Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Crypto agility: Do you need to prepare now?

Cryptography has come a long way since the 1990s, allowing us to securely transmit sensitive information over the Internet and other networks. Soon, quantum computing threatens to ruin all the fun by breaking RSA and other asymmetric cryptography algorithms with brute force attacks.

It’s not easy to stay safe in the Digital Age. Protecting yourself from quantum computers is a real challenge, and one that requires some serious math skills. This article will provide an introduction to post-quantum cryptography so you can outsmart those pesky quantum computers!

Moving with the times: From physical locks to quantum-resistant codes

The evolution of cryptography could be compared to the evolution of bank vaults. In the past, vaults were typically made of thick, sturdy materials like steel or stone, designed to resist physical attacks like drilling or prying. As thieves became more sophisticated and began using advanced tools like explosives or hydraulic jacks, the design of vaults had to evolve to keep pace.

In response, manufacturers began creating vaults with complex locking mechanisms and reinforced structures that were designed to be resistant to a wider range of attacks.

In a similar way, post-quantum cryptography is a response to the evolution of computer technology. Most of today’s cryptography was designed to be resistant to attacks from traditional computers, which rely on mathematical algorithms to encode and decode information. However, the advent of quantum computers which use quantum mechanics to perform calculations, traditional cryptography is no longer sufficient.

Post-quantum cryptography is designed to be resistant to attacks from quantum computers, using advanced mathematical techniques to encode information in a way that is secure against even the most powerful quantum computers. Post-quantum cryptography provides a vault for sensitive information that can keep pace with the latest evolution of computer technology, ensuring that it remains secure in the face of the most advanced attacks.

The challenges of the cryptography evolution

This evolution of cryptographic algorithms, such as the transition to post-quantum cryptography, can pose huge challenges. Cryptographic algorithms are based on complex mathematical problems that can be solved more easily as mathematics advances, which undermines the strength of the security that relies on it. In fact, leading security organizations periodically publish guidance that states when specific algorithms should no longer be used and what lengths of keys should replace them.

However, migrating from one cryptographic algorithm to another can be complex. Take for example the transition from DES to 3DES (Triple DES), then to AES, or from SHA-1 to SHA-2 and by doubling the RSA keys.

The challenge lies not only in upgrading, but also ensuring it is successfully migrated. There are several factors that can influence this process:

1

Lack of resources

Updating and testing all systems and applications that use the old algorithm can be time-consuming and resource-intensive, especially for large organizations with many systems and applications that rely on cryptography.

2

Need for coordination

Coordinating and collaborating with multiple stakeholders, involving security teams, developers and product managers can be difficult because of different priorities and concerns.

3

Complexity of algorithms

Implementing new security protocols and standards can be difficult to understand and apply, leading to mistakes and misunderstandings that can undermine the security of the migration.

In an ideal world, this complexity should be managed to make migration easy, and every product should be able to integrate this capability with just one click, disabling deprecated algorithms and switching to secure ones. This ability is known as crypto-agility in the market.

Gearing up for crypto-agility

Crypto-agility refers to a system’s ability to adapt to changes in cryptographic standards and algorithms quickly and easily.

A cryptographic system that is unable to adapt to changing cryptographic standards and algorithms may become vulnerable to attacks or other security threats. By becoming crypto-agile, a cryptographic system can quickly switch from one algorithm to another, ensuring that it remains secure and effective even in the face of evolving threats.

Crypto-agility has many practical applications, such as:

  • Rapid renewal of digital certificates following an intrusion detection or to increase the key size in response to new standards: Crypto-agility allows organizations to quickly switch to a secure, trustworthy algorithm without disrupting operations, helping safeguard against security threats.
  • Efficient changeover to a modern PKI technology: With crypto-agility, organizations can easily upgrade their PKI and take advantage of the latest advances in cryptography.
  • Seamless migration of digital certificates to a different cryptographic algorithm: Crypto-agility allows organizations to smoothly migrate their certificates as algorithms evolve and new options become available, helping to maintain their security and effectiveness.

Preparing for the not-so-distant quantum future

When moving to post-quantum cryptography, crypto-agility may involve replacing existing encryption algorithms with new ones that are resistant to attacks from quantum computers. Unfortunately, many of our current protocols just aren’t ready for the unique properties of post-quantum methods such as longer keys. Manufacturers will need to innovate and create new standards, benchmarks and certifications.

It’s difficult to predict exactly when quantum computers will be powerful enough to break current cryptographic methods. However, organizations should start investigating and implementing post-quantum cryptographic algorithms right now to ensure the security of their communications and data for the next 5 to 10 years.

Some of the most promising candidates for post-quantum cryptographic algorithms include lattice-based cryptography, code-based cryptography and multivariate cryptography. Each of these has its own strengths and weaknesses, and organizations should carefully evaluate them to determine which are best suited to their specific needs.

It is also important to note that post-quantum cryptography is an active area of research, and new algorithms and techniques are constantly being developed. As such, organizations should stay up-to-date on the latest developments in the field. Noticeably, the US National Institute for Standards and Technology (NIST) has announced the selection of four initial algorithms that will be standardized over the next two years.

Just remember, the longer you wait to prepare for the quantum apocalypse, the more likely it is that your secrets will be exposed. Start preparing today!

If you would like to learn more about how you can be better prepared, We encourage you to read the Atos white paper: An Introduction to Post-Quantum Cryptography.

Share this article

About the authors

Alexis Janin

Partner – Solutions and Projects Manager – Digitalberry

With a master’s degree in IT system information security and safety, Alexis is passionate about IT security. Working with manufacturers, governments and financial and healthcare institutions as an integrator, trainer and expert, he has been involved in large-scale release projects for vendors’ solutions. Drawing on his experience of implementing various PKIs, he has developed products relating to digital certificates to facilitate their use in organizations.

Vasco Gomes

Global CTO for cybersecurity products, Distinguished Expert, Atos
Member of the Atos Scientific Community

Coming from an Information Technology engineering background, with 20 years’ of experience in information security, Vasco has helped many customers balance operational constraints versus acceptable business risks. In the recent years he has expanded this experience to help customers look into what the information security landscape might be in the next 5 years+ and best way to manage it. During innovation workshops, he shares with them some keys to anticipate the future shape of cybersecurity and maximize sovereignty over their most critical data.

Using those customer interactions and by continuously monitoring major technological trends, Vasco influences Atos cybersecurity services and products roadmaps, as well as partnerships, mergers and acquisitions.

Follow or contact Vasco

All articles


The ambidextrous CISO : Explore the top Cybersecurity Technology Trends in 2023


2023 Cyber threat predictions: The top 10 cybersecurity threats


SASE: Has the future of network security arrived?


4 trends shaping cloud security for 2023


Data spaces: The future of innovative ecosystems


The four key steps to securing your supply chain


The top cybersecurity legislation that you need to prepare for in 2023


The changing face of DFIR: why don’t the good guys always win?


What will keep CISOs awake at night in 2023?


2023 top trends for identity and access management (IAM)


Impact of Cyberattacks on Business and its Trends


System isolation or cloud migration? Weighing the risks and benefits


Crypto agility: Do you need to prepare now?