Preparing for Post-Quantum Cryptography: Trust is the Key
January 23, 2024
The era of quantum computing is on its way as governments and private sectors have been taking steps to standardize quantum cryptography. With the advent of the new era, we are faced with new opportunities and challenges. This article will outline the potential impact of quantum computing and discuss strategies for preparing ourselves amid these anticipated changes.
In 1980, Paul Benioff first introduced Quantum Computing (QC) by describing the quantum model of computing. In classical computing, data is processed using binary bits, which can be either 0 or 1, whereas quantum computing uses quantum particles called “qubits.” Qubits can be in multiple states beyond 0 or 1, making them much faster and more powerful to perform calculations than a normal bit. To be more specific, with a quantum computer, we can finish a series of operations that would take a classical computer thousands of years in just hundreds of seconds. In fact, IBM just launched the first quantum computer with more than 1,000 qubits in 2023.
Nevertheless, the speed boost of quantum computing can have double-edged consequences. Modern cryptographers have been concerned about the potential impacts on the security of public-key crypto algorithms. Those regarded as unbreakable are now at risk, as a cryptographically relevant quantum computer (CRQC) can do short work of decryption. For instance, the most popular public-key cryptosystem, Rivest-Shamir-Adleman (RSA), was previously considered very challenging with its complex inverse computation. However, in Shor’s algorithm where quantum speedup is particularly evident, the once reliable computation time becomes CRQC-vulnerable. As such, the US National Institute of Standards and Technology (NIST) has been promoting the standardization of post-quantum cryptography (PQC). In addition, the National Security Memorandum (NSM-10) was issued in 2022 in response to the threat brought by cryptographically relevant quantum computers (CRQC).
In fact, when it comes to quantum computing, there are still many issues that researchers cannot agree on. In the current “noisy intermediate scale quantum” (NISQ) era, it is still unclear what the ideal architecture of a quantum computer is, when we can expect the first CRQC, and how many qubits we will need for a quantum computer. Take the “minimum number of qubits would qualify a quantum computer” as an example. Google estimated that it may be 20 million qubits. But with a different quantum algorithm, Chinese researchers in 2022 proposed their own integer factoring algorithm, claiming that only 372 qubits are needed to break a 2048-bit RSA key.
Despite the various quantum computing issues, researchers have a consensus on the necessity and urgency of the PQC transition. Based on the guidelines proposed by both public and private sectors, we have concluded the following key points for a smooth PQC transition:
- Create an inventory of critical data and existing cryptographic systems at risk, particularly public-key algorithms such as digital signatures/key exchange.
- Consider how long the at-risk data is to be protected, how valuable the data/asset is to the organization, and how much exposure or shielding the system has from external systems.
- Check in with/engage the standards organizations regarding the latest PQC updates, such as the NIST.
- Create a plan/timeline for transitioning to PQC.
- Stay crypto-agile and implement a phased migration to PQC with hybrid mechanisms that are compatible with the new standards as well as the classical ones before a complete switchover.
- Alert and educate staff members of PQC transition and schedule training sessions.
The above suggestions are, in fact, not dependent on the PQC standards, and the preparations can start now. It is important to keep in mind that overall system security remains the top priority in both classical computing and the PQC era. The scope of the transition will not really affect all the classical cryptographic algorithms we are familiar with. That is, the current NIST-recommended AES-256 cipher and SHA-384 hash algorithms are still acceptable (yet not satisfying) in the post-quantum world.
The full transition to PQC may span many years, giving us more time to examine PQC readiness and stay crypto-agile. According to the National Security Memorandum (NSM-10), the winners of the final round of NIST’s PQC Standardization are expected to be announced in 2024, so organizations are suggested to start the timer then. Table 1 compares those algorithms that have already been selected for NIST standards with their classical counterparts in terms of public key and ciphertext/signature size (in bytes). More importantly, any systems built today should maintain the ability to stay flexible enough to account for possible future modifications, understanding that what may appear quantum-safe today may not be so soon.
Table1: Candidates of NIST’s PQC Standardization
Security concerns and levels will continue to evolve as quantum computing advances. This makes a more robust safety storage system, such as NeoPUF, necessary. When all is said and done, security is all about trust. Without the foundation of trust, the classical RSA public-key algorithm or a lattice-based PQC algorithm becomes ineffective. Since important system keys should be highly random and unable to be guessed, the secure methods for creating trust in a system will become increasingly important in the post-quantum world. An even stronger base of trust, a hardware root of trust (HRoT), must be implemented in the hardware, as the software root of trust alone is no longer considered sufficient. The most robust form of such internal provisioning is PUF-based. Having delivered trust on multiple foundry platforms, eMemory and its subsidiary PUFsecurity are highly credible. Experienced solution providers such as eMemory and PUFsecurity will still be the best choice now and moving into the post-quantum world.
To learn more about Post-Quantum Cryptography, please read the full article on PUFsecurity Website.