While Quantum Day, or “Q-Day,” may be five to ten years away, it is arriving faster than we would like. Q-Day represents the day that quantum computers will reliably use the superpositioning power of multi-state qubits to break encryption algorithms that are widely used around the world to enable e-commerce, data security and secure communications. Adversaries are already preparing for Q-Day by employing “collect now, decrypt later” strategies.
With such threats on the horizon, many organizations are facing the same challenge – implementing a strong quantum security strategy ahead of Q-Day to protect themselves and their customers from quantum attacks. Thankfully, there are a few key tactics and technologies organizations can implement now to mitigate the emerging quantum threats and risks and get ready for Q-Day.
Conduct an enterprise-wide quantum risk assessment
To begin preparing for Q-Day, organizations should first conduct an enterprise-wide, quantum security risk assessment to help identify systems that would be the most vulnerable to such a threat and should be protected first. For example, systems, devices, applications, and services that rely on asymmetric encryption and popular algorithms and communication protocols such as RSA, DSA, ECDF, and TLS are known to be vulnerable to quantum attacks and algorithms such as Shor’s algorithm.
The internal quantum risk assessment should also cover the organization’s current information security practices and policies, as well as include a wall-to-wall inventory of its current cryptographic services and infrastructure. Knowing when, where, and how an organization’s data and communications are secured will also help to identify the crypto hardware and software that might have to be updated or replaced to be quantum-secure.
For most organizations, the journey to a quantum-secure enterprise will take multiple years as many will also have to coordinate their post-quantum security upgrades with external stakeholders, such as customers, suppliers, and partners. High-value assets and assets most vulnerable to quantum attacks should be prioritized. Identifying these vulnerabilities early will help teams ensure that they are developing an effective quantum security strategy from the start.
Deploy quantum random number generators
Today’s cryptographic systems and algorithms heavily rely on the use of software-based random number generators, also called pseudo random number generators. PRNGs are typically used to generate a sequence of random numbers in support of cryptographic operations such as generating seeds or encryption keys. Given the deterministic nature of algorithmic PRNGs, random number generated by an PRNG are not truly random. This makes cryptographic systems or services that rely on PRGNs vulnerable to quantum attacks. To address this vulnerability, organizations should start to replace all PRNGs with Quantum Random Number Generators as soon as possible. Instead of using a deterministic algorithm, a QRNG can generate true random numbers by measuring and digitizing a quantum process, which, by nature, is non-deterministic.
QRNG solutions are already commercially available from several vendors in various form factors, such as rack-mounted appliances, PCI cards and chips.
Enable crypto agility
Over the next decade, organizations around the world are expected to migrate from today’s quantum-vulnerable, classical encryption algorithms – RSA, DSA, and ECDH – to the next generation of quantum-safe encryption algorithms, also known as Post-Quantum Crypto.
In July 2022, the U.S. Department of Commerce’s National Institute of Standards and Technology announced that it is getting ready to standardize the first set of four PQC algorithm. These NIST PQC candidate algorithms are the result of a six-year global, multi-round competition, which started with 82 proposals in 2016.
During the multi-year transition period from today’s classical crypto to tomorrow’s PQC, many organizations will have to operate and support both classical and PQC infrastructure as not every system or end user can easily upgrade to the latest PQC algorithms. Many of today’s IT systems, like IoT sensors and network routers, have their current crypto capabilities implemented in hardware for cost and/or performance reasons. This means that these systems cannot be software-upgraded and therefore must be physically replaced over time. Consequently, emerging IT solutions will have to be crypto-agile. Crypto agility refers to a system’s ability to support and switch between different encryption algorithms such as from classical to PQC. Some crypto-agile system might also be able to add new, emerging algorithms.
Crypto agility might also be used to implement hybrid crypto schemes by mixing different crypto algorithms or protocols. While the confidence level in the security of the new PQC algorithms is still very low, many organizations are expected to combine classical encryption with PQC via double (classical & PQC) encryption. Having a well-architected, crypto-agile system would also allow operators to quickly replace a PQC algorithm should it get compromised down the road, which recently happened to one of NIST’s eight PQC candidate algorithms, called SIKE.
Enable quantum-safe key distribution
Besides generating quantum-resistant keys using technologies such as QRNGs, it is also important to provide mechanisms that enable secure key exchange. Quantum Key Distribution systems are focused on addressing this need by providing a secure method for two parties to securely exchange a cryptographic key. The QKD-delivered key then can be used to encrypt / decrypt a user’s data with a chosen encryption algorithm and transmit the encrypted data via a standard communication channel, such as a commercial, fiber optical network.
A QKD solution uses properties found in quantum physics and techniques such as superposition and entanglement of photons to exchange cryptographic keys in such a way that is provable and guarantees security. Any eavesdropping on a QKD-secured key exchange would result in a detectable change of the transmitted information. Well-known QKD protocols such as BB84 ensure that both parties can detect a potential eavesdropping attempt.
While commercial QKD solutions are already available, organizations such as the National Security Agency, the European Union Agency for Cybersecurity and the UK’s National Cyber Security Centre are recommending the use of PQC over QKD. Some of the reasons for their recommendation are based on the need for highly specialized, costly QKD hardware; QKD’s inherent denial of service and insider threat vulnerabilities; its inability to authenticate the QKD transmission source without additional authentication mechanisms; and cyber risks associated with the implementation of complex QKD hardware and software.
Start quantum-securing the enterprise
Even amidst a climate in which NIST has selected the first-ever group of post-quantum encryption and digital signature algorithms designed to withstand quantum computer attacks, widespread adoption is expected to be still years away. However, even before NIST officially ratifies its PQC candidate algorithms, organizations should start to perform an internal quantum vulnerability assessment, create a quantum security strategy and develop a PQC migration plan.
Similar to most organizations’ multi-year zero tust security journey, the enterprise-scale deployment of PQC requires management buy-in, careful planning, pilots and risk-based, phased roll outs. While there isn’t a one-size-fits-all solution for quantum cybersecurity, the steps outlined above are ways to ensure that a strong and universally applicable, risk-based quantum security strategy is enacted throughout the organization. However, having a quantum security strategy does not mean an organization can let its guard down. Many of today’s cyber threats and attack types will still be relevant, even in a post-quantum era—but the better prepared organizations are, the less likely Q-Day will mean doomsday for businesses.