How to prepare for post-quantum computing security
A post-quantum security world sounds scary. Quantum computers are expected to break many of the cryptographic standards that have adequately protected data for decades.
While companies are yet to hit the panic button about quantum — it will likely take decades or more for the technology to be ready — that doesn’t mean quantum should be ignored.
President Joe Biden signed two quantum computing presidential directives in 2022, signaling that now is the time to figure out how to navigate the emerging technology. The guidelines call for creating quantum-resistant cryptographic standards—a task NIST has been working on for more than half a decade—and preparing federal agencies for adoption of these future standards.
Businesses need to figure out how they will be impacted once quantum computing hits the market, which may require better data protection now or preparing for post-quantum cryptography (PQC).
The concern for quantum security
The biggest concern with quantum computing is how easily it can crack cryptographic algorithms used for data transmission. For example, the asymmetric RSA algorithm, which is based on integer factorization and offers sufficient security on classical computers, will be crackable on quantum computers.
Attackers are aware of this issue and have started doing what is known as data scraping — Collecting encrypted data in the hope that it will be useful later. Since storage space is cheap, attackers are now harvesting encrypted data to crack once quantum computing matures.
How to prepare for PQC security
Heather West, research manager at IDC, also advises companies to look at quantum. “It’s going to be a lot easier now to put everything together than to suddenly be like, ‘Oh my god, the technology is there, what are we doing?'” she said.
To prepare for and facilitate future transitions once PQC is standardized, organizations should consider the following three steps.
1. Inventory and classify data
This step involves reviewing data and deciding what is considered sensitive. Conduct a data inventory to understand what data your organization has and what data is classified to understand what data needs what protection.
Be sure to consider which data now needs more protection against the threat of data scraping.
“What dates are okay in four years if I’m not worried about someone scraping?” said Christopher Savoie, CEO of Zapata Computing. “On the other hand, what would I worry about for years?” Such data may include company or trade secrets and other business-critical information. Take the appropriate steps to ensure your data is safe now and in the future.
2. Understand future exposure
As you inventory and classify the data, consider how the data is currently protected and whether it is at risk once quantum computing becomes available.
“Organizations should start examining their potential exposure to understand their reliance on cryptography,” said Colin Soutar, managing director at Deloitte & Touche LLP. “It could be deeply embedded in third-party tools, it could be proprietary transaction functions. You need to have a feel for where crypto is embedded in your systems and how data is protected.”
Soutar noted that examining cyber hygiene around current data could be helpful beyond preparing for PQC.
“Even if you end up not doing anything about the potential future quantum risk, you might identify outdated SSL certificates or something else that’s more perfunctory and needs updating,” he said.
3. Create a mitigation strategy
After the data is inventoried and the potential exposure is understood, the next step is to create mitigation groups and mitigation strategies.
“Start with a mitigation group to review what policies and procedures need to be in place when the inevitable happens,” Savoie said.
At a minimum, this should include a data security policy, an incident response plan, and a business recovery plan. This step also includes assessing what corporate data may already have been exposed and stored by attackers and determining how to handle this situation. Next, organizations should look at the critical data they now have stored and decide if they need additional layers of encryption to protect it.
Symmetric encryption, commonly used by organizations to keep stored data secure, is not greatly affected by quantum computing. Grover’s algorithm, which demonstrates how quantum computers quadratically speed up database searches, has shown that it halves the time it takes to crack symmetric encryption. NIST therefore recommends organizations to use at least AES-192 or AES-256 to encrypt data at rest.
However, when data is transmitted, there is a risk that it will be corrupted by quantum computers. To counteract this, companies must adopt PQC encryption standards to replace asymmetric algorithms. NIST is evaluating several options, two of which – SIKE and Rainbow – were easily defeated by classical computers, so stand no chance against quantum computers. NIST is still evaluating seven potentially viable options.
Dealing with asymmetric encryption changes plays into the last aspect of risk mitigation, Savoie added. That means companies need to start thinking about how to stay crypto-agile.
“As standards change in the future, we need to ensure that the infrastructure is in a place where we can actually adapt to new threats and new technologies to mitigate those threats,” Savoie said. “Bringing your systems to new standards in a crypto-agile and forward-compatible way takes time and is something you need to work on now.”
PQC implementation options
Three options were discussed while experts worked to figure out the most effective PQC option for quantum security preparation.
First, follow NIST’s research and consider all the algorithms it reviews. Currently, four primary finalist algorithms remain uncracked and potentially viable. Three other algorithms are also examined for feasibility.
Another option is Quantum Key Distribution (QKD), which uses quantum mechanics to securely exchange encryption keys. Data encrypted via QKD creates a random quantum state that is difficult to copy. Many QKD protocols can also detect eavesdroppers. However, the National Security Agency has stated that this option alone is not viable in its current form.
A third option is to combine PQC encryption standards and QKD, suggested Rik Turner, senior analyst at Omdia. This would make it harder for attackers, he noted, since they would have to break both encryption and QKD to access data in transit.