Cryptography forms an essential part of organisations’ information security and is indispensable for preventing the theft of sensitive data, verifying that received data is correct, and preventing unauthorised access to systems.
With the rise of quantum computers, current cryptographic standards are no longer adequate, says Marc Stevens, senior researcher in the Cryptology research group at the Dutch Centrum Wiskunde & Informa (CWI), the national research institute for mathematics and computer science in the Netherlands.
“While quantum computers are not currently strong enough to break our current cryptography systems, there is a real chance that in the future they can. It is, therefore, imperative that companies prepare for this now,” he says.
No two migrations are the same
To help Dutch companies with this, the AIVD (The General Intelligence and Security Service of the Netherlands) initiated the development of a handbook, the Post quantum cryptography migration handbook, and enlisted the help of research organisation TNO and the CWI.
The manual is intended for the Dutch government, businesses, vital sectors, and knowledge institutions that work with important information that is encrypted, such as privacy-sensitive data or trade secrets. Organisations can use the handbook to identify risks and get concrete steps to work on a migration strategy.
“There is no one strategy for all organisations,” says Stevens, “as not every organisation has the same interests and ICT structure. Encrypted information can differ in type, but also in degree of confidentiality.”
There are three main reasons for companies to move towards “quantum-safe cryptography”, as Stevens prefers to call the new standards, adding: “Even though current quantum computers are not yet strong enough to break traditional cryptography, current information can now be stored and preserved for when they will be.”
This is called “store now, decrypt later”. According to the manual, there are serious suspicions that currently encrypted data is already being collected. This could involve data with a long retention period, but state secrets could also potentially be intercepted now.
“If this information can be decrypted years from now, it might be used to embarrass a country in a strategic way at the right time,” says Stevens.
In addition, long-lived systems are also at risk. It is complicated, if not impossible, to migrate these types of systems and critical infrastructures currently being developed and implemented to quantum-safe cryptography later.
This is because the new cryptography standards require powerful hardware, and it may not be so easy to simply replace the existing hardware of these types of systems later. “Think about cars, for example, or bridges and sluices,” says Stevens.
The final reason why it is essential for companies and organisations to orient themselves to the new standards is that migration is a lengthy process.
“We have seen that the migration from SHA-1 to SHA-256 easily took five to 10 years on average, so we assume that the migration to quantum-safe cryptography will also take at least that time frame,” says Stevens. “In all that time, information can be collected according to the store-now-decrypt-later principle, and so organisations are actually already at risk.”
Quantum-safe cryptography must become the new cryptographic standard to ensure the security of cryptographic algorithms in the future, regardless of when quantum computers become powerful enough to break current cryptography.
“The NSA first warned about the potential dangers of quantum computing on encryption and security in 2016, but developing new standards is a lengthy process. Next year, four new standards will come out to replace the current two,” Stevens says.
“These new standards are based on different underlying mathematical principles than current traditional cryptography. The internal cyclic structures of the mathematical component problems used in the current encryption standards turned out to be too easy to break by quantum computers.”
In the US, a law was passed not long ago to make organisations switch to quantum-safe communications as soon as possible. Although the AIVD, TNO, and CWI have presented the PQC migration handbook to the Dutch secretary of state for kingdom relations and digitalisation, Alexandra van Huffelen, there does not yet seem to be any natural political movement in the Netherlands to bring about migration.
“Although you could call that worrying, we see more of a bottom-up approach in the Netherlands,” Stevens says. “The handbook we wrote we submitted to a sounding board group that included several technical people from various ministries. They have already initiated a migration internally, as they are keen to make their own systems quantum-safe as soon as possible.”
Although current knowledge about the new cryptographic standards is still limited, by working together, organisations can migrate more effectively by exchanging knowledge and information and learning together. “Although in our country, there seems to be more ad hoc collaborations, there is definitely movement, but it is bottom-up,” adds Stevens.
The manual identifies three steps to help organisations migrate to quantum-safe communication: diagnosis, planning, and implementation. Stevens stresses that every organisation should get started with this right now, including smaller companies.
“In any case, start with an inventory. Don’t be surprised at the moment this comes into play about what you have and use within your organisation. Make sure you already know now what your risks are and what you can do,” says Stevens, who is a strong advocate of cryptographic agility.
“We often see that currently cryptography and encryption are built on the deeper levels in systems. That’s one of the reasons why migration is going to take so long, because you have to look at what’s there for each system and how to port that to the new standard.
“You’ll become a lot more agile when you put a new cryptographic implementation in a central location that your systems can access with generic calls. A central system also makes it easier to switch to the new standard. Centralising cryptography within your organisation is something that any company can already do right now.”