguessable, secure methods for building trust in a system will become increasingly important in the post-quantum world. An even stronger foundation of trust, a hardware root of trust (HRoT), must be implemented in hardware, as the software root of trust alone is no longer considered sufficient. The most robust form of such internal provisioning is based on PUF. Having provided trust in multiple foundry platforms, eMemory and its subsidiary PUFsecurity are very credible. Experienced solution providers like eMemory and PUFsecurity will continue to be the best option as you move into the post-quantum world.

To learn more about post-quantum cryptography, read the full article on the PUFsecurity website.

Leave a Reply

Your email address will not be published. Required fields are marked *