2022 was a big year in the cryptographic security community. If you don’t have news alerts set up for the latest updates on Post-Quantum Cryptography (PQC), here’s a quick overview:
The end of the Rainbow
In February, Ward Beullens from IBM Research announced that he’d broken Rainbow, a post-quantum signature scheme. This announcement was significant on multiple levels. First and foremost, the news caused a stir because the Rainbow scheme had already made it to the third round of the National Institute of Standards and Technology’s (NIST) competition to select new quantum-resistant algorithms for standardization of public key encryption.
The Rainbow signature scheme was submitted to NIST alongside more than 70 other candidate schemes. It withstood intense cryptanalysis, beating out all but two other digital signature algorithms to make it to the semi-final round. And it was broken by a post-doc over a single weekend using a commercially available laptop.
NIST makes its long-awaited move
In July, NIST announced the algorithms that would advance to the final round of the selection process.
CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures) were selected as the primary algorithms for post-quantum cryptography standardization. Four other algorithms for post-quantum key establishment were also selected as candidates to advance to the fourth round of evaluation for potential standardization.
Within a few weeks, Belgian cryptographers published a practical attack on one of these four algorithms. They demonstrated that the SIKE Algorithm can be completely broken at NIST’s Security Level 1—with a computer that has been available since 2013.
The White House gears up for quantum readiness
In November, the White House issued a memorandum providing direction for U.S. federal agencies in their efforts to prepare for post-quantum readiness. Since the NIST PQC process won’t be finalized until 2024, the memo provides “transitional guidance” to help agencies prepare in the interim.
Then, on the heels of the White House’s memo, NIST announced that it is retiring a widely-used cryptographic algorithm, Secure Hash Algorithm 1 (SHA-1), due to significant vulnerabilities.
What does this mean for 2023?
Each of these events is significant in its own right but, when considered together, these developments underscore important points about what post-quantum readiness looks like and how best to achieve it.
For starters, it proves the cryptographic research community’s axiom to be true: an algorithm isn’t fully trustworthy until it has withstood 20 years of public scrutiny. Since no one knows when quantum cyberthreats will materialize, what shape they will take, or which PQC algorithms will stand the test of time, it’s difficult to know how to prepare.
At the same time, warnings from the White House and other governments around the world highlight the urgent need to start preparing now for the post-quantum era. Without solid direction on how to move forward or a clear idea of what to prepare for, it’s not surprising that many organizations succumb to “analysis paralysis.”
Make no mistake, the threat of quantum computing is real and something that needs to be taken seriously. Fortunately, there are concrete steps that organizations of every size and kind can take now to protect themselves from emergent threats, whether they come from classical or quantum computers.
Since we don’t know which algorithms will prove to be truly quantum-resistant, the most important thing to do is to adopt a strategy of cryptographic agility. This means developing the capacity to quickly adopt alternative encryption methods or cryptographic primitives without notable changes to system infrastructure, akin to changing a lightbulb without rewiring your home. A cryptographically agile strategy will permit modification and switching out of cryptographic primitives when vulnerabilities are discovered and new PQC algorithms are standardized.
When organizations achieve cryptographic agility, they can operate flexibly to protect sensitive data and assets against new attacks, both classical and quantum-technology based. It can also combine encryption methods and create longer keys to meet changing standards or evolve in line with the development of new quantum-proof algorithms.
Yes, achieving cryptographic agility will require an investment of time and resources. Yet, in time, it may well prove to be the single best investment an organization can make today to prepare itself for a secure future.
Johannes Lintzen is Managing Director at Cryptomathic, based in the San Jose, California, office of the company, which is headquartered in Aarhus, Denmark.