Crypto agility: Do you need to prepare now?
Cryptography has come a long way since the 1990s, allowing us to securely transmit sensitive information over the Internet and other networks. Soon, quantum computing threatens to ruin all the fun by breaking RSA and other asymmetric cryptography algorithms with brute force attacks.
It’s not easy to stay safe in the Digital Age. Protecting yourself from quantum computers is a real challenge, and one that requires some serious math skills. This article will provide an introduction to post-quantum cryptography so you can outsmart those pesky quantum computers!
Moving with the times: From physical locks to quantum-resistant codes
The evolution of cryptography could be compared to the evolution of bank vaults. In the past, vaults were typically made of thick, sturdy materials like steel or stone, designed to resist physical attacks like drilling or prying. As thieves became more sophisticated and began using advanced tools like explosives or hydraulic jacks, the design of vaults had to evolve to keep pace.
In response, manufacturers began creating vaults with complex locking mechanisms and reinforced structures that were designed to be resistant to a wider range of attacks.
In a similar way, post-quantum cryptography is a response to the evolution of computer technology. Most of today’s cryptography was designed to be resistant to attacks from traditional computers, which rely on mathematical algorithms to encode and decode information. However, the advent of quantum computers which use quantum mechanics to perform calculations, traditional cryptography is no longer sufficient.
Post-quantum cryptography is designed to be resistant to attacks from quantum computers, using advanced mathematical techniques to encode information in a way that is secure against even the most powerful quantum computers. Post-quantum cryptography provides a vault for sensitive information that can keep pace with the latest evolution of computer technology, ensuring that it remains secure in the face of the most advanced attacks.
The challenges of the cryptography evolution
This evolution of cryptographic algorithms, such as the transition to post-quantum cryptography, can pose huge challenges. Cryptographic algorithms are based on complex mathematical problems that can be solved more easily as mathematics advances, which undermines the strength of the security that relies on it. In fact, leading security organizations periodically publish guidance that states when specific algorithms should no longer be used and what lengths of keys should replace them.
However, migrating from one cryptographic algorithm to another can be complex. Take for example the transition from DES to 3DES (Triple DES), then to AES, or from SHA-1 to SHA-2 and by doubling the RSA keys.
The challenge lies not only in upgrading, but also ensuring it is successfully migrated. There are several factors that can influence this process:
Lack of resources
Updating and testing all systems and applications that use the old algorithm can be time-consuming and resource-intensive, especially for large organizations with many systems and applications that rely on cryptography.
Need for coordination
Coordinating and collaborating with multiple stakeholders, involving security teams, developers and product managers can be difficult because of different priorities and concerns.
Complexity of algorithms
Implementing new security protocols and standards can be difficult to understand and apply, leading to mistakes and misunderstandings that can undermine the security of the migration.
In an ideal world, this complexity should be managed to make migration easy, and every product should be able to integrate this capability with just one click, disabling deprecated algorithms and switching to secure ones. This ability is known as crypto-agility in the market.
Gearing up for crypto-agility
Crypto-agility refers to a system’s ability to adapt to changes in cryptographic standards and algorithms quickly and easily.
A cryptographic system that is unable to adapt to changing cryptographic standards and algorithms may become vulnerable to attacks or other security threats. By becoming crypto-agile, a cryptographic system can quickly switch from one algorithm to another, ensuring that it remains secure and effective even in the face of evolving threats.
Crypto-agility has many practical applications, such as:
- Rapid renewal of digital certificates following an intrusion detection or to increase the key size in response to new standards: Crypto-agility allows organizations to quickly switch to a secure, trustworthy algorithm without disrupting operations, helping safeguard against security threats.
- Efficient changeover to a modern PKI technology: With crypto-agility, organizations can easily upgrade their PKI and take advantage of the latest advances in cryptography.
- Seamless migration of digital certificates to a different cryptographic algorithm: Crypto-agility allows organizations to smoothly migrate their certificates as algorithms evolve and new options become available, helping to maintain their security and effectiveness.
Preparing for the not-so-distant quantum future
When moving to post-quantum cryptography, crypto-agility may involve replacing existing encryption algorithms with new ones that are resistant to attacks from quantum computers. Unfortunately, many of our current protocols just aren’t ready for the unique properties of post-quantum methods such as longer keys. Manufacturers will need to innovate and create new standards, benchmarks and certifications.
It’s difficult to predict exactly when quantum computers will be powerful enough to break current cryptographic methods. However, organizations should start investigating and implementing post-quantum cryptographic algorithms right now to ensure the security of their communications and data for the next 5 to 10 years.
Some of the most promising candidates for post-quantum cryptographic algorithms include lattice-based cryptography, code-based cryptography and multivariate cryptography. Each of these has its own strengths and weaknesses, and organizations should carefully evaluate them to determine which are best suited to their specific needs.
It is also important to note that post-quantum cryptography is an active area of research, and new algorithms and techniques are constantly being developed. As such, organizations should stay up-to-date on the latest developments in the field. Noticeably, the US National Institute for Standards and Technology (NIST) has announced the selection of four initial algorithms that will be standardized over the next two years.
Just remember, the longer you wait to prepare for the quantum apocalypse, the more likely it is that your secrets will be exposed. Start preparing today!
If you would like to learn more about how you can be better prepared, We encourage you to read the Atos white paper: An Introduction to Post-Quantum Cryptography.
About the authors
Partner – Solutions and Projects Manager – Digitalberry
With a master’s degree in IT system information security and safety, Alexis is passionate about IT security. Working with manufacturers, governments and financial and healthcare institutions as an integrator, trainer and expert, he has been involved in large-scale release projects for vendors’ solutions. Drawing on his experience of implementing various PKIs, he has developed products relating to digital certificates to facilitate their use in organizations.
Global CTO for cybersecurity products, Distinguished Expert, Atos
Member of the Atos Scientific Community
Coming from an Information Technology engineering background, with 20 years’ of experience in information security, Vasco has helped many customers balance operational constraints versus acceptable business risks. In the recent years he has expanded this experience to help customers look into what the information security landscape might be in the next 5 years+ and best way to manage it. During innovation workshops, he shares with them some keys to anticipate the future shape of cybersecurity and maximize sovereignty over their most critical data.
Using those customer interactions and by continuously monitoring major technological trends, Vasco influences Atos cybersecurity services and products roadmaps, as well as partnerships, mergers and acquisitions.