Mitigating the Quantum Threat with Hybrid Cryptography
Researchers worldwide are working to make quantum computing a reality. Microsoft, Google, IBM, Intel, and many governments are working on building the first large-scale quantum computer. Today, RSA, Diffie—Hellman (DH) and Elliptic Curve-based are ubiquitously used for the global public key infrastructure. All of these algorithms are vulnerable to quantum attacks. Fortunately, there are alternative classes of public key algorithms developed which are believed to be resistant to quantum computing attacks.These algorithms are called post-quantum, quantum-safe, or quantum-resistant algorithms. A transition to these algorithms will provide continued protection of information for many decades to come.
Both European and U.S. standards bodies are exploring quantum resistant (QR) cryptography.
In 2015, the European Telecommunications Standards Institute (ETSI) published a white paper urging stakeholders to begin investigating and ultimately adopting QR cryptography. In August 2015, the U.S. National Security Agency posted a notice that reinforced the need for U.S. national security systems to begin planning for the replacement of current public key cryptography with quantum resistant cryptography. In November 2017, the National Institute of Standards and Technology (NIST) concluded its call for submission of quantum-resistant cryptographic algorithms and initiated the process for review and standardization in the 2022-2025 time period.
Cryptographic transitions take time.
The transition to quantum-resistant cryptography is likely to take at least ten years. Some quantum computing experts believe that quantum computers with the ability to break RSA and Elliptic Curve Cryptography (ECC) may be available within ten to fifteen years. It is therefore important to plan for transition as soon as possible.
What is CSA doing to help address security for quantum computing? The CSA Quantum Safe Security Working Group's goal is to address key generation and transmission methods that will aid the industry in understanding quantum-safe methods for protecting their data through quantum key distribution (QKD) -- a physics‐based technology to securely deliver keys-- and post-quantum cryptography (PQC) -- mathematical algorithms that are resistant to quantum computing.
The goal of this working group is to support the quantum‐safe cryptography community in development and deployment of a framework to protect data whether in movement or at rest
Research around Securing Quantum Computing
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
A Day Without Safe Cryptography
Over the past fifty years, the digital age has sparked the creation of a remarkable infrastructure through which a nearly infinite variety of digital transactions and communications are executed, enabling businesses, education, governments, and communities to thrive and prosper. Millions of new devices are connecting to the Internet, creating, processing, and transferring digital information in greater volumes and with greater velocity than ever imagined.
The State of Post-Quantum Cryptography
Most people pay little attention to the lock icon on their browser’s address bar that signifies a secure connection called HTTPS. This connection establishes secure communications by providing authentication of the website and web server as well as encryption of communications between the client and server. If the connection is not secure, then a user may be vulnerable to malicious exploits such as malware injection, hijacking of financial transactions or stealing the user’s private information.
Preparing Enterprises for the Quantum Computing Cybersecurity Threats
Quantum computing, while expected to help make many advancements, will also break the existing asymmetric-key cryptosystems, thus endangering our security infrastructure. While it is uncertain whether such a computer will live up to the hype, the emerging cybersecurity threats it brings should be addressed now even though such a machine may not emerge for another decade or so. This document describes an overview of quantum computing, the impact on cryptography, and steps to start preparing for the quantum threat today.
